.386
.model flat, stdcall
option casemap:none
include Strings.mac
include w2k\ntstatus.inc
include w2k\ntddk.inc
include w2k\ntoskrnl.inc
includelib ntoskrnl.lib
includelib ntdll.lib
;************************************************************************************
;函数定义
DriverEntry proto pDriverObject:PDRIVER_OBJECT,pusRegistryPath:PUNICODE_STRING
DirverUnload proto pDriverObject:PDRIVER_OBJECT
;************************************************************************************
.data
ucstShow UNICODE_STRING <?>
szShowLoad db "The Dirver has been loaded!",NULL
szShowUnLoad db "The Driver has been Unloaded!",NULL
dwShow dd 1990h
.code
DriverEntry proc pDriverObject:PDRIVER_OBJECT,pusRegistryPath:PUNICODE_STRING
invoke DbgPrint,addr szShowLoad
invoke DbgPrint,$CTA0("This is the first debug Information.")
invoke DbgPrint,$CTA0("%s"),$CTA0("This is the second debug Information.")
invoke DbgPrint,$CTA0("%ws"),$CTW0("This is the third debug Information.")
invoke DbgPrint,$CTA0("%S"),$CTW0("This is the forth debug Information.")
invoke RtlInitUnicodeString,addr ucstShow,$CTW0("This is the fifth debug Information.")
invoke DbgPrint,$CTA0("%wZ"),addr ucstShow
invoke RtlInitUnicodeString,addr ucstShow,$CTW0("hello,I was born in")
invoke DbgPrint,$CTA0("%wZ %x"),addr ucstShow,dwShow
;以下地方使用EBX就会蓝屏
assume ebx:ptr DRIVER_OBJECT
mov ebx,[pDriverObject]
mov [ebx].DriverUnload,offset DriverUnload
mov eax,STATUS_SUCCESS
ret
DriverEntry endp
DriverUnload proc pDriverObject:PDRIVER_OBJECT
invoke DbgPrint,$CTA0("%s"),addr szShowUnLoad
mov eax,STATUS_SUCCESS
ret
DriverUnload endp
end DriverEntry