首页
社区
课程
招聘
Delphi版驱动进ring0代码
发表于: 2005-4-18 14:51 9905

Delphi版驱动进ring0代码

2005-4-18 14:51
9905

附件中包含全部源码及使用示例。

unit miniDriver;
//kongfoo/2005.4.16

interface

uses
  Windows, WinSvc, SysUtils;

type
  aCallGate = packed record
    aDword : Dword;
    aWord : Word;
  end;

var
  NewCallGate : aCallGate;

  //this driver is from MGF
  drvFile : array [0..$5FF] of byte =
  (
  $4D,$5A,$90,$00,$03,$00,$00,$00,$04,$00,$00,$00,$FF,$FF,$00,$00,
  $B8,$00,$00,$00,$00,$00,$00,$00,$40,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$A8,$00,$00,$00,
  $0E,$1F,$BA,$0E,$00,$B4,$09,$CD,$21,$B8,$01,$4C,$CD,$21,$54,$68,
  $69,$73,$20,$70,$72,$6F,$67,$72,$61,$6D,$20,$63,$61,$6E,$6E,$6F,
  $74,$20,$62,$65,$20,$72,$75,$6E,$20,$69,$6E,$20,$44,$4F,$53,$20,
  $6D,$6F,$64,$65,$2E,$0D,$0D,$0A,$24,$00,$00,$00,$00,$00,$00,$00,
  $5D,$17,$1D,$DB,$19,$76,$73,$88,$19,$76,$73,$88,$19,$76,$73,$88,
  $E5,$56,$61,$88,$18,$76,$73,$88,$52,$69,$63,$68,$19,$76,$73,$88,
  $00,$00,$00,$00,$00,$00,$00,$00,$50,$45,$00,$00,$4C,$01,$02,$00,
  $91,$C8,$2B,$42,$00,$00,$00,$00,$00,$00,$00,$00,$E0,$00,$0E,$01,
  $0B,$01,$05,$0C,$00,$02,$00,$00,$00,$02,$00,$00,$00,$00,$00,$00,
  $00,$10,$00,$00,$00,$10,$00,$00,$00,$20,$00,$00,$00,$00,$40,$00,
  $00,$10,$00,$00,$00,$02,$00,$00,$04,$00,$00,$00,$00,$00,$00,$00,
  $04,$00,$00,$00,$00,$00,$00,$00,$00,$30,$00,$00,$00,$02,$00,$00,
  $A9,$75,$00,$00,$02,$00,$00,$20,$00,$00,$10,$00,$00,$10,$00,$00,
  $00,$00,$10,$00,$00,$10,$00,$00,$00,$00,$00,$00,$10,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$20,$00,$00,$08,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $2E,$74,$65,$78,$74,$00,$00,$00,$4C,$00,$00,$00,$00,$10,$00,$00,
  $00,$02,$00,$00,$00,$02,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$20,$00,$00,$60,$2E,$72,$65,$6C,$6F,$63,$00,$00,
  $0C,$00,$00,$00,$00,$20,$00,$00,$00,$02,$00,$00,$00,$04,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$40,$00,$00,$42,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $90,$90,$90,$90,$9C,$60,$52,$0F,$01,$44,$24,$FE,$5A,$8B,$C2,$B9,
  $E0,$03,$00,$00,$81,$7C,$11,$02,$E8,$03,$00,$EC,$74,$27,$C6,$02,
  $C3,$66,$89,$04,$11,$C1,$E8,$10,$66,$89,$44,$11,$06,$C7,$44,$11,
  $02,$E8,$03,$00,$EC,$C7,$44,$11,$08,$FF,$FF,$00,$00,$C7,$44,$11,
  $0C,$00,$9A,$CF,$00,$61,$9D,$33,$C0,$C2,$08,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$08,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
  );

  procedure ExtractTheDriver;
  procedure LoadService;

implementation

procedure LoadService;
var hSCM,hSvc:SC_HANDLE;
begin
  NewCallGate.aDword:=0;
  NewCallGate.aWord:=$3e3;
  hSCM:=OpenSCManager(0,0,SC_MANAGER_CREATE_SERVICE);
  hSvc:=CreateService(hSCM,'Matrix1.0','Matrix service 1.0',$00010030,1,3,0,
                      PChar(ExtractFilePath(GetModuleName(0))+'Matrix.sys'),
                      0,0,0,0,0);//00010030=SERVICE_START OR SERVICE_STOP OR DELETE
  if GetLastError=ERROR_SERVICE_EXISTS then
  begin
    hSvc:=OpenService(hSCM,'Matrix1.0',SERVICE_ALL_ACCESS);
    DeleteService(hSvc);
    CloseServiceHandle(hSvc);
    hSvc:=CreateService(hSCM,'Matrix1.0','Matrix service 1.0',$00010030,1,3,0,
                        PChar(ExtractFilePath(GetModuleName(0))+'Matrix.sys'),0,0,0,0,0);
  end;
  asm
    push 0
    push 0
    push hSvc
    call StartService
  end;
  DeleteService(hSvc);
  CloseServiceHandle(hSvc);
  CloseServiceHandle(hSCM);
  DeleteFile('Matrix.sys');
end;

procedure ExtractTheDriver;
var hFile:THandle;
    rtn:dword;
begin
  hFile:=CreateFile(PChar(ExtractFilePath(GetModuleName(0))+'Matrix.sys'),
                    GENERIC_WRITE,FILE_SHARE_WRITE,nil,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
  WriteFile(hFile,drvFile,$600,rtn,0);
  CloseHandle(hFile);
end;

end.

附件:driver.rar


[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 7
支持
分享
最新回复 (14)
雪    币: 342
活跃值: (323)
能力值: ( LV9,RANK:450 )
在线值:
发帖
回帖
粉丝
2
好文啊....
2005-4-18 16:23
0
雪    币: 223
能力值: (RANK:130 )
在线值:
发帖
回帖
粉丝
3
哪位大哥能解释一下啊
2005-4-18 17:01
0
雪    币: 209
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
一大堆DB,实在是看不懂,楼主解释一下吧
2005-4-18 19:01
0
雪    币: 494
活跃值: (629)
能力值: ( LV9,RANK:1210 )
在线值:
发帖
回帖
粉丝
5
大堆DB是个编译好的驱动程序,
作用是创建调用门
2005-4-18 20:25
0
雪    币: 371
活跃值: (790)
能力值: ( LV12,RANK:570 )
在线值:
发帖
回帖
粉丝
6
最初由 softworm 发布
大堆DB是个编译好的驱动程序,
作用是创建调用门


YES :)
2005-4-19 08:09
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
7
ExtractTheDriver;
  LoadService;
  asm
    mov dx, $61
    mov al, $FF
    out dx, al
  end;
  MessageBox(0,'see the new call gate use IceSword please :)','info...',0);
  ExitProcess(1);

winxp sp2可否?
2005-4-19 17:36
0
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
8
好文。
2005-4-20 01:23
0
雪    币: 371
活跃值: (790)
能力值: ( LV12,RANK:570 )
在线值:
发帖
回帖
粉丝
9
我的XP没打过SP,不清楚SP2下面的情况
2005-4-20 08:17
0
雪    币: 116
活跃值: (220)
能力值: ( LV12,RANK:370 )
在线值:
发帖
回帖
粉丝
10
看看。。。
2005-4-20 09:03
0
雪    币: 116
活跃值: (220)
能力值: ( LV12,RANK:370 )
在线值:
发帖
回帖
粉丝
11
Matrix.sys不是delphi编的
delphi只是调用一下
2005-4-20 09:08
0
雪    币: 342
活跃值: (323)
能力值: ( LV9,RANK:450 )
在线值:
发帖
回帖
粉丝
12
最初由 xIkUg 发布
Matrix.sys不是delphi编的
delphi只是调用一下

直接用delphi写.sys好象不容易啊.
2005-4-20 11:40
0
雪    币: 206
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
13
SO GOOD
2005-4-20 20:40
0
雪    币: 288
活跃值: (415)
能力值: ( LV9,RANK:290 )
在线值:
发帖
回帖
粉丝
14
哪位高人可以把DB转回ASM啊(这个是可能的吗?)
2005-4-21 01:13
0
雪    币: 371
活跃值: (790)
能力值: ( LV12,RANK:570 )
在线值:
发帖
回帖
粉丝
15
用百度搜一下,这个驱动的源码是有的 :)
2005-4-21 08:03
0
游客
登录 | 注册 方可回帖
返回
//