用RadASM+KmdKit开发驱动过程中,每次使用include w2k\native.inc的时候,编译就会出错.
D:\RadASM\Masm32\Include\w2k\native.inc(426) : error A2164: non-benign structure redefinition: too few initializers : SECTION_BASIC_INFORMATION
D:\RadASM\Masm32\Include\w2k\native.inc(500) : error A2163: non-benign structure redefinition: incorrect initializers : MEMORY_SECTION_NAME
分析了一下,错误一般出现在有结构嵌套的地方.如
SECTION_BASIC_INFORMATION STRUCT ; Information Class 0
BaseAddress PVOID ?
Attributes DWORD ?
_Size LARGE_INTEGER <> ; original Size
SECTION_BASIC_INFORMATION ENDS
PSECTION_BASIC_INFORMATION typedef ptr SECTION_BASIC_INFORMATION
本人新手,不明白为什么会出现这样的错误.望高手指点
全部源码如下,是论坛里的,
DriverTest.asm
.386
.model flat, stdcall
option casemap:none
include DriverTest.inc
.const
CCOUNTED_UNICODE_STRING "\\Device\\devVirtToPhys", g_usDeviceName, 4 ;驱动程序名称
CCOUNTED_UNICODE_STRING "\\??\\slVirtToPhys", g_usSymbolicLinkName, 4;符号连接名称
.code
GetPhysicalAddress proc uses esi edi pInputBuffer,inBufLength,pOutputBuffer,outBufLength
;四个参数分别为用户层的输入数据指针,输入长度,输出数据指针,输出长度
;你可以在下面的代码中使用。
;下面的代码你可能有用
; invoke PsGetCurrentProcess ;取用户层进程EPROCES
; invoke PsGetCurrentThread ;取用户层线程EPROCESS
;you code
;mov eax ,STATUS_BUFFER_TOO_SMALL ;缓冲区长度不足
mov eax,STATUS_SUCCESS
ret
GetPhysicalAddress endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; 调度创建关闭
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DispatchCreateClose proc pDeviceObject:PDEVICE_OBJECT, pIrp:PIRP
;当用户模式用:
; CreateFile, 让设备处理
; CloseHandle,关闭设备句柄
mov eax, pIrp
assume eax:ptr _IRP
mov [eax].IoStatus.Status, STATUS_SUCCESS
and [eax].IoStatus.Information, 0
assume eax:nothing
fastcall IofCompleteRequest, pIrp, IO_NO_INCREMENT
mov eax, STATUS_SUCCESS
ret
DispatchCreateClose endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;这里是应用程序发出DeviceIoControl指令时,驱动处理子程序。
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DispatchControl proc uses esi edi ebx pDeviceObject:PDEVICE_OBJECT, pIrp:PIRP
local status:NTSTATUS
LOCAL pInputBuffer,inBufLength,pOutputBuffer,outBufLength
;pIrp
mov esi, pIrp
assume esi:ptr _IRP
;pIrp_Stack
IoGetCurrentIrpStackLocation esi
mov edi, eax
assume edi:ptr IO_STACK_LOCATION
;IoGetCurrentIrpStackLocation宏取出_IRP结构的IO_STACK_LOCATION的指针(指向I/O stack)。
;这个栈的层次取决于这个IRP需要经过多少层的驱动处理。我们的单层驱动程序在这里只有一个值。
push [edi].Parameters.DeviceIoControl.InputBufferLength
pop inBufLength
push [edi].Parameters.DeviceIoControl.OutputBufferLength
pop outBufLength
push [esi].AssociatedIrp.SystemBuffer
pop pInputBuffer
push [esi].UserBuffer
pop pOutputBuffer
;判断用户层的驱动控制码,这里设置的是800h,在inc文件里定义
.if [edi].Parameters.DeviceIoControl.IoControlCode == IOCTL_GET_PHYS_ADDRESS
invoke GetPhysicalAddress,pInputBuffer,inBufLength,pOutputBuffer,outBufLength
mov status, eax
.else
mov status, STATUS_INVALID_DEVICE_REQUEST
.endif
assume edi:nothing
push status
pop [esi].IoStatus.Status
push outBufLength
pop [esi].IoStatus.Information
assume esi:nothing
fastcall IofCompleteRequest, pIrp, IO_NO_INCREMENT
mov eax, status
ret
DispatchControl endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; 驱动程序卸载回调函数
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DriverUnload proc pDriverObject:PDRIVER_OBJECT
invoke IoDeleteSymbolicLink, addr g_usSymbolicLinkName
mov eax, pDriverObject
invoke IoDeleteDevice, (DRIVER_OBJECT PTR [eax]).DeviceObject
ret
DriverUnload endp
.code
;.code INIT
;所有这样标记的代码将被放入PE文件的INIT节区中,表明是Discardable的。
;在驱动程序初始化后,这部分代码就再也用不着了。
;INIT节区中的代码可以在DriverEntry过程返回后被丢弃,系统会自己决定在合适的时候丢弃它。
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; 驱动入口
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DriverEntry proc pDriverObject:PDRIVER_OBJECT, pusRegistryPath:PUNICODE_STRING
;
local status:NTSTATUS
local pDeviceObject:PDEVICE_OBJECT
mov status, STATUS_DEVICE_CONFIGURATION_ERROR
;创建虚拟设备
invoke IoCreateDevice, pDriverObject, 0, addr g_usDeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, addr pDeviceObject
.if eax == STATUS_SUCCESS
;建立符号链接
invoke IoCreateSymbolicLink, addr g_usSymbolicLinkName, addr g_usDeviceName
.if eax == STATUS_SUCCESS
mov eax, pDriverObject
assume eax:ptr DRIVER_OBJECT;指定pDriverObject的参数的类型为DRIVER_OBJECT结构
;指定用户模式下卸载驱动时的处理地址
mov [eax].DriverUnload, offset DriverUnload
;指定用户模式调用CreateFile时的处理地址
mov [eax].MajorFunction[IRP_MJ_CREATE*(sizeof PVOID)],offset DispatchCreateClose
;指定用户模式调用CloseHandle时的处理地址
mov [eax].MajorFunction[IRP_MJ_CLOSE*(sizeof PVOID)],offset DispatchCreateClose
;指定用户模式调用DeviceIoControl时的处理地址
mov [eax].MajorFunction[IRP_MJ_DEVICE_CONTROL*(sizeof PVOID)],offset DispatchControl
assume eax:nothing
mov status, STATUS_SUCCESS
.else
invoke IoDeleteDevice, pDeviceObject
.endif
.endif
mov eax, status
ret
DriverEntry endp
end DriverEntry
DriverTest.inc
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; 要用到的头文件定义
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
include w2k\ntstatus.inc
include w2k\ntddk.inc
include w2k\ntoskrnl.inc
include w2k\w2kundoc.inc
include w2k\native.inc
includelib d:\RadASM\masm32\lib\w2k\ntoskrnl.lib
include d:\RadASM\masm32\Macros\Strings.mac
;控制代码
IOCTL_GET_PHYS_ADDRESS equ CTL_CODE(FILE_DEVICE_UNKNOWN, 800h, METHOD_BUFFERED, FILE_READ_ACCESS + FILE_WRITE_ACCESS)
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
汇编好看些?
