unavailability of the IAT Table inside a driver (outside the fonction "DriverEntry")
The IAT is built "pageable" (!) and is not accessible outside DriverEntry. (reproducible problem)
For more, please read the Topic on the forum of "Fasm"
=> Forum Fasm / Windows / Topic "MS COFF - Driver". >>> CLIC HERE (http://board.flatassembler.net/topic.php?t=10989)
A) MS Linker - it works fine, no problem with IAT.
c:\WinDDK\6001.18002\bin\x86\x86\link
/DRIVER /SUBSYSTEM:NATIVE /ENTRY:DriverEntry
toto.obj BeaEngine.lib ntoskrnl.lib hal.lib /OUT:toto.sys
B) PoLink - it doesn't work, IAT is unavailable outside "DriverEntry" !
C:\PellesC\bin\PoLink
/DRIVER /SUBSYSTEM:NATIVE /ENTRY:_DriverEntry@8
toto.obj BeaEngine.lib ntoskrnl.lib hal.lib /OUT:toto.sys
format MS COFF
;NTOSKRNL.EXE
;============
extrn '_Disasm@4' as Disasm:dword
extrn '_DbgPrint' as DbgPrint:dword
extrn '_IoCreateDevice@28' as IoCreateDevice:dword
extrn '_IoCreateSymbolicLink@8' as IoCreateSymbolicLink:dword
extrn '_MmLockPagableDataSection@4' as MmLockPagableDataSection:dword
extrn '_IoDeleteDevice@4' as IoDeleteDevice:dword
extrn '_IoCompleteRequest@8' as IoCompleteRequest:dword
extrn '_MmMapIoSpace@16' as MmMapIoSpace:dword
extrn '_MmUnmapIoSpace@8'as MmUnmapIoSpace:dword
extrn '_ExFreePoolWithTag@8' as ExFreePoolWithTag:dword
extrn '_KeSetSystemAffinityThread@4' as KeSetSystemAffinityThread:dword
extrn '_KeRevertToUserAffinityThread@0' as KeRevertToUserAffinityThread:dword
extrn '_IoDeleteSymbolicLink@4' as IoDeleteSymbolicLink:dword
extrn '_MmUnlockPagableImageSection@4' as MmUnlockPagableImageSection:dword
extrn '_MmMapLockedPagesSpecifyCache@24' as MmMapLockedPagesSpecifyCache:dword
extrn '_KeI386ReleaseGdtSelectors@8' as KeI386ReleaseGdtSelectors:dword
extrn '_KeI386AllocateGdtSelectors@8' as KeI386AllocateGdtSelectors:dword
extrn '_KeI386SetGdtSelector@8' as KeI386SetGdtSelector:dword
extrn '_ExAllocatePoolWithTag@12' as ExAllocatePoolWithTag:dword
extrn '_KeGetCurrentThread@0' as KeGetCurrentThread:dword
extrn '_KeQueryActiveProcessors@0' as KeQueryActiveProcessors:dword
extrn '_MmGetPhysicalAddress@4' as MmGetPhysicalAddress:dword
;HAL.DLL
;=======
extrn '_KeGetCurrentIrql@0' as KeGetCurrentIrql:dword
extrn '_HalGetInterruptVector@24' as HalGetInterruptVector:dword
include 'c:\TEST\perso_driver.inc'
public DriverEntry as '_DriverEntry@8'
;==============================================================================
section 'main' code readable writeable executable notpageable
;============ +++++ ===========================================================
proc DriverEntry pDriverObject, usRegistryPath
;==================
locals
status dd ?
pDeviceObject dd ?
endl
Pelle ...
I can assure you that there is a problem.
what do you think about this ?
Thank you very much for your attention.
Quote from: ouadji on January 06, 2010, 12:57:54 AM
Pelle ...
The last time that Pelle visited this forum was the 04. 08. 2009 (this is not so unusual for Pelle). So don't expect a fast reaction to your question.
I sent him an e-mail also ;)
thank you Alex.QuoteSo don't expect a fast reaction to your question.
Having said that, it's absolutly not a problem if Pelle doesn't monitor his forum and doesn't answer.
The Microsoft linker works perfectly well, and unlike PoLink, reports no error here