9 Nov
2003
9 Nov
'03
5:17 p.m.
Hello,
--- Rapha�l_Junqueira <fenix(a)club-internet.fr> wrote:
it is simple, only a PE module who work on kernel mode
using os APIs:
- -=(FeniX as fenix@DarkBluE)-(on tty2)-(at 13:39:31)=-
-={$:'~'}=->winedump dump -j import
/mnt/win_c2/windows/system32/drivers/
secdrv.sys
Contents of "/mnt/win_c2/windows/system32/drivers/secdrv.sys": 27440
bytes
Import Table size: 40
offset 25404 ntoskrnl.exe
Hint/Name Table: 00006364
TimeDataStamp: 00000000 (Thu Jan 1 01:00:00 1970)
ForwarderChain: 00000000
First thunk RVA: 00000260 (delta: 4294967295 0xffffffff)
Ordn Name
252 IoDeleteSymbolicLink 644a
251 IoDeleteDevice 63b4
247 IoCreateSymbolicLink 63c6
243 IoCreateDevice 63de
720 RtlInitUnicodeString 63f0
687 RtlEqualUnicodeString 6408
519 NtBuildNumber 6420
760 RtlQueryRegistryValues 6430
599 PsGetVersion 63a4
434 KeTickCount 6462
479 MmIsAddressValid 6470
792 RtlUnwind 6492
54 ExAllocatePoolWithTag 649e
66 ExFreePool 64b6
325 IofCompleteRequest 64c4
Done dumping /mnt/win_c2/windows/system32/drivers/secdrv.sys
The problem is how emulate windows kernel internal behavior (ie
assembly tips
as NtCurrentTeb)
We have been looking in to loading this driver under ReactOS and all of
the functions are implemented but it still returns STATUS_UNSUCESSFULL.
I think that the imports of "PsGetVersion and NtBuildNumber" might have
something to do with it. The driver works under my Windows NT 4 laptop
but not ReactOS. We may just have to hard code the values to match NT 4
and it could work.
If we can get it to load on ROS it will be up to you guys to figure out
a way to adapt ROS+WINE to play nice together. =)
Thanks
Steven
__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree