Hello,
--- Rapha�l_Junqueira fenix@club-internet.fr wrote:
it is simple, only a PE module who work on kernel mode using os APIs:
- -=(FeniX as fenix@DarkBluE)-(on tty2)-(at 13:39:31)=-
-={$:'~'}=->winedump dump -j import /mnt/win_c2/windows/system32/drivers/ secdrv.sys Contents of "/mnt/win_c2/windows/system32/drivers/secdrv.sys": 27440 bytes
Import Table size: 40 offset 25404 ntoskrnl.exe Hint/Name Table: 00006364 TimeDataStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 00000260 (delta: 4294967295 0xffffffff) Ordn Name 252 IoDeleteSymbolicLink 644a 251 IoDeleteDevice 63b4 247 IoCreateSymbolicLink 63c6 243 IoCreateDevice 63de 720 RtlInitUnicodeString 63f0 687 RtlEqualUnicodeString 6408 519 NtBuildNumber 6420 760 RtlQueryRegistryValues 6430 599 PsGetVersion 63a4 434 KeTickCount 6462 479 MmIsAddressValid 6470 792 RtlUnwind 6492 54 ExAllocatePoolWithTag 649e 66 ExFreePool 64b6 325 IofCompleteRequest 64c4
Done dumping /mnt/win_c2/windows/system32/drivers/secdrv.sys
The problem is how emulate windows kernel internal behavior (ie assembly tips as NtCurrentTeb)
We have been looking in to loading this driver under ReactOS and all of the functions are implemented but it still returns STATUS_UNSUCESSFULL. I think that the imports of "PsGetVersion and NtBuildNumber" might have something to do with it. The driver works under my Windows NT 4 laptop but not ReactOS. We may just have to hard code the values to match NT 4 and it could work.
If we can get it to load on ROS it will be up to you guys to figure out a way to adapt ROS+WINE to play nice together. =)
Thanks Steven
__________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree