-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
Le Lundi 10 Novembre 2003 08:11, Marcus Meissner a écrit : > On Fri, Nov 07, 2003 at 07:46:58PM +0100, Lionel Ulmer wrote: > > On Fri, Nov 07, 2003 at 10:32:02AM +0000, Mike Hearn wrote: > > > Lionel, could QEMU be used here? I guess the driver expects to have > > > kernel level access to the machine, so we could either: > > > > Well, as I have no idea how .SYS loading working and how it interfaces > > with the kernel, I cannot comment here. > > The newer .SYS files are just PE libraries. They have smaller section > alignments, but otherwise they look just like normal DLLs. > > They reference hal.dll, ntoskrnl.exe, etc. as imports. > > The main hook into them is the DRIVER_OBJECT struct. On initialisation you > call the DLL entry procedure with > DriverEntry(DRIVER_OBJECT*, UNICODE_STRING *name); > if I read > http://msdn.microsoft.com/library/en-us/kmarch/hh/kmarch/drvrrtns_6r76.asp > correctly. > > The DRIVER_OBJECT struct then gets filled with the function pointers the > driver supports. > http://msdn.microsoft.com/library/en-us/kmarch/hh/kmarch/k112_6jaq.asp for > a read. > > The patches I posted should allow loading of these driver dlls. > However, the start function is still called PE User DLL style, which > needs to be fixed. Well it's not really easy as the NT_HEADER only declare: Characteristics: 0306 EXECUTABLE_IMAGE LINE_NUMS_STRIPPED 32BIT_MACHINE DEBUG_STRIPPED So we can only use the file extension (and maybe the imported libs, .sys files using kernel libs) to use the good "dll-entry" between .sys and .exe files :( I don't think Alexandre will love the hack to support this :) > Ciao, Marcus Regards, Raphael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/r0asp7NA3AmQTU4RAqNaAKCcxIwFn+TJEFbFAJ8BwkW6eCEt8gCfeNOn PKTSTc/YTHkd9tCbtvmr9Zw= =QWb6 -----END PGP SIGNATURE-----