I read the following in “The Basics” section:
What Language Can I Write Drivers In?
“You write drivers for Windows in either C or C++. Support for using C++ is tenuous (click here to download an interesting paper on this topic written by one of the Microsoft kernel devs), but it can be done. Don’t even think about trying to use another language. All the functions and data types are only defined in C/C++ header files. There are no assembly language definitions provided, so you can’t use assembly language, either.”
Is that true? I can’t write assembly language? Surely you jest. I must be able to write assembly, I need to support new instructions that the compiler simply doesn’t understand. How can I execute opcodes that are unknown to the compiler?
Am I back to the previous question: Do I have to use Microsofts Compiler?
I really don’t want to go through that pain.
No you do not want to use ASSEMBLER!!! First, your driver needs to work in
both x64 and x86 so you are going to write two driver? Second, what
opcodes do you think you need that are not supported?
Second, you not only have to use the Microsoft Compiler, you need to use
the one that comes with the WDK! You can run into subtle bugs if you try
to use any other compiler other than the WDK’s.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
>I read the following in “The Basics” section:
>
> ------------------------------------------------------------------------------------------------------------------------------
> What Language Can I Write Drivers In?
>
> “You write drivers for Windows in either C or C++. Support for using C++
> is tenuous (click here to download an interesting paper on this topic
> written by one of the Microsoft kernel devs), but it can be done. Don’t
> even think about trying to use another language. All the functions and
> data types are only defined in C/C++ header files. There are no assembly
> language definitions provided, so you can’t use assembly language,
> either.”
> ------------------------------------------------------------------------------------------------------------------------------
>
> Is that true? I can’t write assembly language? Surely you jest. I
> must be able to write assembly, I need to support new instructions that
> the compiler simply doesn’t understand. How can I execute opcodes that
> are unknown to the compiler?
>
> Am I back to the previous question: Do I have to use Microsofts
> Compiler?
> I really don’t want to go through that pain.
>
>
As far as I know, on 32bit you can still use embedded assembler bracked with
something like —
_asm {
mov
push
…
etc.
}
On 64bit you can not use embedded assembler, but you can have functions
defined using assembly and place them in assembly file ( *.asm )
C++ is a different story and more than plenty of discussion are in the
archive.
-pro
On 7/26/07, xxxxx@gdc4s.com wrote:
>
> I read the following in “The Basics” section:
>
>
> ------------------------------------------------------------------------------------------------------------------------------
> What Language Can I Write Drivers In?
>
> “You write drivers for Windows in either C or C++. Support for using C++
> is tenuous (click here to download an interesting paper on this topic
> written by one of the Microsoft kernel devs), but it can be done. Don’t even
> think about trying to use another language. All the functions and data types
> are only defined in C/C++ header files. There are no assembly language
> definitions provided, so you can’t use assembly language, either.”
>
> ------------------------------------------------------------------------------------------------------------------------------
>
> Is that true? I can’t write assembly language? Surely you jest. I must
> be able to write assembly, I need to support new instructions that the
> compiler simply doesn’t understand. How can I execute opcodes that are
> unknown to the compiler?
>
> Am I back to the previous question: Do I have to use Microsofts Compiler?
> I really don’t want to go through that pain.
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> I must be able to write assembly
Well, if you really need it, you know what you are doing and
don’t mind all the problems this approach creates, then take look at
http://www.freewebs.com/four-f/
A pro po, in 64 bit case there is no such thing as inline assembler, so you may want
to localize the asm code in separate .ASM module[s] keeping the rest in C[++].
-------------- Original message --------------
From: xxxxx@gdc4s.com
I read the following in “The Basics” section:
What Language Can I Write Drivers In?
“You write drivers for Windows in either C or C++. Support for using C++ is
tenuous (click here to download an interesting paper on this topic written by
one of the Microsoft kernel devs), but it can be done. Don’t even think about
trying to use another language. All the functions and data types are only
defined in C/C++ header files. There are no assembly language definitions
provided, so you can’t use assembly language, either.”
Is that true? I can’t write assembly language? Surely you jest. I must be
able to write assembly, I need to support new instructions that the compiler
simply doesn’t understand. How can I execute opcodes that are unknown to the
compiler?
Am I back to the previous question: Do I have to use Microsofts Compiler?
I really don’t want to go through that pain.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
I need to do an SENTER with an Intel LT chip. The scenario is thus: The user is running WinXP (or Vista). The driver has an associated app. The user want to enter a secure environment, they invoke the app, the app executes an IOCTL on the driver. The driver wipes the currently running WinOS from memory, does SENTER and loads the custom secure OS. Upon finishing the secure tasks, the user reboots the machine, and boots the WinOS up again. The scenario can repeat again if desired.
With gcc on Linux, we do:
.text
ENTRY(SecureEntry)
.byte 0x0f, 0x01, 0xc2 (or whatever the opcode is for SENTER)
… (etcetera)
xxxxx@gdc4s.com wrote:
Is that true? I can’t write assembly language? Surely you jest. I must be able to write assembly, I need to support new instructions that the compiler simply doesn’t understand. How can I execute opcodes that are unknown to the compiler?
Why would you need to do that in a driver? Kernel code should be as
minimal as possible. If you need to some sophisticated,
computationally-intensive processing, you need to do that in user mode.
Am I back to the previous question: Do I have to use Microsofts Compiler?
I really don’t want to go through that pain.
What pain? The WDK includes Visual C++ 8.0, which is quite competitive
in today’s compiler world.
Technically speaking, it is possible to build drivers with other
compilers. However, all of the support libraries and samples were built
with VC++8.0, and Microsoft only guarantees interoperability with their
own compiler. As soon as you veer from the path, you lose your support.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Please tell us your product so we can recomend all of our customers avoid
this. You are going to do a ton of damage, by basically crashing the OS to
run your crap. Instead of this make your secure OS a boot option, and
never go into Windows. It is garbage like this, that make me laugh
everytime I see the Linux is reliable and secure, and Windows is not
claims.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
>I need to do an SENTER with an Intel LT chip. The scenario is thus: The
>user is running WinXP (or Vista). The driver has an associated app. The
>user want to enter a secure environment, they invoke the app, the app
>executes an IOCTL on the driver. The driver wipes the currently running
>WinOS from memory, does SENTER and loads the custom secure OS. Upon
>finishing the secure tasks, the user reboots the machine, and boots the
>WinOS up again. The scenario can repeat again if desired.
>
> With gcc on Linux, we do:
>
> .text
>
> ENTRY(SecureEntry)
> .byte 0x0f, 0x01, 0xc2 (or whatever the opcode is for SENTER)
>
> … (etcetera)
>
>
>
The secure OS is custom, it’s not Linux, dont turn this discussion into a Linux vs Windows, neither are secure.
So make the secure OS, a bootable OS, loading from Windows and crashing
Windows is IRRESPONSIBLE at best.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
> The secure OS is custom, it’s not Linux, dont turn this discussion into a
> Linux vs Windows, neither are secure.
>
Don,
I just need to understand how to write assembly code in Windows drivers, we have our requirements. I did not determine these requirements, they just want us to see if we could switch from running Windows or Linux to running a secureOS as fast as possible, without requiring a reboot. Now, this may not be possible or desirable, and that may be the result of this study, but I need to at least try to do it and see what the issues are. Thanks for you help.
Ok, you can as has been pointed out use inline assembler in 32-bit mode.
You can write assembler files as seperate files for either 32 or 64 bit.
What you are doing in this case is a crash, so you are blowing away all the
file system cached work (could be weeks old depending on the situation).
Personally I cannot think of a production environment where such behavior
is acceptable.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
> Don,
>
> I just need to understand how to write assembly code in Windows drivers,
> we have our requirements. I did not determine these requirements, they
> just want us to see if we could switch from running Windows or Linux to
> running a secureOS as fast as possible, without requiring a reboot. Now,
> this may not be possible or desirable, and that may be the result of this
> study, but I need to at least try to do it and see what the issues are.
> Thanks for you help.
>
>
>
Are you talking about late launch of an Intel TXT MVMM? This is not
something you will get an answer to on this list, or for that matter,
via e-mail, as it is a serious amount of work, most of it R & D.
If you wish, contact me of list, and we can discuss it further.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Thursday, July 26, 2007 16:53
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Assembly Language in WDK
Please tell us your product so we can recomend all of our customers
avoid
this. You are going to do a ton of damage, by basically crashing the OS
to
run your crap. Instead of this make your secure OS a boot option, and
never go into Windows. It is garbage like this, that make me laugh
everytime I see the Linux is reliable and secure, and Windows is not
claims.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
>I need to do an SENTER with an Intel LT chip. The scenario is thus:
The
>user is running WinXP (or Vista). The driver has an associated app.
The
>user want to enter a secure environment, they invoke the app, the app
>executes an IOCTL on the driver. The driver wipes the currently
running
>WinOS from memory, does SENTER and loads the custom secure OS. Upon
>finishing the secure tasks, the user reboots the machine, and boots the
>WinOS up again. The scenario can repeat again if desired.
>
> With gcc on Linux, we do:
>
> .text
>
> ENTRY(SecureEntry)
> .byte 0x0f, 0x01, 0xc2 (or whatever the opcode is for SENTER)
>
> … (etcetera)
>
>
>
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Yes, it’s kind of a variation on a pure late launch. We did late launch “pre-release” earlier, we have an early launch release product, and we are now studying variations in launching the secure environment. How do I contact you off-list?
> I need to do an SENTER with an Intel LT chip. The scenario is thus: The user
is running WinXP (or Vista). The driver has an associated app. The user want
to enter a secure environment, they invoke the app, the app executes an IOCTL
on the driver. The driver wipes the currently running WinOS from memory, does
SENTER and loads the custom secure OS. Upon finishing the secure tasks, the
user reboots the machine, and boots the WinOS up again. The scenario can
repeat again if desired.
One of the most stupid solutions that I can possibly imagine…
What you have to do is to solve your problem via emulation and virtual monitor. Please be aware that this involves *A LOT* of work, but there is no other way around - what you have mentioned is just not serious enough for being even discussed, let alone implemented…
Anton Bassov
> ----------
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of xxxxx@gdc4s.com[SMTP:xxxxx@gdc4s.com]
Reply To: Windows System Software Devs Interest List
Sent: Thursday, July 26, 2007 11:06 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Assembly Language in WDK
The secure OS is custom, it’s not Linux, dont turn this discussion into a Linux vs Windows, neither are secure.
That’s OK but why don’t you boot secure OS directly as Don suggest? Windows has to be properly shutdown so running processes are exited, users’ data aren’t lost, FS/disk caches are flushed and disk data aren’t corrupted. Otherwise there is a risk Windows won’t even boot next time. Boot choice seems as much easier and more convenient approach. If you want to start the switch from the Windows, it is possible to configure boot loader to start secure OS automatically and without waiting. The just initiate Windows restart properly and you’re done. With your approach you’d just save few seconds.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
You CANNOT make a multi-boot system and meet security requirements. During the time the “unsecure OS” (linux or win) is running on the platform, the image and data of the secureOS cannot physically reside on that machine. That is a security no-no.
The secureOS must reside in a remote location inaccessible to the unsecureOS. When the special driver is invoked, it will have a way to retrieve the secureOS image (perhaps over a network), load it, and execute it. The secureOS will be configured with a networked file system. This all must occur with no reboot of the machine.
That is the subject of the study. Case closed.
Anthony,
Then consider having your driver be embedded in a WinPE system or
other environment that is booted as a different option. You can then have
an environment that will provide you the ability to run your driver without
having the problems of blowing away a working Windows. Somehow, saying run
this app for security but you will loose all the work you did since Windows
rebooted, and perhaps need to reinstall the OS, does not make me feel
secure.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
> You CANNOT make a multi-boot system and meet security requirements.
> During the time the “unsecure OS” (linux or win) is running on the
> platform, the image and data of the secureOS cannot physically reside on
> that machine. That is a security no-no.
> The secureOS must reside in a remote location inaccessible to the
> unsecureOS. When the special driver is invoked, it will have a way to
> retrieve the secureOS image (perhaps over a network), load it, and
> execute it. The secureOS will be configured with a networked file
> system. This all must occur with no reboot of the machine.
> That is the subject of the study. Case closed.
>
>
xxxxx@gdc4s.com wrote:
I need to do an SENTER with an Intel LT chip. The scenario is thus: The user is running WinXP (or Vista). The driver has an associated app. The user want to enter a secure environment, they invoke the app, the app executes an IOCTL on the driver. The driver wipes the currently running WinOS from memory, does SENTER and loads the custom secure OS. Upon finishing the secure tasks, the user reboots the machine, and boots the WinOS up again. The scenario can repeat again if desired.
With gcc on Linux, we do:
.text
ENTRY(SecureEntry)
.byte 0x0f, 0x01, 0xc2 (or whatever the opcode is for SENTER)
… (etcetera)
That’s fine. Just put it in a standalone assembler file, just like you
do on Linux, and put it in a subdirectory called “i386”. You’ll have to
convert it to MASM. Then, in the sources file, you do this:
SOURCES = \
driver_file_1.c \
driver_file_2.c …
I386_SOURCES = \
senter.asm
The build process will take care of it. You might want to add !ifdefs
to make sure no one tries to build an x64 version.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Don Burn wrote:
Please tell us your product so we can recomend all of our customers avoid
this. You are going to do a ton of damage, by basically crashing the OS to
run your crap. Instead of this make your secure OS a boot option, and
never go into Windows. It is garbage like this, that make me laugh
everytime I see the Linux is reliable and secure, and Windows is not
claims.
Don, while I usually enjoy your curmudgeonliness, you are being entirely
unreasonable here. This is a special-purpose need, for a
special-purpose piece of hardware. The design he has described is
*exactly* the design that Intel recommends in their LaGrande Technology
architecture. And crashing the OS is kind of irrelevant if he’s going
to wipe and replace the entire OS anyway, wouldn’t you say?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Tim,
Sorry, but I have just been hearing a FUCKING LECTURE BY A BUNCH OF
ASSHOLES, about something similar. These pointy hair professor types are
using the fact that they crashed Windows and therefore lost work to show
that Windows is unreliable and Linux is not!
He is not wiping and replacing the OS, he is crashing the OS to load
his secure OS, and then expecting the user to reboot into Windows. I for
one would be highly pissed to discover by running the “secure application”
I have lost all the work on my desktop system!
Anthony claims he needs to load the secure OS from a network and not
on the disk, so then at least he can make his network loader to be
something that respects the OS environment, and NOT A PIECE OF GARBAGE.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
“Tim Roberts” wrote in message news:xxxxx@ntdev…
> Don Burn wrote:
>> Please tell us your product so we can recomend all of our customers
>> avoid
>> this. You are going to do a ton of damage, by basically crashing the OS
>> to
>> run your crap. Instead of this make your secure OS a boot option, and
>> never go into Windows. It is garbage like this, that make me laugh
>> everytime I see the Linux is reliable and secure, and Windows is not
>> claims.
>>
>
> Don, while I usually enjoy your curmudgeonliness, you are being entirely
> unreasonable here. This is a special-purpose need, for a
> special-purpose piece of hardware. The design he has described is
> exactly the design that Intel recommends in their LaGrande Technology
> architecture. And crashing the OS is kind of irrelevant if he’s going
> to wipe and replace the entire OS anyway, wouldn’t you say?
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>