Creating Kernel Mode service in 98/me

OSR_Community_User · June 6, 2002, 2:26am

Dear All,
In Nt/2k i can use CreateService specifying appropriate parameters to
install a Kernel Mode driver. How can i do the same in Windows ME?

cheers
Sesha.

OSR_Community_User · June 6, 2002, 7:24am

You can use NTKERN vxd-services:

NTSTATUS
__stdcall
NtKernLoadDriver(
PUNICODE_STRING DriverServiceName
);

PDRIVER_OBJECT
__cdecl
NtKernWin9XLoadDriver(
PCHAR FileName,PCHAR RegistryPath
);

or WDM-services (these two functions are exported from NTKERN.VXD module):

NTSTATUS
NtLoadDriver(
PUNICODE_STRING DriverServiceName
);

NTSTATUS
ZwLoadDriver(
PUNICODE_STRING DriverServiceName
);

You can call this WDM functions from User Mode using INT 2E call. Yes,
VMM.VXD contains INT 2E dispatcher. I tried to use (for experiment) some WDM
functions in User Mode (for example, KeSetTimerEx() with DPC object) and it
worked fine. You can try to call NtLoadDriver() or ZwLoadDriver()
WDM-service thru INT 2E call.

These calls may look something like this:

__declspec(naked)
NTSTATUS __stdcall NtLoadDriver(PUNICODE_STRING DriverServiceName)
{
__asm {
mov eax,00000085h ; NtLoadDriver service number (for
Windows 98/ME only)
lea edx,[esp+04] ; EDX contains pointer to the
parameter block
int 2Eh ; Perform ring transition
ret 4 ; Clear stack
};
}

__declspec(naked)
NTSTATUS __stdcall ZwLoadDriver(PUNICODE_STRING DriverServiceName)
{
__asm {
mov eax,000000CCh ; ZwLoadDriver service number (for Windows
98/ME only)
lea edx,[esp+04] ; EDX contains pointer to the
parameter block
int 2Eh ; Perform ring transition
ret 4 ; Clear stack
};
}

These two functions are identical, moreover ZwLoadDriver export name is
really mapped to NtLoadDriver() function in the NTKERN.VXD module.

After these steps you can work with your driver as if it were loaded during
system startup process i.e. you can call CreateFile() and DeviceIoControl()
functions to communicate with your driver.
I myself didn’t try to use this technique, but I think it should work.

By the way, there’s no accessible function which unloads WDM drivers.

Please if you succeed in it let me know.

----- Original Message -----
From: “Seshagiri Babu”
To: “NT Developers Interest List”
Sent: Thursday, June 06, 2002 10:26 AM
Subject: [ntdev] Creating Kernel Mode service in 98/me

> Dear All,
> In Nt/2k i can use CreateService specifying appropriate parameters to
> install a Kernel Mode driver. How can i do the same in Windows ME?
>
> cheers
> Sesha.
>
> —