Some time ago I was asked to write a simple helper driver which only purpose is to invoke SMI interrupt and return the results. The code was originally called from user mode; app changed IOPL so “out” instruction could work but there were some problems I already forgot and app owner wanted the driver. The driver is pretty simple legacy (NT4 like) one. It creates the device, symbolic link and installs create/cleanup/close and IOCTL handler. It support an IOCTL which calls the worker function which invokes requested SMI interrupt and returns few register values when done.
The worker part looks like this (don’t kill me, please :):
__asm {
mov ax, ‘SM’ ; Set signature of the security SMI function
shl eax, 16 ; Shift to upper 16bit
mov edx, Request
mov ah, [edx].SmiFunctionCode ; Set function code
mov al, 20h
mov dx, 0B2h ; Set software SMI port
out dx, al ; Invoke software SMI
mov edx, Results ; Save results
mov [edx].SmiEax, eax
mov [edx].SmiEbx, ebx
mov [edx].SmiEcx, ecx
}
Driver requests no hw resources and is installed via SCM (no INF). I had it done within several hours and forgot above it. Today I was informed the driver causes HCT test problem. When whole machine is tested, HCT reports this driver is unsigned.
Questions:
- why HCT complains about this driver? There are more software-only unsigned drivers installed and it doesn’t complain about them. If it is because of “out” instruction, how it finds driver uses it (just curious).
- is the some better or “more conforming” way how to achieve this functionality? I mean invoke SMI interrupt and get results; I probably knew the exact purpose but memory leaks…
- how to avoid HCT report and get machine signed? I guess MS wouldn’t sign such a driver.
Thanks.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]