I know VxD is for 95, WDM is for 98 and KMD is for XP. So what is a Service. And which of these makes a .sys file.

Do WDM works for them all. Is there anything that do. I don't need to go Ring 0 unless i have no other choise but to become a driver writer. And i don't feel like that at the moment. But if i must maybe there is something higher that can at lease hook some parts of them ALL.

I want to try to hook one or more of them and make a service or something to mointor a few messages and all Win OS.

So do this mean i have to write all of the above or can i just write a dll hook to do the job. World something like this be consider as a simple service.

Thanks in advance
Posted on 2003-07-23 16:33:10 by cmax
A .sys file is a (sort of) driver for DOS. You can safely ignore them unless your monitor program must trap DOS events. This .sys files are there in your Win9X just because it boots from DOS first.

A service is a Windows program that is loaded on startup, in the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices (and it's analogous key in Windows NT). That's all I know about them... :grin:

By the way, are you sure ring 0 is what you need? Perhaps a hook is enough. There's an Iczelion tutorial on them, you might want to check it out first.
Posted on 2003-07-23 17:45:46 by QvasiModo
Thanks for the info QvasiModo. So that's out

Izc VxD and Four-F KMD tute proved that it seems easier than i thought to write so i am hooked on learn more about it. But if a hook can do what i am after that would be even better because it may work for all OS and that all i need really.

Anyway, I still plan to get into driver. The vmm.inc, vwin32.inc, v86mmgr.inc, and the shell.inc files is not in my masm32 package and i'm sure i scan them all. I am going to Icz site to find them if he got them if not do anyone have them or know where i can get them including WDM.

Thanks again
Posted on 2003-07-23 19:31:34 by cmax
A service is a Windows program that is loaded on startup, in the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run


Well only on 9x, which services are an after thought.

here is what msdn says:


Microsoft? Windows NT? supports an application type known as a service.
A Win32-based service conforms to the interface rules of the Service Control
Manager (SCM). It can be started automatically at system boot, by a user
through the Services control panel applet, or by a Win32-based application
that uses the service functions included in the Microsoft? Win32? application
programming interface (API). Services can execute even when no user is logged
on to the system.


I have created an example for services in SpAsm and PowerBasic (also in C but whatever ).
And you can download the masm example from Iczelion site.

here is a quote from CP's masm example:

Many people are familiar with device drivers and their
advantage at being autostarted by the system and getting
Ring 0 privilege. But with that privilege comes complexity
in both the planning and development phase. Microsoft's
tendency to be less than forthcoming with information makes
the task all the harder. By contrast many of us are
familiar with programming at Ring 3 and the documentation of
the Win32 API is extensive. Wouldn't it be nice to combine
the characteristics of a driver with the familiarity of
regular Ring 3 Apps. Services are Microsoft's attempt to
create such a beast. They gain the advantage of being
autostarted by the system while keeping the familiarity of
normal Ring 3 programming.



Services are really easy to write, but based on the content of your post..this is not what you
are looking for....

RobotBob
Posted on 2003-07-23 20:00:45 by RobotBob
No they are not there. I even downloaded v7 from Icz site. I wonder why they are not in none of the packages but yet there are tutes for it with no clue of where the .inc are. I guest they had to miss something. :)

Again do anyone know where i can get the list of things above. or do someone know what dll's these things are called from.

The vmm.inc, vwin32.inc, v86mmgr.inc. I know that shell is in the System folder. but i don't see there others.


By the way, Hello RobotBob

ya, service and .sys are out...
Posted on 2003-07-23 20:18:10 by cmax
all Win OS.


VXDs only work on Win 9x. If you're just looking to get all windows messages, you just need to write an exe with a call to SetWindowsHookEx using WH_GETMESSAGE and a dll to recieve all of the messages.
Posted on 2003-07-23 21:56:09 by evwr
evwr, I thought it just work for 95 but i did not know it worked for all 9x. Thanks for getting that out the way for me.

Thats why if i do it i have to learn to write them all... KMD and the rest. But first i need to know where the .inc are or what dlls are they calling i found vmm32 for one but what are the rest. Hooking all messages will slow the user system down in a very bad way. At lease thats what i hear. So there is only one other way to go it seems.

PS: I know its dangauous to write driver but you can bet all if i get to it it will NEVER fail.
Posted on 2003-07-23 22:09:56 by cmax
evwr, i followed your advice about hooking and it seem to to work just fine. I think i am going to use it for something. But i still plan to write drivers the minute i get my hands on those includes files.

One other thing. About Services does 2000 and XP have something simular or better. If so what would it be called.
Posted on 2003-07-24 04:08:50 by cmax
NT/2000/XP all have services.

From http://spiff.tripnet.se/~iczelion/vxd-tut3.html:
Windows 9x DDK contains several essential include files which are not included in MASM32 package.
Posted on 2003-07-24 10:22:30 by evwr
Posted on 2003-07-24 19:48:29 by cmax
VxD (Virtual <xxx> Device): _all_ 9x
KMD (Kernel Mode Driver): _all_ NT (at least since NT4)
WDM (Windows Driver Model): 2k, xp, (limited) 98/Me - as far as I know

VxD's use the LE format, and can contain mixed 16- and 32bit code. The structure is generally pretty messy, and a lot of people write pretty dirty code.

KMD's are normal PE files - you can't use the reguler kernel32.dll etc, instead you have imports from a bunch of SYS files (which infact are PE's). It's somewhat harder to get started with KMD coding than VxD, but they're more powerful, and you have a very rich ring0 API at your fingertips.

I'm not really too familiar with WDM, and I might very well remember wrong, but afaik it's KMD's with "a special structure" - like having to handle PnP and power savings stuff. But better look up the details yourself.

Services... don't exist on 9x. The "Run" and "RunService" stuff is pretty hacky. It does exist on all NT, at least since NT4. Services run ring3 - you use the service manager APIs to load KMD's too, though - and those are definitely ring0 ;).
Posted on 2003-07-25 02:22:58 by f0dder
With-out them you have nothing to explore with.
I was just piss. No one need this right after such a great group of replys on this subject so i edit it out.

I'm sure i will get the real thing shortly. It's coming now.

It's just to interesting to give up on. Those tutes blew my mind.
Posted on 2003-07-25 04:44:31 by cmax
Thanks to a member of the Board I got the full 98DDk.
Posted on 2003-07-25 23:53:27 by cmax
Wasn't me but if anybody else needs it you can download it here:

http://comsci.dsu.dp.ua/ftpdir/Developer/WIN98.DDK/win98ddk.exe
Posted on 2003-07-26 00:13:40 by donkey
or you can get it from me. The member i got it from seems like a private guy. Just did not want to drop names. Maybe some one can set something up. If that is the same link donkey they have a slow download service or it's just full. 5 hours estitmated time. After two hours connection was teminated. I was so piss.

PS: the vmm.inc may need serious reconstution for masm32 to work. I did not expect all of that.
Posted on 2003-07-26 05:22:00 by cmax
a faster site I found: 100k download speed, took me 4 minutes to download:

http://ausis.gf.vu.lt/pub/ddk/win98ddk.exe

but maybe not for long if we start hitting it lol.
Posted on 2003-07-27 12:54:20 by RobotBob
When it come to the exe anything less is useless to us.

The File Size should be over 25 MB. If it's 19 MB

WARNING:

It don't have the 98DDK in it only the other crap. That's also why i was piss i wasted 8 or mire hours to find all that stuff out. I trusted that it was the real thing.

If you see 25MG .exe than you got it. I dont know about the zip it is well hidden .

Everybody seem to be sending out 19MB file for some reason, I mean darn near everybody.
Posted on 2003-07-27 16:06:26 by cmax
where may i get the 25mb version? i could put this *quietly* on a server for a few days.

well are there any distrubution problems with it?
I could host as long as my bandwidth doesnt die lol
Posted on 2003-07-27 16:10:27 by RobotBob
"are there any distrubution problems"

It makes me wonder.

I downloaded everything i could find at googies. there were only 3 or 4. And I think i did them all twice before i relize something was wrong. Nether had the real stuff in it.

And if all of those guys left out a misily 6MB of of 25 maybe MS$ has put a stop to it so people have to buy NET and other stuff they do. Evidently those guys are afraid. They must know something about MS$ laws that we don't.

But i would think as always as long as you don't modify the package you can do what you want. If that is not the case anymore the F**k it all up for everybody i would think. Maybe someone knows more.

I will seen it to you anyway.
Posted on 2003-07-27 17:31:04 by cmax