i saw ntoskrnl & many other protos in Z.inc. uhm..how do u get it? are u made it by hand ? or u got it from somewhere?

then in ur code, there'r calls to CloseServiceHandle. this is wierd, could u explain what these calls at the end of initialize_roak_sys for?

thx
Posted on 2002-12-08 19:48:53 by dion
Look at Iczelion's PE tutorials to learn about what functions are in dlls.
He has tutorials on how to make the library files and read the dlls to see how many arguments go to the functions, and their addresses. Reading the dlls has its benefits as they change from service pack to service pack with new functions. Interestingly you can also use LoadLibrary and GetProcAddress to get the address of _atoi64 in ring 3 and send the address to ring 0 instead of doing all the junk I did.

The Windows32 SDK reference manual describes most calls like CloseServiceHandle. I use the service control manager to load and unload the driver like a dll.

You need to google or to get the DDK for descriptions of calls like SetupDiDestroyDeviceInfoList or
SetupDiSetDeviceRegistryProperty.

But you don't need the DDK at all to make a driver if you make your own library files.
Posted on 2002-12-08 21:26:27 by roaknog
could someone post the Icz's PE tut file link? i cant find it in the mess of...

thx roaknog ;)
Posted on 2002-12-09 06:40:58 by dion
Posted on 2002-12-09 09:10:52 by roaknog
thx again roaknog ;)
Posted on 2002-12-09 20:29:34 by dion