NTOSKRNL

[bomz]

.386

.model flat, stdcall
option casemap :none

include \MASM32\INCLUDE\windows.inc


include \MASM32\INCLUDE\user32.inc
include \MASM32\INCLUDE\kernel32.inc
includelib \MASM32\LIB\user32.lib
includelib \MASM32\LIB\kernel32.lib
include \masm32\include\ntoskrnl.inc
includelib \masm32\lib\ntoskrnl.lib

.data
form db "EAX: %u", 0

.data?
buffer db 512 dup(?)
bytes dd ?

.code
start:
invoke ExAllocatePool, 1, 1024
mov bytes, eax
invoke wsprintf,ADDR buffer,ADDR form,eax
invoke MessageBox,0,ADDR buffer,NULL,MB_ICONASTERISK
invoke ExFreePool, bytes
invoke ExitProcess,0
end start

No ntoskrnl.dll

if decide 1 - error c0000005

[Vortex]

Hi bomz,

The majority of the forum does not know Russian. Perhaps, you should explain what you are trying to achieve and the meaning of the error message.

[bomz]

1 error - No ntoskrn.dll. This known problem in masm32 - need ntoskrnl.EXE.
2 c0000005 error

standart system error - if you compile code you see the same this your system language

[hutch--]

bomz,

in the batch file BLDLIBS.BAT in the INCLUDE directory, change the line,

Code Select Expand


  inc2l ntoskrnl.inc

           to

  inc2l ntoskrnl.inc exe


and rebuild the library by running the batch file.

[bomz]

how rebuild libruary?

I find in internet one - but don't know it's for 10 or 9 version. Else I rename exe to dll, and third in hex editor change all dll to exe in libruary

http://easycode.cat/English/Help/Masm/Drivers.htm

VERY IMPORTANT: The ntoskrnl.lib library coming with MASM32 references all its functions to ntoskrnl.dll instead of ntoskrnl.exe (ntoskrnl.dll does not exist in the system). As a result, driver projects built with that library never work. To solve this problem, just click the link below to download the modified ntoskrnl.lib library working fine and move it to the \Masm32\Lib folder overwriting the existing one (no other project will be affected by this change). If ntoskrnl.lib is not replaced, no built driver will work.

[bomz]

I change string , run batch, rebuild all libruaries - c0000005 error occurs

http://msdn.microsoft.com/en-us/library/windows/hardware/ff559707%28v=vs.85%29.aspx

POOL_TYPE enumeration
typedef enum _POOL_TYPE {
  NonPagedPool                    = 0,
PagedPool                       = 1,
  NonPagedPoolMustSucceed         = 2,
  DontUseThisType                 = 3,
  NonPagedPoolCacheAligned        = 4,
  PagedPoolCacheAligned           = 5,
  NonPagedPoolCacheAlignedMustS   = 6
} POOL_TYPE;

[dedndave]

The ExAllocatePool routine is obsolete, and is exported only for existing binaries. Use ExAllocatePoolWithTag instead.

[bomz]

and is exported only for existing binaries

what this mean?

[Vortex]

and is exported only for existing binaries

what this mean?

Probably , the purpose is to maintain backward compatibility.

[bomz]

invoke ExAllocatePoolWithTag, 1, 1024, 'a'

I don't uderstand already what is - tag

c0000005 error occurs

[bomz]

Investigate ZwQuerySystemInformation. deciding buffer size problem.

.386

.model flat, stdcall
option casemap :none

   include \MASM32\INCLUDE\windows.inc
   include \MASM32\INCLUDE\masm32.inc
   include \MASM32\INCLUDE\user32.inc
   include \MASM32\INCLUDE\kernel32.inc
   include \MASM32\include\ntdll.inc
   includelib \MASM32\LIB\masm32.lib
   includelib \MASM32\LIB\user32.lib
   includelib \MASM32\LIB\kernel32.lib
   includelib \masm32\lib\ntdll.lib

.data
   mestitle      db "Bomz",0
   form         db '%8u%8u%5u', 0dh, 0ah, 0
   Empty         db '[System Process]................',0
.data?
   buffer         db 65536 dup(?)
   buffer1         db MAX_PATH dup(?)
   bytes         dd ?
   hwnd         dd ?
   Cursor         CONSOLE_CURSOR_INFO <>

.code
start:
   invoke SetConsoleTitle, addr mestitle
   invoke SetConsoleCP, 1251
   invoke GetStdHandle, STD_OUTPUT_HANDLE
   mov hwnd, eax
   mov Cursor.dwSize, 100
   mov Cursor.bVisible, 0
   invoke SetConsoleCursorInfo, hwnd,addr Cursor
   invoke FillConsoleOutputAttribute,hwnd,\
   BACKGROUND_BLUE OR BACKGROUND_INTENSITY, 24000, 0,0
   invoke SetConsoleTextAttribute,hwnd,\
   FOREGROUND_BLUE OR FOREGROUND_GREEN OR FOREGROUND_RED OR\
   FOREGROUND_INTENSITY OR BACKGROUND_BLUE OR BACKGROUND_INTENSITY
BEGIN:
   invoke ZwQuerySystemInformation,5, addr buffer,65536,addr bytes
   lea ebx, buffer
   invoke StdOut, addr Empty
   jmp FIRST
NEXT:
   invoke WideCharToMultiByte,0,0,[ebx+60],-1,addr buffer1,MAX_PATH,0,0

   mov ecx, 30
   lea edi, buffer1
   mov al, 0
   repne scasb
   dec edi
   add ecx, 3
   mov al, '.'
   rep stosb
   mov byte ptr[edi], 0

   invoke StdOut, addr buffer1
FIRST:
   mov eax, dword ptr[ebx+104]
   shr eax, 10
   invoke wsprintf,ADDR buffer1,ADDR form,eax,dword ptr[ebx+68],dword ptr[ebx+64]
   invoke StdOut, addr buffer1
   cmp dword ptr[ebx],0
   je LAST
   add ebx, dword ptr[ebx]
   jmp NEXT
LAST:
   invoke Sleep, 1000
   mov byte ptr[buffer1],0
   invoke ClearScreen
   jmp BEGIN
   invoke ExitProcess,0
end start

[hutch--]

bomz,

just read the last post I made, change the batch file THEN run it.

только что прочитал последнее сообщение я сделал, изменить пакетный файл, запустите его.

[bomz]

I do this already.

Google translate making terrible translation. Russian don't have fix word order, the order change sense

только что прочитал последнее сообщение я сделал, изменить пакетный файл, запустите его.

Просто прочитай мое последнее предложение, измени пакетный файл, запусти его

in english this do time

[hutch--]

I give up, this is an ENGLISH language forum, if Google translate does not work I just cannot help you.

[bomz]

I change BAT file, run it, do new libruary, compile code, and have c0000005 error