(http://smiles.kolobok.us/light_skin/girl_cray3.gif)
Quote.386
.model flat, stdcall
option casemap :none
include \MASM32\INCLUDE\windows.inc
include \MASM32\INCLUDE\user32.inc
include \MASM32\INCLUDE\kernel32.inc
includelib \MASM32\LIB\user32.lib
includelib \MASM32\LIB\kernel32.lib
include \masm32\include\ntoskrnl.inc
includelib \masm32\lib\ntoskrnl.lib
.data
form db "EAX: %u", 0
.data?
buffer db 512 dup(?)
bytes dd ?
.code
start:
invoke ExAllocatePool, 1, 1024
mov bytes, eax
invoke wsprintf,ADDR buffer,ADDR form,eax
invoke MessageBox,0,ADDR buffer,NULL,MB_ICONASTERISK
invoke ExFreePool, bytes
invoke ExitProcess,0
end start
No ntoskrnl.
dll(http://s2.ipicture.ru/uploads/20111204/RQRKhjtC.png)
if decide 1 - error c0000005
(http://s2.ipicture.ru/uploads/20111204/kzw4Y2EO.png)
(http://smiles.kolobok.us/light_skin/unknw.gif)
Hi bomz,
The majority of the forum does not know Russian. Perhaps, you should explain what you are trying to achieve and the meaning of the error message.
1 error - No ntoskrn.dll. This known problem in masm32 - need ntoskrnl.EXE.
2 c0000005 error
standart system error - if you compile code you see the same this your system language
bomz,
in the batch file BLDLIBS.BAT in the INCLUDE directory, change the line,
inc2l ntoskrnl.inc
to
inc2l ntoskrnl.inc exe
and rebuild the library by running the batch file.
how rebuild libruary?
I find in internet one - but don't know it's for 10 or 9 version. Else I rename exe to dll, and third in hex editor change all dll to exe in libruary
http://easycode.cat/English/Help/Masm/Drivers.htm
Quote
VERY IMPORTANT: The ntoskrnl.lib library coming with MASM32 references all its functions to ntoskrnl.dll instead of ntoskrnl.exe (ntoskrnl.dll does not exist in the system). As a result, driver projects built with that library never work. To solve this problem, just click the link below to download the modified ntoskrnl.lib library working fine and move it to the \Masm32\Lib folder overwriting the existing one (no other project will be affected by this change). If ntoskrnl.lib is not replaced, no built driver will work.
I change string , run batch, rebuild all libruaries - c0000005 error occurs
http://msdn.microsoft.com/en-us/library/windows/hardware/ff559707%28v=vs.85%29.aspx
QuotePOOL_TYPE enumeration
typedef enum _POOL_TYPE {
NonPagedPool = 0,
PagedPool = 1,
NonPagedPoolMustSucceed = 2,
DontUseThisType = 3,
NonPagedPoolCacheAligned = 4,
PagedPoolCacheAligned = 5,
NonPagedPoolCacheAlignedMustS = 6
} POOL_TYPE;
QuoteThe ExAllocatePool routine is obsolete, and is exported only for existing binaries. Use ExAllocatePoolWithTag instead.
and is exported only for existing binaries
what this mean?
Quote from: bomz on December 04, 2011, 11:05:41 AM
and is exported only for existing binaries
what this mean?
Probably , the purpose is to maintain backward compatibility.
invoke ExAllocatePoolWithTag, 1, 1024, 'a'
I don't uderstand already what is - tag
c0000005 error occurs
Investigate ZwQuerySystemInformation. deciding buffer size problem.
Quote.386
.model flat, stdcall
option casemap :none
include \MASM32\INCLUDE\windows.inc
include \MASM32\INCLUDE\masm32.inc
include \MASM32\INCLUDE\user32.inc
include \MASM32\INCLUDE\kernel32.inc
include \MASM32\include\ntdll.inc
includelib \MASM32\LIB\masm32.lib
includelib \MASM32\LIB\user32.lib
includelib \MASM32\LIB\kernel32.lib
includelib \masm32\lib\ntdll.lib
.data
mestitle db "Bomz",0
form db '%8u%8u%5u', 0dh, 0ah, 0
Empty db '[System Process]................',0
.data?
buffer db 65536 dup(?)
buffer1 db MAX_PATH dup(?)
bytes dd ?
hwnd dd ?
Cursor CONSOLE_CURSOR_INFO <>
.code
start:
invoke SetConsoleTitle, addr mestitle
invoke SetConsoleCP, 1251
invoke GetStdHandle, STD_OUTPUT_HANDLE
mov hwnd, eax
mov Cursor.dwSize, 100
mov Cursor.bVisible, 0
invoke SetConsoleCursorInfo, hwnd,addr Cursor
invoke FillConsoleOutputAttribute,hwnd,\
BACKGROUND_BLUE OR BACKGROUND_INTENSITY, 24000, 0,0
invoke SetConsoleTextAttribute,hwnd,\
FOREGROUND_BLUE OR FOREGROUND_GREEN OR FOREGROUND_RED OR\
FOREGROUND_INTENSITY OR BACKGROUND_BLUE OR BACKGROUND_INTENSITY
BEGIN:
invoke ZwQuerySystemInformation,5, addr buffer,65536,addr bytes
lea ebx, buffer
invoke StdOut, addr Empty
jmp FIRST
NEXT:
invoke WideCharToMultiByte,0,0,[ebx+60],-1,addr buffer1,MAX_PATH,0,0
mov ecx, 30
lea edi, buffer1
mov al, 0
repne scasb
dec edi
add ecx, 3
mov al, '.'
rep stosb
mov byte ptr[edi], 0
invoke StdOut, addr buffer1
FIRST:
mov eax, dword ptr[ebx+104]
shr eax, 10
invoke wsprintf,ADDR buffer1,ADDR form,eax,dword ptr[ebx+68],dword ptr[ebx+64]
invoke StdOut, addr buffer1
cmp dword ptr[ebx],0
je LAST
add ebx, dword ptr[ebx]
jmp NEXT
LAST:
invoke Sleep, 1000
mov byte ptr[buffer1],0
invoke ClearScreen
jmp BEGIN
invoke ExitProcess,0
end start
bomz,
just read the last post I made, change the batch file THEN run it.
только что прочитал последнее сообщение я сделал, изменить пакетный файл, запустите его.
I do this already.
Google translate making terrible translation. Russian don't have fix word order, the order change sense
только что прочитал последнее сообщение я сделал, изменить пакетный файл, запустите его.
Просто прочитай мое последнее предложение, измени пакетный файл, запусти его
in english this do time
I give up, this is an ENGLISH language forum, if Google translate does not work I just cannot help you.
I change BAT file, run it, do new libruary, compile code, and have c0000005 error
You don't have the correct argument for the function. Look here,
http://www.osronline.com/ddkx/kmarch/k112_00fm.htm
POOL_TYPE
(http://smiles.kolobok.us/light_skin/unknw.gif)
Quote from: bomz on December 04, 2011, 12:27:58 PM
(http://smiles.kolobok.us/light_skin/unknw.gif)
what a useful answer bomz...
I don't know how do this POOL_TYPE
Quote from: bomz on December 04, 2011, 12:40:39 PM
I don't know how do this POOL_TYPE
he was referring to your problem with ExAllocatePool!
Also, are you trying to get process information using ZwQuerySystemInformation? There are enough examples - just search for them!
I see with pool_type in the very beginning. I don't know how use it in masm. all examples I find belong to windows 2000.
there is no problems with query process. only - first you get data size , allocate memory, and call function second time. but between this times a new apllication may be run and size changed. I can't find any serious method to decide this
one problem was - to count offset, because any struct was not in masm includes
Quote.686
.model flat, stdcall
option casemap :none
include \MASM32\INCLUDE\windows.inc
include \MASM32\INCLUDE\masm32.inc
include \MASM32\INCLUDE\gdi32.inc
include \MASM32\INCLUDE\user32.inc
include \MASM32\INCLUDE\kernel32.inc
includelib \MASM32\LIB\masm32.lib
includelib \MASM32\LIB\gdi32.lib
includelib \MASM32\LIB\user32.lib
includelib \MASM32\LIB\kernel32.lib
UNICODE_STRING STRUCT
Len WORD ?
MaximumLength WORD ?
Buffer PWSTR ?
UNICODE_STRING ends
CLIENT_ID STRUCT
UniqueProcess dd ?
UniqueThread dd ?
CLIENT_ID ENDS
SYSTEM_THREADS struct
KernelTime LARGE_INTEGER <>
UserTime LARGE_INTEGER <>
CreateTime LARGE_INTEGER <>
WaitTime dd ?
StartAddress dd ?
ClientId CLIENT_ID <>
Priority SDWORD ?
BasePriority SDWORD ?
ContextSwitchCount dd ?
State dd ?
WaitReason dd ?
SYSTEM_THREADS ends
VM_COUNTERS STRUCT
PeakVirtualSize DWORD ?
VirtualSize DWORD ?
PageFaultCount DWORD ?
PeakWorkingSetSize DWORD ?
WorkingSetSize DWORD ?
QuotaPeakPagedPoolUsage DWORD ?
QuotaPagedPoolUsage DWORD ?
QuotaPeakNonPagedPoolUsage DWORD ?
QuotaNonPagedPoolUsage DWORD ?
PagefileUsage DWORD ?
PeakPagefileUsage DWORD ?
VM_COUNTERS ENDS
SYSTEM_PROCESSES struct
NextEntryDelta dd ?
ThreadCount dd ?
Reserved1 dd 6 dup (?)
CreateTime LARGE_INTEGER <>
UserTime LARGE_INTEGER <>
KernelTime LARGE_INTEGER <>
ProcessName UNICODE_STRING <>
BasePriority SDWORD ?
ProcessId dd ?
InheritedFromProcessId dd ?
HandleCount dd ?
Reserved2 dd 2 dup (?)
VmCounters VM_COUNTERS <>
;IO_COUNTERS IoCounters; // Windows 2000 only
Threads SYSTEM_THREADS <>
SYSTEM_PROCESSES ends
.data
mestitle db "Bomz",0
form db "EAX: %u", 0
.data?
buffer db 512 dup(?)
new SYSTEM_PROCESSES <>
.code
start:
lea eax, new.NextEntryDelta
lea ebx, new.VmCounters.WorkingSetSize
lea ebx, new.UserTime
sub ebx, eax
invoke wsprintf,ADDR buffer,ADDR form,ebx
invoke MessageBox,0,ADDR buffer,ADDR mestitle,MB_ICONASTERISK
invoke ExitProcess,0
end start
bomz,
A lot of russian speakers over here.
http://www.winasm.net/forum/index.php
I know about this forum. If nobody don't know here how declare POOL_TYPE , there the more.
masm code no need translation
double the buffer size each time, the function fails (-> HeaoAlloc or GloabAlloc, there is no need to use ExAllocatePool) :
mov esi,10000
@1:
.if esi < MAX
mov edi,alloc(esi)
.if edi
.if rv(ZwQuerySystemInformation ,...) != STATUS_SUCCESS
lea esi,[esi*2]
free edi
jmp @1
.endif
.endif
.endif
The question is, why are you stepping in such advanced topics without any knowleg on C?
I don't need any C. In school I learn Basic - so asm is mine, C for pascal user.
I wan't use ExAllocatePool. ZwQuerySystemInformation - second thing
Quote from: bomz on December 04, 2011, 01:43:52 PM
I don't need any C.
Quote from: bomz on December 04, 2011, 01:30:25 PMIf nobody don't know here how declare POOL_TYPE
most people herknow how declare the POOL_TYPE-enumeration because they can at least read C-code!
typedef enum _POOL_TYPE {
NonPagedPool = 0,
PagedPool = 1,
NonPagedPoolMustSucceed = 2,
DontUseThisType = 3,
NonPagedPoolCacheAligned = 4,
PagedPoolCacheAligned = 5,
NonPagedPoolCacheAlignedMustS = 6
} POOL_TYPE;
enumerations look like structures to us non-C ASM coders :P
but - they are really more similar to EQUates
if you want a NonPagedPool, use 0
if you want a PagedPool, use 1
and so on
invoke ExAllocatePool, 1, 1024 - I do - error c0000005
I trying all variants. proto ExAllocatePool :DWORD, :DWORD
I use 1,2,3,4,5,6. addr buffer (1024 long), addr 'PagedPool', addr INT64=1. always error c0000005
I hope for 4 page somebody show working code
Quote from: bomz on December 04, 2011, 02:51:20 PM
I trying all variants. proto ExAllocatePool :DWORD, :DWORD
I use 1,2,3,4,5,6. addr buffer (1024 long), addr 'PagedPool', addr INT64=1. always error c0000005
I hope for 4 page somebody show working code
It won't work, because this function can only be called by kernel mode drivers.
ExAllocatePoolWithTag - to?
drizz posted some enumeration macros here:
http://www.masm32.com/board/index.php?topic=13269.msg103175#msg103175
And here is an example of the simpler one I use:
ENUM MACRO startval:REQ,lbls:VARARG
LOCAL val
val=startval
FOR lbl,<lbls>
lbl equ val
val=val+1
ENDM
ENDM
ENUM 0, NonPagedPool, PagedPool, NonPagedPoolMustSucceed, \
DontUseThisType, NonPagedPoolCacheAligned, \
PagedPoolCacheAligned, NonPagedPoolCacheAlignedMustS
MichaelW it works (http://smiles.kolobok.us/light_skin/thank_you2.gif)
but I think it simply use 0,1,2,3,4,5,6
If you want to allocate some pages, use the Virtual Memory Functions (http://msdn.microsoft.com/en-us/library/windows/desktop/aa366916(v=vs.85).aspx).
I want use ExAllocatePool
Quote from: bomz on December 04, 2011, 06:31:17 PM
I want use ExAllocatePool
-> write a kernel mode driver (http://website.masm32.com/kmdtute/index.html).
I do.
The reason of error was -when I making new library with
' inc2l ntoskrnl.inc exe' string in batch, in directory INCLUDE file
ntoskrnl.exe appear. which steel there because batch
'move *.lib \masm32\lib' move only .lib files.
if you put LIB INC and this ntoskrnl.exe near your asm file
Quoteinclude \MASM32\INCLUDE\user32.inc
include \MASM32\INCLUDE\kernel32.inc
includelib \MASM32\LIB\user32.lib
includelib \MASM32\LIB\kernel32.lib
include ntoskrnl.inc
includelib ntoskrnl.lib
it's compile good and ExAllocatePool return 0 -
QuoteExAllocatePool returns NULL if there is insufficient memory in the free pool to satisfy the request. Otherwise the routine returns a pointer to the allocated memory.
otherwise if you compile code in usual way (irrespective put ntoskrnl.exe to LIB or INCLUDE directory) c0000005 error occurs
(http://smiles.kolobok.us/artists/viannen/viannen_111.gif)(http://smiles.kolobok.us/artists/viannen/viannen_112.gif)
PS the other way put libruary to LIB inc to INCLUDE and this ntoskrn.exe near your ASM file
for compiling I use this batch file. drug file with your code on it. working directory is directory of your code
Quote@ECHO OFF
COLOR 9F
cd /d %~dp1
C:\masm32\bin\ml.exe /c /coff "%~1"
C:\masm32\bin\link.exe /subsystem:windows "%~n1.obj"
del "%~n1.obj"
pause
QuoteINC2L.EXE Version 4.0 Copyright Steve Hutchesson 1998-2005 for MASM32
MASM32 include file to IMPORT library creator.
SYNTAX : inc2l [drv:\pth\]filename.inc
Library is written in the current directory with the
INCLUDE name and .LIB extension.
SETTINGS : inc2l.exe will read an environment variable 'mdir'
and if it is set, it will use the path to find both
ML.EXE and LINK.EXE. If the 'mdir' variable is not
set, it will default to \MASM32.
EXAMPLE : set mdir=drv:\path
inc2l filename.inc
This is syntax for a batch file.
NOTE : You should NOT use a trailing '\'
for the environment variable
ADDITIONAL CAPACITY
If the library you need to create references a DLL
with a different extension than DLL you may enter a
second parameter which specifies the extension that
will be referenced.
EXAMPLE : inc2l yourinc.inc ocx
or
inc2l myinc.inc drv etc ....
Correct library and this ntoskrnl.exe(50kb)
Is it possible to make NTOSKRNL.LIB with some other program which, may be put all in one file .LIB. polink or some other?
Hi bomz,
You can try polib.exe or def2lib (http://vortex.masmcode.com/files/def2lib11.zip) to create import libraries.
what about detailed instruction (http://smiles.kolobok.us/light_skin/blush.gif)
Hi bomz,
You can check the link below :
http://www.masm32.com/board/index.php?topic=6390.0
Hi (http://smiles.kolobok.us/light_skin/bye.gif)
How convert INC to DEF and where get this - @16 etc
Quote╥хъёЄют√щ фюъєьхэЄ.obj : error LNK2001: unresolved external symbol _ExAllocatePool@8
╥хъёЄют√щ фюъєьхэЄ.obj : error LNK2001: unresolved external symbol _ExFreePool@4
QuoteFOR /F "DELIMS= " %%I IN (ntoskrnl.inc) DO ECHO ^"%%I^">>ntoskrnl.def
QuoteLIBRARY ntoskrnl.exe
EXPORTS
"CcCanIWrite"
"CcCopyRead"
"CcCopyWrite"
"CcDeferWrite"
"CcFastCopyRead"
.......................
Quotedef2lib ntoskrnl.def -nod
lib about 300 kb only