Установлен win98ddk и masm При компиляции драйвера антивирусного монитора av.asm в vxd ml.exe /coff /DBLD_COFF /Zi /Fl /Sn /DMASM6 /DIS_32 /c /Cx C:\1\av.asm не чего не получается может другие параметры нужны или проблема в исходнике? MASM Выдает ошибки,что делать Причем проблема видно не в ifs.inc ? Assembling: C:\1\av.asm C:\98DDK\inc\win98\ifs.inc(271) : error A2008: syntax error : $I C:\98DDK\inc\win98\ifs.inc(273) : error A2008: syntax error : uid_t C:\98DDK\inc\win98\ifs.inc(274) : error A2008: syntax error : sfn_t C:\98DDK\inc\win98\ifs.inc(275) : error A2008: syntax error : pid_t C:\98DDK\inc\win98\ifs.inc(276) : error A2008: syntax error : path_t C:\98DDK\inc\win98\ifs.inc(278) : error A2008: syntax error : ubuffer_ C:\98DDK\inc\win98\ifs.inc(281) : error A2008: syntax error : rh_t C:\98DDK\inc\win98\ifs.inc(282) : error A2008: syntax error : fh_t C:\98DDK\inc\win98\ifs.inc(283) : error A2008: syntax error : pos_t C:\98DDK\inc\win98\ifs.inc(286) : error A2008: syntax error : $P C:\98DDK\inc\win98\ifs.inc(287) : error A2006: undefined symbol : fsdw C:\98DDK\inc\win98\ifs.inc(373) : error A2008: syntax error : $P C:\98DDK\inc\win98\ifs.inc(374) : error A2008: syntax error : $P C:\98DDK\inc\win98\ifs.inc(375) : error A2008: syntax error : $P C:\98DDK\inc\win98\ifs.inc(383) : error A2008: syntax error : $P C:\98DDK\inc\win98\ifs.inc(408) : error A2008: syntax error : $P C:\98DDK\inc\win98\ifs.inc(997) : error A2008: syntax error : $P C:\98DDK\inc\win98\ifs.inc(1261) : error A2008: syntax error : $P C:\98DDK\inc\win98\ifs.inc(1262) : error A2008: syntax error : $P текст драйвера. .586p include C:\98DDK\inc\win98\vmm.inc include C:\98DDK\inc\win98\ifs.inc include C:\98DDK\inc\win98\ifsmgr.inc include C:\98DDK\inc\win98\vwin32.inc include C:\98DDK\inc\win98\shell.inc ;-- Declare device DECLARE_VIRTUAL_DEVICE AV, 4, 0, AV_Control,\ UNDEFINED_DEVICE_ID, UNDEFINED_INIT_ORDER ;-- Locked data VxD_LOCKED_DATA_SEG pOldFSHook dd 0 ;ptr to Old IFS hook Buf1 dd 0 ;ptr to Memory buffer FileNameBuf dd 0 FileBuf dd 0 ;ptr to File buffer MyReq dd 0 ;Flag = 1 if my request, 0 otherwise HelloTxt db 'Antiviral monitor started...', 0 VirusTxt db '!Virus!', 0 VirusFoundTxt db 'Warning! Virus found in this file:', 0 VxD_LOCKED_DATA_ENDS ;-- Locked code VxD_LOCKED_CODE_SEG Begin_control_dispatch AV Control_Dispatch W32_DeviceIoControl, OnDeviceIoControl Control_Dispatch SYS_DYNAMIC_DEVICE_INIT, OnSysInit Control_Dispatch SYS_DYNAMIC_DEVICE_EXIT, OnSysExit End_control_dispatch AV ;-- OnSysInit BeginProc FileSysApiHook push ebp mov ebp,esp @@pISF equ ebp + 08h @@FuncNum equ ebp + 0Ch @@Drive equ ebp + 10h @@ResFlag equ ebp + 14h @@CodePage equ ebp + 18h @@PioReq equ ebp + 1Ch cmp [MyReq], 0 jnz @@def cmp dword ptr [@@FuncNum], IFSFN_OPEN jz @@OpFile @@def: mov eax, [pOldFSHook] pop ebp jmp dword ptr [eax] @@OpFile: pushad mov edi, [FileNameBuf] mov al, [@@Drive] cmp al,0FFh jz @@NoDrive add al, 40h mov ah, ':' mov [edi], ax inc edi inc edi @@NoDrive: mov eax, [@@PioReq] mov eax, [eax + 0Ch] add eax, 4 VxDCall UniToBCSPath, <edi, eax, 100, 0> mov byte ptr [edi + eax], 0 cmp dword ptr [edi + eax - 4],"TXT." jnz @@1 ;Here, read file and check it for a "virus" mov eax, [@@PioReq] cmp word ptr [eax + 018h], ACTION_OPENEXISTING ;check is made only when we're opening existing file jnz @@1 inc [MyReq] ;open this file and check it mov eax, R0_OPENCREATFILE xor ecx, ecx mov edx, 1 mov ebx, 2 mov esi, [FileNameBuf] VxDCall IFSMgr_Ring0_FileIO jc @@E1 ;error mov ebx, eax ;ebx = handle ;Read file into buffer mov eax, R0_READFILE mov ecx, 8000h xor edx, edx mov esi, [FileBuf] mov dword ptr [esi], 0 VxDCall IFSMgr_Ring0_FileIO ;Check for a virus... ;Here you can insert anything you want checking ;data into [FileBuf] for a virus... mov edi, OFFSET32 VirusTxt xor ecx, ecx @@t1: mov al, [edi + ecx] test al, al jz @@VirusFound cmp al, [esi + ecx] jnz @@E2; Not a virus inc ecx jmp @@t1 @@VirusFound: ;Close file mov eax, R0_CLOSEFILE VxDCall IFSMgr_Ring0_FileIO ;Optional - show message for a user dec [MyReq] VMMCall Get_Sys_VM_Handle xor eax, eax mov ecx, [FileNameBuf] mov edi, OFFSET32 VirusFoundTxt VxDCall SHELL_SYSMODAL_Message ;Deny access mov eax, [@@PioReq] mov word ptr [eax + 01Ah], 5h popad mov eax, 1 pop ebp ret @@E2: ;Close file mov eax, R0_CLOSEFILE VxDCall IFSMgr_Ring0_FileIO @@E1: dec [MyReq] @@1: popad jmp @@def EndProc FileSysApiHook BeginProc OnSysInit ;This is called when WMM loads my VxD VMMCall _HeapAllocate, <65536, HEAPZEROINIT> mov [Buf1], eax mov [FileNameBuf], eax add eax, 200h mov [FileBuf], eax VxDCall IFSMgr_InstallFileSystemApiHook, <OFFSET32 FileSysApiHook> mov [pOldFSHook], eax VMMCall Get_Sys_VM_Handle xor eax, eax mov ecx, OFFSET32 HelloTxt xor edi, edi xor esi, esi VxDCall SHELL_Message xor eax,eax ret EndProc OnSysInit ;-- OnSysExit BeginProc OnSysExit ;This is called before WMM unloads my VxD VxDCall IFSMgr_RemoveFileSystemApiHook, <OFFSET32 FileSysApiHook> VMMCall _HeapFree, <[Buf1], 0> xor eax,eax ret EndProc OnSysExit ;-- OnDeviceIoControl BeginProc OnDeviceIoControl cmp [esi + DIOCParams.dwIoControlCode],DIOC_Open jne short @@m1 xor eax,eax ret @@m1: mov eax,1 stc ret EndProc OnDeviceIoControl VxD_LOCKED_CODE_ENDS End
grif Обрати внимание на C:\98DDK\INC\WIN98\IFS.INC(69-106) Код (Text): ... ifdef MASM ;* Equ's for types that h2inc script ca ubuffer_t equ <dd> pos_t equ <dd> uid_t equ <db> sfn_t equ <dw> $F equ <dd> if DOS_VXD eq 0 path_t equ <dd> string_t equ <dw> pid_t equ <dw> rh_t equ <dw> fh_t equ <dw> vfunc_t equ <dw> $P equ <dw> $I equ <dw> fsdwork struc dw 16 dup (?) fsdwork ends else ; 32bit path_t equ <dd> string_t equ <dd> pid_t equ <dd> rh_t equ <dd> fh_t equ <dd> vfunc_t equ <dd> $P equ <dd> $I equ <dd> fsdwork struc dd 16 dup (?) fsdwork ends endif ; @WordSize endif ... т.е. тебе необходимо определить имя "MASM", например Код (Text): .586p [b]MASM equ 1[/b] include C:\98DDK\inc\win98\vmm.inc include C:\98DDK\inc\win98\ifs.inc ... или указав в командной строке ml.exe /coff /DMASM ...
