Скачал примеры 64 разрядных драйверов на FASM'e Первый драйвер пикающий динамиком через порты отлично работает. Запустил второй - пропиликало и синий экран. Ну я немного поправил его т.к там STATUS_SUCCESS возвращался, чтобы он запускался несколько раз но это на BSOD ни как не влияет (всмысле он и так был). Не понимаю вообще откуда он берется весь драйвер уже выполнился и BSOD с моим кодом выхода. Вот код драйвера: Код (Text): ; the most simple win64 "driver" with IMPORT section for call API ; when started (use start_drv.exe) it produce a beep ; it can't be stopped because it hasn't implemented procedure for stop ; so if you want to use it again, you must reboot win64 format PE64 native 5.02 at 10000h entry start align 512 section '.text' code readable executable notpageable start: ; rcx=pDriverObject rdx=pDriverPath mov ecx, 620h call qword [HalMakeBeep] mov rcx, 20000000h wait_rcx: loop wait_rcx xor ecx,ecx call qword [HalMakeBeep] mov eax, 0C0000182h ;STATUS_DEVICE_CONFIGURATION_ERROR ;xor eax,eax ; success exit code ret section '.rdata' readable notpageable data 12 ImportLookup: HalMakeBeep dq rva szHalmakebeep dq 0 end data section 'INIT' data import readable notpageable dd rva ImportAddress,0,0,rva szHal_dll,rva ImportLookup dd 0,0,0,0,0 ImportAddress dq rva szHalmakebeep dq 0 szHalmakebeep dw 0 db 'HalMakeBeep',0 szHal_dll db 'HAL.dll',0 случайно отправил....
Дамп: Код (Text): KMODE_EXCEPTION_NOT_HANDLED (1e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffffa8001a9f063, The address that the exception occurred at Arg3: 0000000000000001, Parameter 0 of the exception Arg4: 00000000c0000182, Parameter 1 of the exception Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text> FAULTING_IP: +0 fffffa80`01a9f063 0100 add dword ptr [rax],eax EXCEPTION_PARAMETER1: 0000000000000001 EXCEPTION_PARAMETER2: 00000000c0000182 WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cf10e0 00000000c0000182 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x1E PROCESS_NAME: System CURRENT_IRQL: 0 EXCEPTION_RECORD: fffff880031e9758 -- (.exr 0xfffff880031e9758) ExceptionAddress: fffffa8001a9f063 ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 00000000c0000182 Attempt to write to address 00000000c0000182 TRAP_FRAME: fffff880031e9800 -- (.trap 0xfffff880031e9800) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000000c0000182 rbx=0000000000000000 rcx=fffff80002a2e3e8 rdx=0000000000000061 rsi=0000000000000000 rdi=0000000000000000 rip=fffffa8001a9f063 rsp=fffff880031e9998 rbp=0000000000000000 r8=fffff88003100100 r9=fffffa8001904000 r10=fffffa80021c28e0 r11=00000000021c28e0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc fffffa80`01a9f063 0100 add dword ptr [rax],eax ds:6939:00000000`c0000182=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002af4e79 to fffff80002ab6900 STACK_TEXT: fffff880`031e8f88 fffff800`02af4e79 : 00000000`0000001e ffffffff`c0000005 fffffa80`01a9f063 00000000`00000001 : nt!KeBugCheckEx fffff880`031e8f90 fffff800`02ab5f42 : fffff880`031e9758 fffffa80`01a9f060 fffff880`031e9800 fffffa80`01b45000 : nt!KiDispatchException+0x1b9 fffff880`031e9620 fffff800`02ab4aba : 00000000`00000001 00000000`c0000182 fffffa80`01b45000 fffffa80`01a9f060 : nt!KiExceptionDispatch+0xc2 fffff880`031e9800 fffffa80`01a9f063 : 00000000`c0000182 fffffa80`01b45000 fffffa80`01a9f060 00000000`00000000 : nt!KiPageFault+0x23a fffff880`031e9998 00000000`c0000182 : fffffa80`01b45000 fffffa80`01a9f060 00000000`00000000 00000000`000007ff : 0xfffffa80`01a9f063 fffff880`031e99a0 fffffa80`01b45000 : fffffa80`01a9f060 00000000`00000000 00000000`000007ff fffff880`031e9af8 : 0xc0000182 fffff880`031e99a8 fffffa80`01a9f060 : 00000000`00000000 00000000`000007ff fffff880`031e9af8 00000000`00000000 : 0xfffffa80`01b45000 fffff880`031e99b0 00000000`00000000 : 00000000`000007ff fffff880`031e9af8 00000000`00000000 00000000`00000000 : 0xfffffa80`01a9f060 STACK_COMMAND: kb FOLLOWUP_IP: nt!KiDispatchException+1b9 fffff800`02af4e79 cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!KiDispatchException+1b9 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cff0 FAILURE_BUCKET_ID: X64_0x1E_nt!KiDispatchException+1b9 BUCKET_ID: X64_0x1E_nt!KiDispatchException+1b9 Followup: MachineOwner ---------
Treant В msdn об этом написано чуть подробнее Место для хранения 4 регисров должно быть выделено. На рисунках все наглядно видно. http://msdn.microsoft.com/en-us/library/ew5tede7(v=VS.80).aspx
