Subversion Repositories Kolibri OS

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
2292 leency 1 
; kiw0.sys - KlbrInWin ring-0 component
2 
; (c) diamond, 2006, 2007, 2008
3 
; Cb-n#%li.-# @l$i Lkbnbe
4 
DRIVER_VERSION = 1
5 
	format PE native
6 
section '.text' code data readable writable executable
7 
;section '.text' code readable executable
8 
	entry start
9 
start:
10 
	push	eax
11 
	push	esp
12 
	push	0
13 
	push	0
14 
	push	22h	; FILE_DEVICE_UNKNOWN
15 
	push	devname
16 
	push	0
17 
	push	dword [esp+20h]
18 
	call	[IoCreateDevice]
19 
	pop	ecx
20 
	test	eax, eax
21 
	js	.ret
22 
	push	ecx
23 
	push	devname
24 
	push	symlinkname
25 
	call	[IoCreateSymbolicLink]
26 
	pop	ecx
27 
	test	eax, eax
28 
	jns	@f
29 
	push	eax
30 
	push	ecx
31 
	call	[IoDeleteDevice]
32 
	pop	eax
33 
	jmp	.ret
34 
@@:
35 
	mov	eax, [esp+4]
36 
	mov	dword [eax+38h], DispatchCreateClose
37 
	mov	dword [eax+40h], DispatchCreateClose
38 
	mov	dword [eax+70h], DispatchControl
39 
	mov	dword [eax+34h], DriverUnload
40 
	push	'kiw0'
41 
	push	2000h
42 
	push	0
43 
	call	[ExAllocatePoolWithTag]
44 
	mov	[oldiomap], eax
45 
	push	eax
46 
	push	1
47 
	call	[Ke386QueryIoAccessMap]
48 
	xor	eax, eax
49 
.ret:
50 
	ret	8
51 
 
52 
DriverUnload:
53 
	push	symlinkname
54 
	call	[IoDeleteSymbolicLink]
55 
	mov	eax, [esp+4]
56 
	push	dword [eax+4]
57 
	call	[IoDeleteDevice]
58 
	push	[oldiomap]
59 
	push	1
60 
	call	[Ke386SetIoAccessMap]
61 
	push	[oldiomap]
62 
	call	[ExFreePool]
63 
	ret	4
64 
 
65 
DispatchCreateClose:
66 
	mov	ecx, [esp+8]
67 
	xor	edx, edx
68 
	mov	[ecx+18h], edx
69 
	mov	[ecx+1Ch], edx
70 
	call	[IofCompleteRequest]
71 
	xor	eax, eax
72 
	ret	8
73 
 
74 
DispatchControl:
75 
	mov	ecx, [esp+8]
76 
	mov	eax, [ecx+60h]
77 
	cmp     dword [eax+0Ch], 0x222000
78 
	jz      .readmsr
79 
	cmp	dword [eax+0Ch], 0x222004
80 
	jz	.readpci
81 
	cmp	dword [eax+0Ch], 0x222008
82 
	jz	.getversion
83 
	cmp	dword [eax+0Ch], 0x22203C
84 
	jnz	.invreq
85 
	cmp	dword [eax+8], 2000h
86 
	jnz	.invreq
87 
	push	ecx
88 
	push	dword [ecx+0Ch]
89 
	push	1
90 
	call	[Ke386SetIoAccessMap]
91 
	push	1
92 
	call	[IoGetCurrentProcess]
93 
	push	eax
94 
	call	[Ke386IoSetAccessProcess]
95 
	str     ax
96 
	sub     esp, 6
97 
	sgdt    [esp]
98 
	pop     cx
99 
	pop     ecx
100 
	movzx   eax, ax
101 
	mov     dh, [eax+ecx+7]
102 
	mov     dl, [eax+ecx+4]
103 
	shl     edx, 16
104 
	mov     dx, [eax+ecx+2]
105 
	mov     word [edx+66h], 88h
106 
	pop	ecx
107 
	xor	eax, eax
108 
	mov	[ecx+1Ch], eax
109 
	jmp	.ret
110 
.getversion:
111 
	cmp	dword [eax+4], 4
112 
	jnz	.invreq
113 
	mov	eax, [ecx+0Ch]
114 
	mov	dword [eax], DRIVER_VERSION
115 
	mov	dword [ecx+1Ch], 4
116 
	jmp	.ret0
117 
.readmsr:
118 
        cmp     dword [eax+8], 4
119 
        jnz     .invreq
120 
        cmp     dword [eax+4], 9
121 
        jnz     .invreq
122 
        push	ecx
123 
        mov     ecx, [ecx+0Ch]
124 
        mov     byte [ecx+8], 0         ; assume OK
125 
; rdmsr may throw exception
126 
        push    .exception_handler
127 
        push    dword [fs:0]
128 
        mov     [fs:0], esp
129 
        push    ecx
130 
        mov     ecx, [ecx]
131 
        rdmsr
132 
        pop     ecx
133 
        mov     [ecx], eax
134 
        mov     [ecx+4], edx
135 
.msr_common:
136 
        pop     dword [fs:0]
137 
        pop     ecx
138 
        pop	ecx
139 
        mov	dword [ecx+1Ch], 9
140 
.ret0:
141 
        xor	eax, eax
142 
        jmp     .ret
143 
.invreq2:
144 
	pop	ecx
145 
.invreq:
146 
	mov	eax, 0xC0000010		; STATUS_INVALID_DEVICE_REQUEST
147 
.ret:
148 
	push	eax
149 
	mov	[ecx+18h], eax
150 
	xor	edx, edx
151 
	call	[IofCompleteRequest]
152 
	pop	eax
153 
	ret	8
154 
.exception_handler:
155 
        mov     eax, [esp+12]
156 
        mov     dword [eax+0xB8], .no_msr
157 
        xor     eax, eax
158 
        ret
159 
.no_msr:
160 
        pop     ecx
161 
        mov     byte [ecx+8], 1
162 
        jmp     .msr_common
163 
.readpci:
164 
	cmp	dword [eax+8], 4
165 
	jnz	.invreq
166 
	cmp	dword [eax+4], 4
167 
	jnz	.invreq
168 
	push	ecx
169 
	mov	ecx, [ecx+0Ch]
170 
	movzx	eax, byte [ecx]
171 
	cmp	al, 2
172 
	ja	.invreq2
173 
	jb	@f
174 
	inc	eax
175 
@@:
176 
	test	byte [ecx+2], al
177 
	jnz	.readpci.unaligned
178 
	inc	eax
179 
	push	eax
180 
	push	eax			; Length
181 
	movzx	eax, byte [ecx+2]
182 
	push	eax			; Offset
183 
	push	ecx			; Buffer
184 
	movzx	eax, byte [ecx+3]
185 
	ror	al, 3
186 
	push	eax			; SlotNumber
187 
	movzx	eax, byte [ecx+1]
188 
	push	eax			; BusNumber
189 
	push	4	; PCIConfiguration
190 
	or	dword [ecx], -1
191 
	call	[HalGetBusDataByOffset]
192 
	pop	edx
193 
	pop	ecx
194 
	mov	dword [ecx+1Ch], edx
195 
	jmp	.ret0
196 
.readpci.unaligned:
197 
	or	dword [ecx], -1
198 
	pop	ecx
199 
	mov	dword [ecx+1Ch], 4
200 
	jmp	.ret0
201 
 
202 
include 'd:\program files\fasm\fasmw16723\include\win32a.inc'
203 
data import
204 
	library ntoskrnl,'ntoskrnl.exe',hal,'hal.dll'
205 
	import ntoskrnl, \
206 
IoCreateDevice, 'IoCreateDevice', \
207 
IoCreateSymbolicLink, 'IoCreateSymbolicLink', \
208 
IoDeleteDevice, 'IoDeleteDevice', \
209 
IoDeleteSymbolicLink, 'IoDeleteSymbolicLink', \
210 
IoGetCurrentProcess, 'IoGetCurrentProcess', \
211 
Ke386QueryIoAccessMap, 'Ke386QueryIoAccessMap', \
212 
Ke386SetIoAccessMap, 'Ke386SetIoAccessMap', \
213 
Ke386IoSetAccessProcess, 'Ke386IoSetAccessProcess', \
214 
IofCompleteRequest, 'IofCompleteRequest', \
215 
ExAllocatePoolWithTag, 'ExAllocatePoolWithTag', \
216 
ExFreePool, 'ExFreePool'
217 
	import hal, HalGetBusDataByOffset, 'HalGetBusDataByOffset'
218 
end data
219 
 
220 
str1	db	'control code 0x%X',13,10,0
221 
str2	db	'kiw0 loaded',13,10,0
222 
 
223 
devname:
224 
	dw	12*2
225 
	dw	13*2
226 
	dd	@f
227 
@@	du	'\Device\kiw0',0
228 
symlinkname:
229 
	dw	16*2
230 
	dw	17*2
231 
	dd	@f
232 
@@	du	'\DosDevices\kiw0',0
233 
 
234 
data fixups
235 
end data
236 
 
237 
;section '.data' data readable writable
238 
oldiomap	dd	?