Log in

View Full Version : [req] r0 loader for MP cpu

stabber
November 16th, 2008, 04:06
Good day, I have some problems while loading drivers. As almost everyone will assume that it is BSOD... its not . I get just error msg boxes and nothing more. (tried with sys files from zines, tutorials etc.? drivers that should work)

Is there any generic loader that might help me? (os xp sp2)

thx
deroko
November 16th, 2008, 09:09
check here : http://deroko.phearless.org/msrs.rar you will find loader.asm and how to load driver, also it doesn't matter if it's mp or uni core system when it comes to driver loading
stabber
November 16th, 2008, 10:37
^ why im not supprised? I missed this one ( but http://deroko.phearless.org/ring0loader.zip looked better... it just exited with msgbox ... b-coz driver is crippled -- and now u are the one that isnt supprised :P )

What is good to avoid bsod and still be able to see wtf went down the river ( DebugView?) - just dont tell me to install sice/syser
deroko
November 16th, 2008, 12:05
well vmware/windbg is also good option for debugging, although I prefer sice as in my experience syser/softice work much faster then windbg/vmware combo...

you can load driver either by using service APIs like in ring0ldr, or by directly adding data to registry and calling NtLoadDriver, it's upto you to decide what you will use...
smoke
November 16th, 2008, 13:30
you could also try OSR driver loader. its preety generic. i always use that when writing drivers.
deroko
November 16th, 2008, 13:45
also there is instdrv.exe somewhere at rootkit.com, but I woudln't recommend it, as it installs driver with SERVICE_AUTO_START so if your driver is causing BSOD in DriverEntry, it can be very unplesent experience once you reboot system
stabber
November 16th, 2008, 15:38
My ppl ... i installed syser (sry deroko but jebi ga ) and he has also loader ( i hate that blue theme ). But ummm driver is broken so... it will take some time but

@smoke
thx I will try to make this up and try that loader.
@deroko
my man ... i ripped it from FU/to (just like they did mvahhahahah) . Same stuff... ur uber-fast r0 loader was right -- something is broken in sys.
aker
November 16th, 2008, 21:02
Quote:
[Originally Posted by deroko;77755]check here : http://deroko.phearless.org/msrs.rar you will find loader.asm and how to load driver, also it doesn't matter if it's mp or uni core system when it comes to driver loading


thanks 4 sharing, could u plz tell us a little bit about why mps's easy to be in trouble and how to avoid it
stabber
November 17th, 2008, 08:15
He is little busy (deroko whats the progress? )

http://www.osronline.com/article.cfm?article=157 ... u need account ( free )... its cool ... if someone got any tips with syser and malfunctioned drivers ... speak up pls.
deroko
November 17th, 2008, 08:29
Quote:
[Originally Posted by aker;77768]thanks 4 sharing, could u plz tell us a little bit about why mps's easy to be in trouble and how to avoid it


mps are not in trouble, there is no difference between uni/mp systems when it comes to driver loading. What you do in your driver might be mp safe/unsafe depending how you do it like idt hooking, gdt modifications, modifying unique msrs, running hardware virtualization, etc... as you probably want all these changes to reflect both or more cpus, not only one on which you are running.
aker
November 18th, 2008, 10:48
Quote:
[Originally Posted by deroko;77771]mps are not in trouble, there is no difference between uni/mp systems when it comes to driver loading. What you do in your driver might be mp safe/unsafe depending how you do it like idt hooking, gdt modifications, modifying unique msrs, running hardware virtualization, etc... as you probably want all these changes to reflect both or more cpus, not only one on which you are running.


usually, i use kmdmgr to load ,start and stop driver.
learns a lot from ur answer, thanks.
PS. ur site contains lots of info, help me a lot
stabber
November 18th, 2008, 12:35
u should see the old one





wut ?