此FB代码需要FB1.09版本才能正常编译!!!!
This FB code requires FB1 09 version can be compiled normally!!!!
示例包含:
PsSetCreateProcessNotifyRoutineEx 回调示例
RING3+RING0事件通讯示例
Examples include:
Pssetcreateprocessnotifyroutineex callback example
RING3 + ring0 event communication example
怀疑FB不支持volatile、POINTER_ALIGNMENT,导致_IO_STACK_LOCATION类型在FB里无法正确获取到信息,所以获取IoContrlCode由MinGw编译静态库来实现
It is suspected that FB does not support volatile and pointer_ Alignment, resulting in_ IO_ STACK_ The location type cannot get the information correctly in FB, so obtaining the iocontrlcode is implemented by MinGW compiling the static library
https://github.com/MOODSKY2002/FBDriver
FB Driver Demo
-
- Posts: 10
- Joined: May 06, 2022 12:43
Re: FB Driver Demo
Please, English everywhere (as much as possible).
-
- Posts: 10
- Joined: May 06, 2022 12:43
Re: FB Driver Demo
Excuse me.
I had not immediately understood that the different paragraphs alternate between the Chinese and its English translation!
I had not immediately understood that the different paragraphs alternate between the Chinese and its English translation!
-
- Posts: 10
- Joined: May 06, 2022 12:43
Re: FB Driver Demo
I see. Because I'm from China, all my notes are in Chinese. For the convenience of foreign friends, I translated my Chinese notes into English with machine translation. It's just that machine translation may not be very accurate.
If you have any questions, you can post the code. I can help you answer them. Let's study the FB development driver together
Re: FB Driver Demo
Is it necessary to overwrite several files in "fb" "incwin" to compile ".sys"?
I have tried overwriting and it compile (backed up first).
But, where is "inf" to install driver?
I have tried overwriting and it compile (backed up first).
But, where is "inf" to install driver?
-
- Posts: 10
- Joined: May 06, 2022 12:43
Re: FB Driver Demo
Installing the driver is relatively simple. I didn't write. You can use DriverMonitor.exe to install and start the driver. Dbgview.exe to display driver debug information
All BI overwrite FB can normally compile the driver, BAT file I also have a good class, compare to modify EXE, LIB and other directory path can be