little tool for cracking VxDs (or: how to write a driver without...)

From: Jochen Eisinger (jochen.eisinger@gno.de)
Date: Fri Sep 01 2000 - 11:31:33 PDT

Next message: Arnaud Calvo: "Re: Plustek (was: Re: test)"

Previous message: D Milburn: "Re: Plustek (was: Re: test)"
Next in thread: Jochen Eisinger: "Re: little tool for cracking VxDs (or: how to write a driver without...)"
Reply: Jochen Eisinger: "Re: little tool for cracking VxDs (or: how to write a driver without...)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

Since most of my work consists of reversing stupid TWAIN drivers, I've
written a little (hopefully) handy tool:

it's called vxd (because it works on VXDs :) Since TWAIN drivers (for
the parallel port) need to access the parallel port, they all come with
a ring-0 DLL, a so called VxD, that handles the port IO.

In my case, this VxD implements similiar commands to sanei_pa4s2. If I
can log the calls to these functions I basically know how to operate the
scanner. To do this, I just need to disassemble the VxD, add some lines
of code and assemble it again. Unfurtonally, a) I don't have neither
masm nor the win98-ddk (both needed to compile a windows driver) b) the
output of normal disassemblers just won't assemble :-(

So I wrote a tool (vxd) to disassemble a VxD in form, I can assemble it
again using NASM (avoiding the whole damn microsoft stuff :)

This tool won't work for any VxD:

- it must be pure 32bit PM code
- only one segment (LCODE/LDATA)
- no VxD service table
- no stupid tricky code

but it works for the vxd I want to crack...

however I don't know, whether this tool works because of two things:

a) you still need the link.exe from microsoft to produce the VxD
b) I don't have windows (which is needed to run link.exe & test the
resulting VxD)

furthermore, I'm still looking for these "some lines of code" that log
the function calls (after all, I'm not really experienced in writing
windows code...) when I've figured out some good code, I'll let you
know...

======

this tool is based on

the GNU 80386 instruction printer found in opcode/i386-dis.c (used by
objdump, gdb ...) (see http://www.gnu.org)
and some of my own code... (see nowhere)

the include files for writing VxDs with NASM are from
fOSSil & The Owl (see http://icedump.tsx.org/)

information about the file format of VxDs was found at
http://www.wotsit.org/

information about windows assembling can be found at
http://win32asm.cjb.net/

information about reversing software is available at
http://tsehp.cjb.net/

and my tool is available at

http://home.germany.net/freestyle/sane/devel.html

-- jochen

--
Source code, list archive, and docs: http://www.mostang.com/sane/
To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com

Next message: Arnaud Calvo: "Re: Plustek (was: Re: test)"
Previous message: D Milburn: "Re: Plustek (was: Re: test)"
Next in thread: Jochen Eisinger: "Re: little tool for cracking VxDs (or: how to write a driver without...)"
Reply: Jochen Eisinger: "Re: little tool for cracking VxDs (or: how to write a driver without...)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Sep 01 2000 - 11:48:12 PDT