December 06, 2022, 11:18:45 AM

News:

Own IWBasic 2.x ? -----> Get your free upgrade to 3.x now.........


Writing native programs

Started by sapero, May 04, 2007, 07:29:20 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

sapero

May 04, 2007, 07:29:20 AM Last Edit: May 05, 2007, 06:14:49 AM by sapero
Foreword: http://www.microsoft.com/technet/sysinternals/information/NativeApplications.mspx
With Aurora it is possible to create such native programs that can be run while booting the NT operating system.
Here is an example:
native.srcstruct UNICODE_STRING {
  unsigned word Length;
  unsigned word MaximumLength;
  wstring *Buffer;
}
declare import, RtlInitUnicodeString(UNICODE_STRING* pString, wstring *wstr),int;
declare import, NtDisplayString(UNICODE_STRING* pString),int;
declare import, NtTerminateProcess(int ProcessHandle,int ExitStatus),int;
declare import, NtCreateEvent(int* pHandle,int Access,OBJECT_ATTRIBUTES* Attributes,int Type,int InitialState),int;
declare import, NtWaitForSingleObject(int Handle,int Alertable,int64* Timeout),int;
declare import, NtClose(int Handle),int;
#define EVENT_ALL_ACCESS 0x001F0003


global sub NtProcessStartup(void *param)
{
_print(L"hello world!\n\nSleeping 2 seconds...\n");
_sleep(-20000000); // 2000 * -10000q
_print(L"Here comes windows...");
NtTerminateProcess(-1, 0); // required
}



sub _sleep(int64 ms)
{
int hE;
NtCreateEvent(&hE, EVENT_ALL_ACCESS, NULL, 0, 0);
NtWaitForSingleObject(hE, 0, &ms);
NtClose(hE);
}


sub _print(wstring *lpwsz)
{
UNICODE_STRING umsg;
RtlInitUnicodeString (&umsg, lpwsz);
NtDisplayString(&umsg);
}


Create a script to compile this (replace D:\Aurora with your Aurora path)
makefile.bat@echo off
set AURORA_PATH=D:\Aurora

%AURORA_PATH%\bin\acparse native.src native.asm
if ERRORLEVEL == 1 goto end

%AURORA_PATH%\bin\nasmw -f win32 native.asm
if ERRORLEVEL == 1 goto end

%AURORA_PATH%\bin\aclink -L %AURORA_PATH%\libs native.obj -oPE -entry NtProcessStartup -base 0x1000000 -stack 0x40000 0x1000 -heap 0x100000 0x1000 -filealign 0x200 -subsys native -osver 5.01 -reloc ntdll.lib

:end

pause
del $$$ac.a
del native.asm
del native.obj


Remember to create import library from ntdll.dll. Run the script - you'll see native.exe.
Now, to see how it works, you can add this exe to special boot registry key:
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Control\Session Manager
value: BootExecute
type: REG_MULTI_SZ
You'll find here some strings separated by new line. Just append the full path to the end, and hit Enter, then click ok.
Is should look like this:
autocheck autochk *
OODBS
d:\Aurora\temp\native\native.exe

Reboot now and observe what happends after the XP boot progressbar hides :) If you get any troubles, start the system in safe mode (F8) and remove the exe path.
Optionally look in ControlSet*** where *** is 001, 002, 003 and so on, and remove the path from all these keys. If the system boots without problems x-times, the ControlSet key is copied to ControlSet001, the ControlSet001 to ControlSet002... so you can choose to restore the provious working configuration in boot menu.
// updated makefile

pistol350

Hi Sap!
This example seems to be a great one as usual.
But how can i get it compiled ? ;D
Regards,

Peter B.