sane-project-website/old-archive/2000-09/0008.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
                      "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML>
<HEAD>
<TITLE>sane-devel: little tool for cracking VxDs (or: how to write a d</TITLE>
<META NAME="Author" CONTENT="Jochen Eisinger (jochen.eisinger@gno.de)">
<META NAME="Subject" CONTENT="little tool for cracking VxDs (or: how to write a driver without...)">
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>little tool for cracking VxDs (or: how to write a driver without...)</H1>
<!-- received="Fri Sep  1 11:47:05 2000" -->
<!-- isoreceived="20000901184705" -->
<!-- sent="Fri, 01 Sep 2000 20:31:33 +0200" -->
<!-- isosent="20000901183133" -->
<!-- name="Jochen Eisinger" -->
<!-- email="jochen.eisinger@gno.de" -->
<!-- subject="little tool for cracking VxDs (or: how to write a driver without...)" -->
<!-- id="39AFF605.CB1B428C@gno.de" -->
<STRONG>From:</STRONG> Jochen Eisinger (<A HREF="mailto:jochen.eisinger@gno.de?Subject=Re:%20little%20tool%20for%20cracking%20VxDs%20(or:%20how%20to%20write%20a%20driver%20without...)&In-Reply-To=&lt;39AFF605.CB1B428C@gno.de&gt;"><EM>jochen.eisinger@gno.de</EM></A>)<BR>
<STRONG>Date:</STRONG> Fri Sep 01 2000 - 11:31:33 PDT
<P>
<!-- next="start" -->
<LI><STRONG>Next message:</STRONG> <A HREF="0009.html">Arnaud Calvo: "Re: Plustek (was: Re: test)"</A>
<UL>
<LI><STRONG>Previous message:</STRONG> <A HREF="0007.html">D Milburn: "Re: Plustek (was: Re: test)"</A>
<!-- nextthread="start" -->
<LI><STRONG>Next in thread:</STRONG> <A HREF="0022.html">Jochen Eisinger: "Re: little tool for cracking VxDs (or: how to write a driver without...)"</A>
<LI><STRONG>Reply:</STRONG> <A HREF="0022.html">Jochen Eisinger: "Re: little tool for cracking VxDs (or: how to write a driver without...)"</A>
<!-- reply="end" -->
<LI><STRONG>Messages sorted by:</STRONG> 
<A HREF="date.html#8">[ date ]</A>
<A HREF="index.html#8">[ thread ]</A>
<A HREF="subject.html#8">[ subject ]</A>
<A HREF="author.html#8">[ author ]</A>
</UL>
<HR NOSHADE><P>
<!-- body="start" -->
<P>
Hi!
<BR>
<P>Since most of my work consists of reversing stupid TWAIN drivers, I've
<BR>
written a little (hopefully) handy tool:
<BR>
<P>it's called vxd (because it works on VXDs :) Since TWAIN drivers (for
<BR>
the parallel port) need to access the parallel port, they all come with
<BR>
a ring-0 DLL, a so called VxD, that handles the port IO.
<BR>
<P>In my case, this VxD implements similiar commands to sanei_pa4s2. If I
<BR>
can log the calls to these functions I basically know how to operate the
<BR>
scanner. To do this, I just need to disassemble the VxD, add some lines
<BR>
of code and assemble it again. Unfurtonally, a) I don't have neither
<BR>
masm nor the win98-ddk (both needed to compile a windows driver) b) the
<BR>
output of normal disassemblers just won't assemble :-(
<BR>
<P>So I wrote a tool (vxd) to disassemble a VxD in form, I can assemble it
<BR>
again using NASM (avoiding the whole damn microsoft stuff :)
<BR>
<P>This tool won't work for any VxD:
<BR>
<P>- it must be pure 32bit PM code
<BR>
- only one segment (LCODE/LDATA)
<BR>
- no VxD service table
<BR>
- no stupid tricky code
<BR>
<P>but it works for the vxd I want to crack...
<BR>
<P>however I don't know, whether this tool works because of two things:
<BR>
<P>a) you still need the link.exe from microsoft to produce the VxD
<BR>
b) I don't have windows (which is needed to run link.exe &amp; test the
<BR>
resulting VxD)
<BR>
<P>furthermore, I'm still looking for these &quot;some lines of code&quot; that log
<BR>
the function calls (after all, I'm not really experienced in writing
<BR>
windows code...) when I've figured out some good code, I'll let you
<BR>
know...
<BR>
<P><P>======
<BR>
<P>this tool is based on
<BR>
<P>&nbsp;the GNU 80386 instruction printer found in opcode/i386-dis.c (used by
<BR>
objdump, gdb ...) (see <A HREF="http://www.gnu.org">http://www.gnu.org</A>)
<BR>
&nbsp;and some of my own code... (see nowhere)
<BR>
<P>the include files for writing VxDs with NASM are from
<BR>
&nbsp;fOSSil &amp; The Owl (see <A HREF="http://icedump.tsx.org/">http://icedump.tsx.org/</A>)
<BR>
<P>information about the file format of VxDs was found at
<BR>
&nbsp;<A HREF="http://www.wotsit.org/">http://www.wotsit.org/</A>
<BR>
<P>information about windows assembling can be found at
<BR>
&nbsp;<A HREF="http://win32asm.cjb.net/">http://win32asm.cjb.net/</A>
<BR>
<P>information about reversing software is available at
<BR>
&nbsp;<A HREF="http://tsehp.cjb.net/">http://tsehp.cjb.net/</A>
<BR>
<P>and my tool is available at
<BR>
<P><A HREF="http://home.germany.net/freestyle/sane/devel.html">http://home.germany.net/freestyle/sane/devel.html</A>
<BR>
<P>-- jochen
<BR>
<P><PRE>
--
Source code, list archive, and docs: <A HREF="http://www.mostang.com/sane/">http://www.mostang.com/sane/</A>
To unsubscribe: echo unsubscribe sane-devel | mail <A HREF="mailto:majordomo@mostang.com?Subject=Re:%20little%20tool%20for%20cracking%20VxDs%20(or:%20how%20to%20write%20a%20driver%20without...)&In-Reply-To=&lt;39AFF605.CB1B428C@gno.de&gt;">majordomo@mostang.com</A>
</PRE>
<P><!-- body="end" -->
<HR NOSHADE>
<UL>
<!-- next="start" -->
<LI><STRONG>Next message:</STRONG> <A HREF="0009.html">Arnaud Calvo: "Re: Plustek (was: Re: test)"</A>
<LI><STRONG>Previous message:</STRONG> <A HREF="0007.html">D Milburn: "Re: Plustek (was: Re: test)"</A>
<!-- nextthread="start" -->
<LI><STRONG>Next in thread:</STRONG> <A HREF="0022.html">Jochen Eisinger: "Re: little tool for cracking VxDs (or: how to write a driver without...)"</A>
<LI><STRONG>Reply:</STRONG> <A HREF="0022.html">Jochen Eisinger: "Re: little tool for cracking VxDs (or: how to write a driver without...)"</A>
<!-- reply="end" -->
<LI><STRONG>Messages sorted by:</STRONG> 
<A HREF="date.html#8">[ date ]</A>
<A HREF="index.html#8">[ thread ]</A>
<A HREF="subject.html#8">[ subject ]</A>
<A HREF="author.html#8">[ author ]</A>
</UL>
<!-- trailer="footer" -->
<HR NOSHADE>
<P>
<SMALL>
<EM>
This archive was generated by <A HREF="http://www.hypermail.org/">hypermail 2b29</A> 
: <EM>Fri Sep 01 2000 - 11:48:12 PDT</EM>
</EM>
</SMALL>
</BODY>
</HTML>