Sei la

UserPort Documentation 1 Summary IJserPort. SYS is a kernel mode driver for Windows NT/2000 that gives usermode programs access to 1/0 Ports. This makes it possible to access hardware directly from a normal executable in the same way as under Windows 95/98/ME. This driver does not work on Windows 95/98/ME and there is really no need to run it anyway because 1/0 ports are always granted to usermode programs on these operating systems.

The driver can be used for the following purposes: • To run software on Windows NT/ 2000 that normally only runs on Windows 95/98/ME. • To easily ccess hardware like the parallel port and other 1/0 ports. So whats the drawbac has for security reas OFY Opening up 1/0 ports eet_,_ „ Ripe view next page You should therefore usermode access to are? Microsoft access to 1/0 ports. le in your system sts to only give need. The default values opens up a wide range of 1/0 ports and you should narrow it down.

If you are writing your own software you should only grant access through the file Access is then given to your program when you open the file Other programs that don’t open Will not have access to these 1/0 ports. 2 Installation The driver can be installed in the following two ways: • copy UserPort. SYS to Start UserPort. EXE and add the addres Sv. ‘ipe to View next page addresses you want and remove the others and click on start. • Run IJserPort. EXE with the driver filename and path as an argument i. . run UserPort. EXE Add the addresses you want and remove the others and click on start. You should now have usermode access to the addresses you have chosen. 3 Examples Port instructions are not included In development enwronments (such as Visual C++ and Delphi) because direct 1/0 access isn’t llowed by the operating system. You Will therefore need to include a portion of assembler code into your software in order to access your hardware, see Figure 2, 3 and 4.

BYTE inportb(UlNT portid) { unsigned char value; _ asm mov edx,portid _ asm in al,dx _ asm mov value,al return value; } void outportb(UINT portid, BYTE value) { _asm mov edx,portid _ asm mov al,value _asm out dx,al } Figure 2: Read 1/0 port if (inportb(ox379) & 0) { outportb(Ox37a,inportb(Ox37a) I Ox01); Sleep(l); & Oxfe); } // // // // // Figure 3: wnte 1/0 port Check “Select” pin Write character’A’ to printer Set “strobe” Wait ms Clear “Strobe” pin Figure 4: Print ‘A’ example using direct 1/0 access Figure 4 shows how simple it now is to access hardware from a usermode program.

The IJserPort package should contain the files IOPort. c, IOPort. h and IOPort. pas to be when developing C, C++ and Delphi programs. 4 Technical Description The driver gives user mode changing the x86-processo ro ram access to selected ports by Permiss mode program access to selected ports by changing the x86- processors IOPM (1/0 Permission Map). Figure 1 shows houv the driver works. For a detailed description on the TSS see Intel roccessor handbooks.

Task State Segment GDT-reg Task- register Ox66 Ox88 IOPM offset IOPM for processes that opens Wserport” TSS-descriptor Base-address Limit ox20ab onoad OX2135 Figure 1 : 80×86 -rss description IOPM for all processes The original size of the TSS is Ox20ab and the driver extends it to ox2135. The default IOPM offset is onoad and this value is rewntten by the OS on every task switch. The IOPM offset must therefore be changed with the undocumented function Ke38610SetAccessProcess, which sets the IOPM offset to ox88.

The Aliprocesses10PM is rltten to Ox20ad because this is the default IOPM offset for all processes and the ThroughCreateFilelOPM is written to Ox88 because the Ke38610SetAccessProcess function sets the IOPM offset to Ox88. The Ke38610SetAccessProcess function is called when a user mode program opens the file NAIJserPort”. The driver loads the two IOPM:s from: HKEY LOCAL HK It Will use default values below if these doesn’t exist. This driver is influenced and inspired by an article written by Dale Roberts 8/30/95, published in May 96 Dr Dobbs Journal, see www. ddj. com. Tomas Franzon [email protected] com 3

Leave a Reply:

O seu endereço de email não será publicado. Campos obrigatórios marcados com *