Usenet Archives

TotalIo.C and GiveIo.C

From getrid_ofthispart_roberts@ishtar.med.jhu.edu Wed Feb 25 14:43:41 1998
Path: relief.cts.com!newshub.cts.com!usc!howland.erols.net!netnews.com!news-xfer.netaxs.com!news.cs.jhu.edu!news.jhu.edu!news
From: getrid_ofthispart_roberts@ishtar.med.jhu.edu (Dale Roberts)
Newsgroups: comp.os.ms-windows.programmer.nt.kernel-mode
Subject: Re: TOTALIO.SYS
Date: 25 Feb 1998 22:43:41 GMT
Organization: Johns Hopkins University
Lines: 48
Message-ID: <6d26qt$fo8@news.jhu.edu>
References: <34F2DF69.1EFE@access.mountain.net>
NNTP-Posting-Host: 128.220.156.60
Mime-Version: 1.0
Content-Type: Text/Plain; charset=US-ASCII
X-Newsreader: WinVN 0.99.6
Xref: relief.cts.com comp.os.ms-windows.programmer.nt.kernel-mode:16414
X-Cache: nntpcache 1.0.7.1 (see ftp://suburbia.net/pub/nntpcache)

Luke Flemmer (lukef@access.mountain.net) says...

Several people have mailed me regarding the driver TOTALIO.SYS which was part of an article in Dr Dobbs a while ago. The principle of the driver is simply that it modifies the I/O permission bitmap of the x86 so that user mode port access is not trapped. I didn't write it, can't support it, and didn't even read the whole article. However, I do think it's useful, so here it is:

Just to give complete information for those interested in reading the *whole* article :-), it was in the May 1996 issue of Dr. Dobb's Journal, and the complete source and executables are available directly from the www.ddj.com web site (I trust Luke is a good guy, but I personally would only get it directly from the source). The article is available on the DDJ back issue CD-ROMs, on the DDJ NT Internals CD-ROM, and, yes, even in one of those collections-of-magazine-articles books, "Windows NT Programming in Practice" by R&D Books (i.e., Miller Freeman, who publish DDJ and many other things; see www.rdbooks.com), ISBN 0-87930-472-3. It's the last blessed article in the book (maybe they're trying to hide it back there? :-)). By the way, for better or worse, I *did* write TOTALIO, and even I don't support it.

TOTALIO is indeed quite a dangerous program, giving nearly total port I/O access (up to port about port 0xf00) to every program in the system (including any old DOS program which, as Luke mentions, could easily trash your system), and I never intended it to be used in practice (I have never found a need for it, personally). GIVEIO (also available in the same ZIP file) is slightly less dangerous in that it limits I/O access to only those processes that request it. I would prefer it above TOTALIO.

TOTALIO is sort of a curiosity; it was a stepping stone towards GIVEIO. TOTALIO directly manipulates the TSS descriptor (it does no checking on the current value of the TSS descriptor), uses inline assembler, and depends on the upper portion of the TSS being 0's. So it is dangerous in many ways. It's also a neat example of a very minimal NT "driver". It has a three line DriverEntry(), and a one line DriverUnload(), and that's it as far as NT driver routines are concerned.

But, I'd never actually *use* the thing. :-)

GIVEIO, by the way, "merely" makes use of a few undocumented kernel calls that were provided by Microsoft (and are still used by their videoprt.sys driver). It doesn't do any direct 80x86 manipulation, as some posts might imply. In this sense also, it's much safer.

dale

top of page | up | previous | next | home




	Usenet Archives TotalIo.C and GiveIo.C From getrid_ofthispart_roberts@ishtar.med.jhu.edu Wed Feb 25 14:43:41 1998 Path: relief.cts.com!newshub.cts.com!usc!howland.erols.net!netnews.com!news-xfer.netaxs.com!news.cs.jhu.edu!news.jhu.edu!news From: getrid_ofthispart_roberts@ishtar.med.jhu.edu (Dale Roberts) Newsgroups: comp.os.ms-windows.programmer.nt.kernel-mode Subject: Re: TOTALIO.SYS Date: 25 Feb 1998 22:43:41 GMT Organization: Johns Hopkins University Lines: 48 Message-ID: <6d26qt$fo8@news.jhu.edu> References: <34F2DF69.1EFE@access.mountain.net> NNTP-Posting-Host: 128.220.156.60 Mime-Version: 1.0 Content-Type: Text/Plain; charset=US-ASCII X-Newsreader: WinVN 0.99.6 Xref: relief.cts.com comp.os.ms-windows.programmer.nt.kernel-mode:16414 X-Cache: nntpcache 1.0.7.1 (see ftp://suburbia.net/pub/nntpcache) Luke Flemmer (lukef@access.mountain.net) says... Several people have mailed me regarding the driver TOTALIO.SYS which was part of an article in Dr Dobbs a while ago. The principle of the driver is simply that it modifies the I/O permission bitmap of the x86 so that user mode port access is not trapped. I didn't write it, can't support it, and didn't even read the whole article. However, I do think it's useful, so here it is: Just to give complete information for those interested in reading the whole article :-), it was in the May 1996 issue of Dr. Dobb's Journal, and the complete source and executables are available directly from the www.ddj.com web site (I trust Luke is a good guy, but I personally would only get it directly from the source). The article is available on the DDJ back issue CD-ROMs, on the DDJ NT Internals CD-ROM, and, yes, even in one of those collections-of-magazine-articles books, "Windows NT Programming in Practice" by R&D Books (i.e., Miller Freeman, who publish DDJ and many other things; see www.rdbooks.com), ISBN 0-87930-472-3. It's the last blessed article in the book (maybe they're trying to hide it back there? :-)). By the way, for better or worse, I did write TOTALIO, and even I don't support it. TOTALIO is indeed quite a dangerous program, giving nearly total port I/O access (up to port about port 0xf00) to every program in the system (including any old DOS program which, as Luke mentions, could easily trash your system), and I never intended it to be used in practice (I have never found a need for it, personally). GIVEIO (also available in the same ZIP file) is slightly less dangerous in that it limits I/O access to only those processes that request it. I would prefer it above TOTALIO. TOTALIO is sort of a curiosity; it was a stepping stone towards GIVEIO. TOTALIO directly manipulates the TSS descriptor (it does no checking on the current value of the TSS descriptor), uses inline assembler, and depends on the upper portion of the TSS being 0's. So it is dangerous in many ways. It's also a neat example of a very minimal NT "driver". It has a three line DriverEntry(), and a one line DriverUnload(), and that's it as far as NT driver routines are concerned. But, I'd never actually use the thing. :-) GIVEIO, by the way, "merely" makes use of a few undocumented kernel calls that were provided by Microsoft (and are still used by their videoprt.sys driver). It doesn't do any direct 80x86 manipulation, as some posts might imply. In this sense also, it's much safer. dale top of page \| up \| previous \| next \| home