-------------------------------------------------
Introduce Plug-ins for TRW2000
-------------------------------------------------
Plug-ins is a extension part of TRW2000. It work with
kernel of TRW2000 and other Plug-ins to provide more 
function for user. Plug-ins is dynamic-link with kernel
of TRW2000, this means that it's NOT a internal component,
it can be instead.

Plug-ins is flexible, it can go to any target by easy
design, for example, display driver is written as Plug
-ins. In other words, you can develop special debugger
but not need to develop driver, disassemble, assemble, 
screen-interface... Cracker can get more help from this
important property.

-------------------------------------------------
Starting to develop your Plug-ins...
-------------------------------------------------
You must have some tools to develop Plug-ins. You need:

Visual C++( recommend 6.0 ) 
Win98DDK. 

If you haven't it, never mind, download it freely from 
http://www.microsoft.com/ddk
Warning:
YOU MUST MODIFY FILE I386MK.INC
(locate at <98DDK Directory>\INC),
	1.Search STDFLAGS= /c /Zel /Zp8 /Gy ..., 
	  modify /Zp8 to /Zp1.
	2.{i386\}.asm{$(_OBJ_DIR)\i386\}.obj:
	    $(386_ASSEMBLER) -Fo$(MAKEDIR)\$@ $<
	  change it to:
	  .asm{$(_OBJ_DIR)\i386\}.obj:
	    $(386_ASSEMBLER) -Fo$(MAKEDIR)\$@ $<

Then, click icons "Check" or "Free" environment in Windows
start menu, Ok, we can start! 

-------------------------------------------------
Compile reference :
-------------------------------------------------
The extension name of Plug-ins is .SYS, it's a WDM driver
in fact. 

Before you start, you must have other two files in the
same directory as the source code located at that you will
use:
MAKEFILE and SOURCES ( no extension name ) .

MAKEFILE is following as below :

###########################################################
#
# Microsoft Confidential
# Copyright (C) Microsoft Corporation 1995
# All Rights Reserved.
# 
# MAKEFILE for WDM device driver kit
#
###########################################################

#
# DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
# file to this component. This file merely indirects to the real make file
# that is shared by all the driver components of the Windows NT DDK
#

!INCLUDE $(NTMAKEENV)\makefile.def

 
SOURCES is following as below :


TARGETNAME=xxxx
TARGETTYPE=DRIVER
DRIVERTYPE=WDM
TARGETPATH=.

BLDCRT=1

INCLUDES=$(BASEDIR)\inc

SOURCES=xxxx.CPP( xxxx_2.CPP, xxxx_3.CPP... )

I386_SOURCES=xxxx.ASM( xxxx_2.ASM, xxxx_3.ASM... )
 
( xxxx is the name of your Plug-ins )

If you have these files, you type "BUILD" in command line to
create a WDM.
If you choose "Checked Environment", it will make a debug-WDM
in driectory <SOURCES driectory\I386\Checked. If you choose 
"Free Environment", it will make a Release-WDM in
<SOURCES driectory\I386\Free.
The complie result will be log in file BUILD.LOG, the error
message will be log in file BUILD.ERR and warning message will
be log in file BUILD.WRN in the same directory as SOURCES.

You can run tool "BUILD" (include in Win98DDK) to compile and
link Plug-ins. 

But, there is a strange problem:
BUILD compiled your CPP and create directory ..\I386, but, it
NOT create directory ..\I386\Checked and  ..\I386\Free, it will
show some error message and fail to like. The best simple 
resolving method is: creating directory by yourself.

And, if you have a release-WDM, Warning: It include symbol yet. 
To resolve it, you must do:

DUMPBIN /HEADERS xxxx.sys |MORE 
record the map-base address of OPTIONAL HEADER VALUES, 
normally it is 0x10000. 
Use command " REBASE -B 0x10000 -X .\Symbol xxxx.sys " to remove
the symbol. 
If you want to get more information, visit related web and newsgroup.
Reference:
Art Baker: The Windows NT Device Driver Book: A Guide for
Programmers, 1997, published by Prentics Hall, INC.

The best simple method is copy/paste the sample's MK.BAT and SOURCES
and MAKEFILE as the starting of your plug-ins.

-------------------------------------------------
Plug-ins refernce
-------------------------------------------------
Let us begin the first Plug-ins. Every Plug-ins must have 
determinate format following as below:

// This file extension name must be .CPP .

extern "C" {
#include <wdm.h>
}
//  It define WDM .

#include "..\INCLUCE\PLUGS.H"
//  It define the data type and functin prototype .

extern "C" NTSTATUS
DriverEntry(IN PDRIVER_OBJECT DriverObject, 
                    IN PUNICODE_STRING RegistryPath);

VOID
Plugs_Unload(IN PDRIVER_OBJECT DriverObject);

extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
    NTSTATUS    ntStatus = STATUS_SUCCESS;

    DriverObject->DriverUnload = Plug-ins_Unload;

    return ntStatus;
}

VOID
Plug-ins_Unload(IN PDRIVER_OBJECT DriverObject)
{
}
//  These are WDM format  , every Plug-ins has the same 
//  code . 
/************ Plug-ins Init and Exit routine **************/

PLUGS_API* api = 0;
// This is TRW2000 API pointer . Plug-ins call TRW2000's API
// must like this :
//        
//             TRW2000_api->Get_TRW2000_Version ( ) ;
//

EXC EXPORT BOOL Plugs_Init ( PLUGS_API* plugsapi )
{
	TRW2000_api = api;

	// add your code.

	return TRUE;
	// If Return FALSE this Plug-ins will not be load.
}

EXC EXPORT BOOL Plugs_Exit ( )
{
	// add your code.

	return TRUE;
	// Must return TRUE.
}

Ok, if you have problem remaining, see example Plug-ins.

End
Copyright(C) 2000. KnlSoft. Inc. 
http://www.knlsoft.com