Kmdkit推薦的方法是把匯編源程序寫成批處理bat文件，以天殺的ring0.sys為例
把下面的代碼存成ring0.bat

;@echo off
;goto make
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.586P;保護模式
.modelflat,stdcall
optioncasemap:none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
includemasm32includew2k tddk.inc
;中斷相關數(shù)據(jù)結構
IDT_REGSTRUCT
limitWORD?
baseDWORD?
IDT_REGENDS

;中斷描述符
INT_DESCRIPTORSTRUCT
offs0_15WORD?
selWORD?
paramcntBYTE?
attrsBYTE?
offs16_31WORD?
INT_DESCRIPTORENDS

;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;代碼段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
szBufferdb16dup(0)
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
MyIntFuncproc
pushedx
calleax
iretd
MyIntFuncendp

;====================================================================
AddMyIntprocusesedi
local@IDT

sidtszBuffer
movedi,(IDT_REGptr[szBuffer]).base
addedi,21h*8

;使用Int21中斷,該中斷在Win2k下沒有使用
;cli
moveax,offsetMyIntFunc
mov[edi],ax
shreax,16
mov[edi+6],ax;設置入口地址
mov[edi+2],cs;設置段地址
;設置Ring3可以訪問
movWORDptr[edi+4],0EE00h
;sti

ret
AddMyIntendp
;====================================================================
WdmUnloadprocDriverObject:DWORD
local@IDT

sidtszBuffer
movedi,(IDT_REGptr[szBuffer]).base
addedi,21h*8
xoreax,eax
mov[edi],ax
mov[edi+6],ax;設置入口地址
mov[edi+2],ax;設置段地址
movWORDptr[edi+4],ax

ret
WdmUnloadendp
;====================================================================
DriverEntryprocDriverObj:DWORD,RegistryPath:DWORD

moveax,DriverObj
assumeeax:ptrDRIVER_OBJECT
mov[eax].DriverUnload,offsetWdmUnload
assumeeax:nothing
invokeAddMyInt

xoreax,eax
ret
DriverEntryendp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>