#include #define makelong(low, high) \
((ulong)(((ushort)((ulong)(low) & 0xffff)) | ((ulong)((ushort)((ulong)(high) & 0xffff))) << 16))
#define get_low16_of_32(data) \
((ushort)(((ulong)data) & 0xffff))
#define get_high16_of_32(data) \
((ushort)(((ulong)data) >> 16))
#pragma pack(push,1)
typedef struct idtr_
idtr, *p_idtr;
typedef struct idtentry_
idtentry, *p_idtentry;
#pragma pack(pop)
ulong offset = 0;
ulong hook_idt_index = ;
#define hook_idt_num sizeof(hook_idt_index)/sizeof(ulong)
void *g_old_entry[hook_idt_num] = ;
void *getidt()
void myuserfilter()
}}__declspec(naked) interruptproc01()
call myuserfilter
pop fs
popad // 恢復通用暫存器
popfd // 恢復標誌暫存器
jmp g_old_entry[0] // 跳到原來的中斷服務程式
}}__declspec(naked) interruptproc03()
call myuserfilter
pop fs
popad // 恢復通用暫存器
popfd // 恢復標誌暫存器
jmp g_old_entry[4] // 跳到原來的中斷服務程式
}}void *g_new_entry[hook_idt_num] = ;
void modifyinterrupt(boolean hook_or_unhook)
else
kdprint(("the current address = %x\n",
(void *)makelong(idt_addr[hook_idt_index[i]].offset_low, idt_addr[hook_idt_index[i]].offset_high)));
}//for
//setwriteprotect(true, &orgcr0);
}void hookidt(boolean hook_or_unhook)
}}void unload(pdriver_object drv)
ntstatus driverentry(
in pdriver_object driverobject,
in punicode_string registrypath
) ; kdprint (("entering driverentry\n"));
driverobject->driverunload = unload;
rtlgetversion((prtl_osversioninfow)&osverinfo);
kdprint(("osversion nt %d.%d:%d sp%d.%d\n",
osverinfo.dwmajorversion, osverinfo.dwminorversion, osverinfo.dwbuildnumber,
osverinfo.wservicepackmajor, osverinfo.wservicepackminor));
if (osverinfo.dwmajorversion == 5 && osverinfo.dwminorversion == 0)
offset = 0x120; //windows_version_2k
else if (osverinfo.dwmajorversion == 5 && osverinfo.dwminorversion == 1)
offset = 0xbc; //windows_version_xp
else if (osverinfo.dwmajorversion == 5 && osverinfo.dwminorversion == 2)
offset = 0xcc; //windows_version_2003
else if (osverinfo.dwmajorversion == 6 && osverinfo.dwminorversion == 0)
offset = 0xd4; //windows_version_vista
else if (osverinfo.dwmajorversion == 6 && osverinfo.dwminorversion == 1)
offset = 0xec; //windows_version_win7
else
offset = 0;
hookidt(true);
return status_success;
}
這個方法很簡單:hook int1,int3
然後清除debugport,簡單明瞭~~
**適用於多核,多系統~~~
乙個簡單的程序 跳到ring3
typedef unsigned int u32 typedef unsigned short u16 typedef unsigned char u8 typedef struct descriptor 8 a?descriptor void set gdt desc struct desc st...
任何乙個偉大的目標,都有乙個微不足道的開始。
2020年3月7號,洛谷試煉場離開了我們.任何乙個偉大的目標,都有乙個微不足道的開始。p1000 超級瑪麗遊戲 p1001 a b problem p1421 小玉買文具 p1425 小魚的游泳時間 p1422 小玉家的電費 p1085 不高興的津津 p1089 津津的儲蓄計畫 p1909 買鉛筆 ...
乙個使用的錯誤除錯方法
在visual c 中,可以在監視視窗新增 err,hr 一行來實時現實錯誤。除錯過程中,該項相當於在每次呼叫api函式之後呼叫getlasterror函式。其值由兩部分組成,乙個是錯誤 十六進製制 另乙個是錯誤 所對應的文字提示。安裝vs2010之後在安裝vs2008的msdn之後會出錯誤 解決辦...