个人中心
文章发布
退出
作者热门文章
- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
24
4
以下代码:
标题:
// InterruptDescriptorTable.h
#define MAX_IDT_ENTRIES 256
#define MAKELONG(a, b) ((unsigned long) (((unsigned short)(a)) | ((unsigned long) ((unsigned) (b))) << 16 ))
/* SIDT returns IDT in following format */
#pragma pack(1)
typedef struct
{
unsigned short IDTLimit;
unsigned short LowIDTBase;
unsigned short HighIDTBase;
} s_idt_info;
#pragma pack()
/* entry in IDT ( interrupt gate ) */
#pragma pack(1)
typedef struct
{
unsigned short LowOffset;
unsigned short selector;
unsigned char unused_lo;
unsigned char segment_type:4;
unsigned char system_segment_flag:1;
unsigned char DPL:2; // Descriptor Privilege Level
unsigned char P:1; // Present
unsigned short HighOffset;
} s_idt_entry;
#pragma pack()
主要内容:
// driver.c
#include <ntddk.h>
#include "InterruptDescriptorTable.h"
const WCHAR deviceNameBuffer[] = L"\\Device\\MyDevice";
PDEVICE_OBJECT g_RootkitDevice; // pointer to device object
NTSTATUS
//STDCALL
_DriverDispatch(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
return STATUS_SUCCESS;
}
VOID
//STDCALL
_DriverUnload(IN PDRIVER_OBJECT DriverObject)
{
DbgPrint("DriverUnload() !\n");
return;
}
NTSTATUS
_DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
DbgPrint("DriverEntry() !\n");
s_idt_info idt_info; // returned by sidt
s_idt_entry *idt_entries; // obtained from idt_info
unsigned int count;
unsigned long addr;
// load idt_info
__asm ("sidt %0" : "=w" (idt_info));
idt_entries = (s_idt_entry*) (long long)MAKELONG(idt_info.LowIDTBase, idt_info.HighIDTBase);
for(count = 0; count < MAX_IDT_ENTRIES; ++count)
{
s_idt_entry *i = &idt_entries[count];
addr = MAKELONG(i->LowOffset, i->HighOffset);
DbgPrint("Interrupt %d, %lu", count, addr);
}
DriverObject->DriverUnload = _DriverUnload;
return STATUS_SUCCESS;
}
在 Code::Blocks 中使用 MinGW-x64 (GCC) 编译为 .sys 文件。
当插入到在 VirtualBox 上运行的 Windows 7-64 位虚拟机时,它会生成以下 BSOD: 
我注意到只有当我尝试打印变量“addr”时才会发生这种情况。不知道为什么或如何解决它。打印两次 'count' 就可以了。
以下代码用于加载/卸载驱动程序: http://pastebin.com/0Axy4WkZ
最佳答案
您在 64 位模式下对 IDT 结构使用了错误的定义。接下来是 amd64 的正确代码:
union KIDTENTRY64
{
struct
{
USHORT OffsetLow;
USHORT Selector;
USHORT IstIndex:3;
USHORT Reserved0:5;
USHORT Type:5;
USHORT Dpl:2;
USHORT Present:1;
USHORT OffsetMiddle;
ULONG OffsetHigh;
ULONG Reserved1;
};
UINT64 Alignment;
};
struct KDESCRIPTOR64
{
USHORT Pad[3];
USHORT Limit;
PVOID Base;
};
void DumpIDT()
{
#ifdef _AMD64_
KDESCRIPTOR64 descr;
__sidt(&descr.Limit);
if (ULONG n = (descr.Limit + 1)/ sizeof(KIDTENTRY64))
{
int i = 0;
KIDTENTRY64* pidte = (KIDTENTRY64*)descr.Base;
do
{
ULONG_PTR addr = ((ULONG_PTR)pidte->OffsetHigh << 32) +
((ULONG_PTR)pidte->OffsetMiddle << 16) + pidte->OffsetLow;
DbgPrint("Interrupt %u -> %p\n", i++, addr);
} while (pidte++, --n);
}
#endif
}
关于c - 如何在 amd64 中正确转储 IDT 条目?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40812822/
24
4
0
我正在为我的应用程序使用 Tank-Auth。我唯一的问题是激活和重置帐户密码。 用于登录、注册、注销;我对这些代码没有问题; $route['login'] = "/auth/login"; $ro
我是一名优秀的程序员,十分优秀!