|
阅读:736回复:2
请cool-net来此拿分!谢谢指点!!请cool-net来此拿分!谢谢指点!! 不好意思只有20分!! |
|
|
沙发#
发布于:2003-12-23 20:41
你还是不要给分了,因为我什么也没帮上,或者等你的问题解决以后再给?呵呵。:-)
我想还是说说你的问题吧,我刚刚把保护模式又快速复习了一遍,估计这回可以帮点忙了。:-) |
|
|
|
板凳#
发布于:2003-12-24 09:45
下面是HOOK中断的代码: /* Interrupt to be hooked */ #define HOOKINT 0x09 头文件中的定义 *************************************** /* sidt instruction stores the base and limit of IDTR in this format */ typedef struct idtr { short Limit; unsigned int Base; } Idtr_t, *PIdtr_t; /* Decriptor Entry corresponding to interrupt gate */ typedef struct idtentry { unsigned short OffsetLow; unsigned short Selector; unsigned char Reserved; unsigned char Type:1; unsigned char Always0:1; unsigned char Dpl:3; unsigned char Present:1; unsigned short OffsetHigh; } IdtEntry_t, *PIdtEntry_t; ************************************ /* Get the Base and Limit of IDTR Register */ _asm sidt buffer IdtEntry=(PIdtEntry_t)Idtr->Base; /* Index the interrupt number to be hooked in appropriate IDT entry and save away the Old handler\'s address */ OldHandler=((unsigned int)IdtEntry[HOOKINT].OffsetHigh<<16U)| (IdtEntry[HOOKINT].OffsetLow); /* Plug into the interrupt by changing the offset field to point to NewHandler function */ _asm cli IdtEntry[HOOKINT].OffsetLow=(unsigned short)NewHandler; IdtEntry[HOOKINT].OffsetHigh=(unsigned short)((unsigned int)NewHandler>>16); // IdtEntry[HOOKINT].Dpl=6; // IdtEntry[HOOKINT].Present=0; _asm sti 新的服务程序 ―――――――――――――――――――――――― void NewHandlerCFunc(int ServiceId) { if (ServiceId>NumberOfServices) return; ServiceCounterTable[ServiceId+1]++; return; } ――――――――――――――――――――――――― 另外的文件 ################################### _NewHandler proc near //NewHandler EIP 为FO9E2280 Ring0Prolog STI push eax call _NewHandlerCFunc@4 CLI Ring0Epilog jmp dword ptr cs:[_OldHandler] _NewHandler endp END ################################### SOFTICE中IDT命令: 运行前 0009 INTG32 0008:80466A6C DPL=0 P NTOSKRNL!KEI386EOIHELPORT+16B6 运行后 0009 INTG32 0008:FO9E2280 DPL=0 P HOOKINT!TEXT 但没有进入中断? |
|