sidt fword ptr IDT ; fetch IDT register
mov ebx, dword ptr [IDT+2] ; ebx -> IDT
add ebx, 8*ExceptionUsed ; Ebx -> IDT entry of ExceptionUsed
cli ; Clear interupts
mov dx, word ptr [ebx+6] ; Save the current gate highword
shl edx, 16d
mov dx, word ptr [ebx] ; lowword
mov [lpOldGate], edx
mov eax, Ring0 ; "install hook" - that is newgate
mov word ptr [ebx], ax ; lowword
shr eax, 16d
mov word ptr [ebx+6], ax ; highword
int ExceptionUsed ; cause exception
mov ebx, dword ptr [IDT+2] ; restore gate
add ebx, 8*ExceptionUsed
mov edx, [lpOldGate]
mov word ptr [ebx], dx
shr edx, 16d
mov word ptr [ebx+6], dx
ret
ToRing0Code endp
end start
--------------------------------------------------------------------------------
;for winxp
.686p
.model flat, stdcall
option casemap :none ; case sensitive
; #########################################################################
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\advapi32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\advapi32.lib
DEBUG = TRUE
ShowError proto :DWORD
;常量定义
NULL = 0
MB_OK = 0
INVALID_HANDLE_value = -1
GENERIC_READ = 80000000H
GENERIC_WRITE = 40000000H
FILE_SHARE_READ = 1
FILE_SHARE_WRITE = 2
FILE_SHARE_DELETE = 4
OPEN_EXISTING = 3
HMODULE typedef dword
NTSTATUS typedef dword
PACL typedef dword
PSECURITY_DEscriptOR typedef dword
OBJ_INHERIT=2
OBJ_PERMANENT=10h
OBJ_EXCLUSIVE=20h
OBJ_CASE_INSENSITIVE=40h
OBJ_OPENIF=80h
OBJ_OPENLINK =100h
OBJ_KERNEL_HANDLE=200
OBJ_VALID_ATTRIBUTES=3F2h
SE_KERNEL_OBJECT = 6
GRANT_ACCESS =1
NO_INHERITANCE =0
TRUSTEE_IS_NAME=1
TRUSTEE_IS_USER=1
STATUS_SUCCESS =0
STATUS_ACCESS_DENIED =0C0000022h
STATUS_ACCESS_VIOLATION equ 0C0000005h
STATUS_INFO_LENGTH_MISMATCH equ 0C0000004h
SystemModuleInformation equ 11
PVOID TYPEDEF DWORD
UNLONG TYPEDEF DWORD
CHAR TYPEDEF BYTE
UNICODE_STRING struct
nLength word ?
MaximumLength word ?
Buffer dword ?
UNICODE_STRING ends
OBJECT_ATTRIBUTES struct
nLength dword ?
RootDirectory HANDLE ?
ObjectName dword ?;PUNICODE_STRING
Attributes dword ?;
SecurityDescriptor dword ?; PVOID // Points to type SECURITY_DEscriptOR
SecurityQualityOfService dword ?;PVOID // Points to type SECURITY_QUALITY_OF_SERVICE
上一篇:一种可以穿透还原卡和还原软件的代码
下一篇:扩展int13h调用详解(修正) |
