程序代码:
#include "stdafx.h"
#if !(defined(_X86_) || defined(_AMD64_) || defined(_IA64_))
#define _X86_ // Intel公司提供的 X86系列CPU
#endif
#include "ntddk.h"
#pragma comment(lib,"ntoskrnl.lib")
int _tmain(int argc, _TCHAR* argv[])
{
PVOID tbuf;
tbuf=ExAllocatePoolWithTag(NonPagedPool,16,'TSET');
return 0;
}
程序运行到HalInitSystem老是出错,请教懂的人指点;
HAL!HalInitSystem:
003bd9e8 8bff mov edi,edi
0:000> t
eax=0012fa7c ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=0012fa04 edi=00000001
eip=003bd9ea esp=0012f9f4 ebp=0012fa10 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
HAL!HalInitSystem+0x2:
003bd9ea 55 push ebp
0:000> t
eax=0012fa7c ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=0012fa04 edi=00000001
eip=003bd9eb esp=0012f9f0 ebp=0012fa10 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
HAL!HalInitSystem+0x3:
003bd9eb 8bec mov ebp,esp
0:000> t
eax=0012fa7c ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=0012fa04 edi=00000001
eip=003bd9ed esp=0012f9f0 ebp=0012f9f0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
HAL!HalInitSystem+0x5:
003bd9ed 51 push ecx
0:000> t
eax=0012fa7c ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=0012fa04 edi=00000001
eip=003bd9ee esp=0012f9ec ebp=0012f9f0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
HAL!HalInitSystem+0x6:
003bd9ee 53 push ebx
0:000> t
eax=0012fa7c ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=0012fa04 edi=00000001
eip=003bd9ef esp=0012f9e8 ebp=0012f9f0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
HAL!HalInitSystem+0x7:
003bd9ef 56 push esi
0:000> t
eax=0012fa7c ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=0012fa04 edi=00000001
eip=003bd9f0 esp=0012f9e4 ebp=0012f9f0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
HAL!HalInitSystem+0x8:
003bd9f0 57 push edi
0:000> t
eax=0012fa7c ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=0012fa04 edi=00000001
eip=003bd9f1 esp=0012f9e0 ebp=0012f9f0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
HAL!HalInitSystem+0x9:
003bd9f1 64a120000000 mov eax,dword ptr fs:[00000020h] fs:003b:00000020=00000c10
0:000> t
eax=00000c10 ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=0012fa04 edi=00000001
eip=003bd9f7 esp=0012f9e0 ebp=0012f9f0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
HAL!HalInitSystem+0xf:
003bd9f7 837d0800 cmp dword ptr [ebp+8],0 ss:0023:0012f9f8={KDCOM (003d0000)}
0:000> t
eax=00000c10 ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=0012fa04 edi=00000001
eip=003bd9fb esp=0012f9e0 ebp=0012f9f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
HAL!HalInitSystem+0x13:
003bd9fb 8bf0 mov esi,eax
0:000> t
eax=00000c10 ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=00000c10 edi=00000001
eip=003bd9fd esp=0012f9e0 ebp=0012f9f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
HAL!HalInitSystem+0x15:
003bd9fd 0f8555030000 jne HAL!HalInitSystem+0x370 (003bdd58) [br=1]
0:000> t
eax=00000c10 ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=00000c10 edi=00000001
eip=003bdd58 esp=0012f9e0 ebp=0012f9f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
HAL!HalInitSystem+0x370:
003bdd58 64a11c000000 mov eax,dword ptr fs:[0000001Ch] fs:003b:0000001c=00000000
0:000> t
eax=00000000 ebx=003d0ce6 ecx=00008d81 edx=ffffffff esi=00000c10 edi=00000001
eip=003bdd5e esp=0012f9e0 ebp=0012f9f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
HAL!HalInitSystem+0x376:
003bdd5e 80785100 cmp byte ptr [eax+51h],0 ds:0023:00000051=??
最后出错在0000000051=?? 本人十分小白,请教高人这个是我系统问题还是权限问题还是程序哪里出了问题,万分感谢!
[课程]Android-CTF解题方法汇总!
