向int3中断 写入自己的跳转 但是加载驱动就蓝屏了 用windbg调试 出错的是下面120:这条指令mov byte ptr ds:[ebx],al   用!analyze -v显示:ATTEMPTED_WRITE_TO_READONLY_MEMORY (be) 试图向只读存储器写入 但是我看郁金香老师写的代码  是一样的啊 他的能写入成功  但是我一载入就蓝屏  出错信息 都在下面了 请大牛帮我看下  多谢

push ebx
   117:                 push eax
   118:                 mov ebx,int3proc_addr
   119:                 mov eax,0xE9
>  120:                 mov byte ptr ds:[ebx],al
   121:                 mov eax,jmpaddr
   122:                 mov dword ptr ds:[ebx+1],eax
   123:                 pop eax
   124:                 pop ebx

==========================================
IDT_ENTRY size=8
IDT BASE=8003f400

int proc addr=804e089d

要写入的地址=79848e9e

*** Fatal System Error: 0x000000be
                       (0x804E089D,0x004E0121,0xF9C6EBE8,0x0000000B)

Driver at fault:
***  DDK_HelloWorld.sys - Address F9D298B7 base at F9D29000, DateStamp 5159738e
.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory.  The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: 804e089d, Virtual address for the attempted write.
Arg2: 004e0121, PTE contents.
Arg3: f9c6ebe8, (reserved)
Arg4: 0000000b, (reserved)

Debugging Details:
------------------

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xBE

PROCESS_NAME:  System

TRAP_FRAME:  f9c6ebe8 -- (.trap 0xfffffffff9c6ebe8)
ErrCode = 00000003
eax=000000e9 ebx=804e089d ecx=80500093 edx=804e08a6 esi=e1b273ce edi=81702ae8
eip=f9d298b7 esp=f9c6ec5c ebp=f9c6ec74 iopl=0         nv up ei ng nz ac pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010296
DDK_HelloWorld!HookInt3Proc+0x97:
f9d298b7 3e8803          mov     byte ptr ds:[ebx],al       ds:0023:804e089d=6a
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8053377f to 804e45a2

STACK_COMMAND:  kb

FOLLOWUP_IP:
DDK_HelloWorld!HookInt3Proc+97 [h:\½Ì³ÌºÏ¼¯\Íâ¹Ò½Ì³Ì\Óô½ðÏã\Çý¶¯½Ì³Ì\Óô½ðÏãÇý¶¯42-46\mini_ddk\idt.h @ 120]
f9d298b7 3e8803          mov     byte ptr ds:[ebx],al

FAULTING_SOURCE_CODE:  
   116:         push ebx
   117:                 push eax
   118:                 mov ebx,int3proc_addr
   119:                 mov eax,0xE9
>  120:                 mov byte ptr ds:[ebx],al
   121:                 mov eax,jmpaddr
   122:                 mov dword ptr ds:[ebx+1],eax
   123:                 pop eax
   124:                 pop ebx
   125: }

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  DDK_HelloWorld!HookInt3Proc+97

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: DDK_HelloWorld

IMAGE_NAME:  DDK_HelloWorld.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5159738e

FAILURE_BUCKET_ID:  0xBE_DDK_HelloWorld!HookInt3Proc+97

BUCKET_ID:  0xBE_DDK_HelloWorld!HookInt3Proc+97

Followup: MachineOwner

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法