向int3中断 写入自己的跳转 但是加载驱动就蓝屏了 用windbg调试 出错的是下面120:这条指令mov byte ptr ds:[ebx],al 用!analyze -v显示:ATTEMPTED_WRITE_TO_READONLY_MEMORY (be) 试图向只读存储器写入 但是我看郁金香老师写的代码 是一样的啊 他的能写入成功 但是我一载入就蓝屏 出错信息 都在下面了 请大牛帮我看下 多谢
push ebx
117: push eax
118: mov ebx,int3proc_addr
119: mov eax,0xE9
> 120: mov byte ptr ds:[ebx],al
121: mov eax,jmpaddr
122: mov dword ptr ds:[ebx+1],eax
123: pop eax
124: pop ebx
==========================================
IDT_ENTRY size=8
IDT BASE=8003f400
int proc addr=804e089d
要写入的地址=79848e9e
*** Fatal System Error: 0x000000be
(0x804E089D,0x004E0121,0xF9C6EBE8,0x0000000B)
Driver at fault:
*** DDK_HelloWorld.sys - Address F9D298B7 base at F9D29000, DateStamp 5159738e
.
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory. The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: 804e089d, Virtual address for the attempted write.
Arg2: 004e0121, PTE contents.
Arg3: f9c6ebe8, (reserved)
Arg4: 0000000b, (reserved)
Debugging Details:
------------------
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xBE
PROCESS_NAME: System
TRAP_FRAME: f9c6ebe8 -- (.trap 0xfffffffff9c6ebe8)
ErrCode = 00000003
eax=000000e9 ebx=804e089d ecx=80500093 edx=804e08a6 esi=e1b273ce edi=81702ae8
eip=f9d298b7 esp=f9c6ec5c ebp=f9c6ec74 iopl=0 nv up ei ng nz ac pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010296
DDK_HelloWorld!HookInt3Proc+0x97:
f9d298b7 3e8803 mov byte ptr ds:[ebx],al ds:0023:804e089d=6a
Resetting default scope
LAST_CONTROL_TRANSFER: from 8053377f to 804e45a2
STACK_COMMAND: kb
FOLLOWUP_IP:
DDK_HelloWorld!HookInt3Proc+97 [h:\½Ì³ÌºÏ¼¯\Íâ¹Ò½Ì³Ì\Óô½ðÏã\Çý¶¯½Ì³Ì\Óô½ðÏãÇý¶¯42-46\mini_ddk\idt.h @ 120]
f9d298b7 3e8803 mov byte ptr ds:[ebx],al
FAULTING_SOURCE_CODE:
116: push ebx
117: push eax
118: mov ebx,int3proc_addr
119: mov eax,0xE9
> 120: mov byte ptr ds:[ebx],al
121: mov eax,jmpaddr
122: mov dword ptr ds:[ebx+1],eax
123: pop eax
124: pop ebx
125: }
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: DDK_HelloWorld!HookInt3Proc+97
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: DDK_HelloWorld
IMAGE_NAME: DDK_HelloWorld.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5159738e
FAILURE_BUCKET_ID: 0xBE_DDK_HelloWorld!HookInt3Proc+97
BUCKET_ID: 0xBE_DDK_HelloWorld!HookInt3Proc+97
Followup: MachineOwner
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法