-
-
[讨论] 在某个函数中一调用WPONx64就会BSOD.
-
2018-11-29 22:44
2858
-
[讨论] 在某个函数中一调用WPONx64就会BSOD.
在某个函数中一调用WPONx64就会BSOD.但是在其他函数中调用却没有问题。请问这是为啥?可以WPOFF。但是WPOFF完了以后不能WPON。
WPON代码如下
后来我尝试用MDL映射的方式去解除和开启保护,结果也是一样的。关闭保护的时候没事。一开始就出问题。经过调试,问题应该是出在__writercr0这句上,
sti指令。网上查了一下也没有出现啥类似的。所以来这问一下
蓝屏的dump分析如下
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff80003199000, memory referenced
Arg2: 000000000000000d, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003e97e1c, address which referenced memory
Debugging Details:
------------------
c0000005 Exception in ext.analyze debugger extension.
PC: 00007ffb`772f8abe VA: 00000000`00000038 R/W: 0 Parameter: 00000000`00000000
VOID WPONx64(KIRQL irql)
{
UINT64 cr0 = __readcr0();
cr0 |= 0x10000;
_enable();
__writecr0(cr0);
KeLowerIrql(irql);
}
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
最后于 2018-11-29 22:45
被wx_clay编辑
,原因: