.386P
LOCALS
JUMPS
.MODEL FLAT, STDCALL ; with STDCALL we must reverse the sequence of pushes
; before a APIn call.
UNICODE = 0 ; Needed for w32.inc
INCLUDE W32.inc ; Windows definitions, messages, errors, structures,
; API functions declarations. Some additions of mine.
; Thanks to Barry Kauler and Sven Schreiber.
lp EQU OFFSET
extrn SetUnhandledExceptionFilter : PROC
.DATA
skod db 0
lpOldGate dd 0
IDT db 6 dup (0)
;---- Error Messages
szExceptionCaused db "Exception Caused - could not switch to ring 0",0
szError db "Error",0
ExceptionUsed EQU 5
.CODE
start:
call SetUnhandledExceptionFilter, lp ExceptCallBack ; Catch exceptions
; (security if ring transform
; doesn't work)
sidt fword ptr IDT ; fetch IDT register
mov ebx, dword ptr [IDT+2] ; ebx -> IDT
add ebx, 8*ExceptionUsed ; Ebx -> IDT entry of ExceptionUsed
cli ; Clear interupts
mov dx, word ptr [ebx+6] ; Save the current gate highword
shl edx, 16d
mov dx, word ptr [ebx] ; lowword
mov [lpOldGate], edx
mov eax, offset Ring0Code ; "install hook" - that is newgate
mov word ptr [ebx], ax ; lowword
shr eax, 16d
mov word ptr [ebx+6], ax ; highword
int ExceptionUsed ; cause exception
mov ebx, dword ptr [IDT+2] ; restore gate
add ebx, 8*ExceptionUsed
mov edx, [lpOldGate]
mov word ptr [ebx], dx
shr edx, 16d
mov word ptr [ebx+6], dx
CALL ExitProcess, -1 ; exit
Ring0Code PROC
mov eax, cr0 ; Ring0 code here..
iretd
Ring0Code ENDP
ExceptCallBack PROC
call MessageBoxA, 0, lp szError, lp szExceptionCaused, 0
call ExitProcess, -1
ret
ExceptCallBack ENDP
ends
end start
上面的代码是网上下载的,我看了一遍,有几个问题,想请教一下这里的大虾们
1.LOCALS
JUMPS
这两个是干什么用的?
2.UNICODE = 0 ; Needed for
INCLUDE W32.inc
这个是干什么用的,还有w32.inc我怎么找都找不到,请问那位有这个文件,能给我么?
3.我编译了一下,好象是通不过的.请问是那里错了
我不能上传附件,给个附件下载地址,请大虾们解惑.
http://www.mitu.cn:1001/tsgsearch/tsgdata/tsgdata/dataresource/computer/sourcecode/asm/asmcodes/ring0.zip
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
