|
|
|---|---|
|
|
FakestRdtsc,抄袭Deroko的
 俯卧撑我能做仨volatile __declspec(naked) void NewInt0D()
{
//
// - Interrupt 0D Handler -
//
// offset | contains
// ---------+-----------------------------
// esp : Error Code
// esp + 4 : EIP Context
// esp + 8 : CS Context
// esp + C : EFLAGS
//
__asm
{
pushad
mov eax, [esp+24h] ; eip
cmp eax, 80000000h ; skip kernel stuff
ja __oldint0d
push eax
call PrefixedRdtsc ; get prefix size
mov esi, [esp+24h]
add esi, eax
cmp word ptr [esi], 310Fh ; rdtsc
jne __oldint0d
add eax, 2 ; prefix+opcode
add [esp+24h], eax ; adjust eip
lea esi, TimeStamp ; fake rdtsc
// Fuck the nasty rdtsc ;-)
mov ecx, [esi] ; lower 32b
mov ebx, [esi+4] ; higher 32b
rdtsc
sub eax, ecx
sbb edx, ebx ; edx:eax = real delta
mov ecx, 05h ; delta>>5, modify this if needed
call __allshr
mov ecx, [esi]
mov ebx, [esi+4]
add ecx, eax
mov [esp+1Ch], ecx ; update eax
adc ebx, edx
mov [esp+14h], ebx ; update edx
test dword ptr [esp+2Ch], 100h ; eflags
jnz __kitrap01
popad
add esp, 4 ; discard error code
iretd
__kitrap01:
push esi
sidt fword ptr[esp-2]
pop esi
lea esi, [esi+8]
mov ax, word ptr[esi+6]
shl eax, 10h
mov ax, word ptr[esi]
mov [esp+20h], eax ; replace ErrorCode with int1 handler
popad
retn ; go to KiTrap01
__oldint0d:
popad
jmp OldHandler0D
}
}
|
|
|
膜拜+学习
|
|
|
|
