如题。

;@echo off
;goto make

.386
.model flat, stdcall
option casemap:none

include \masm32\include\w2k\ntddk.inc
include \masm32\include\w2k\ntstatus.inc
include \masm32\include\w2k\ntoskrnl.inc
includelib \masm32\lib\w2k\ntoskrnl.lib
include \masm32\Macros\Strings.mac

MAKELONG macro a, b
        mov ax, a
        shl eax, 16
        or ax, b
endm

IDTENTRY struct
        lowoffset dw 0
        selector dw 0
        unused db 0
        segment_type db 0
        system_segment_flag db 0
        dpl db 0
        p db 0
        hioffset dw 0

IDTENTRY ends

IDTINFO struct
        idtLimit dw 0
        lowIdtBase dw 0
        hiIdtBase dw 0
IDTINFO ends

MAX_IDT_ENTRIES equ 128

.data

.code

onUnload proc driverObject:PDRIVER_OBJECT
        invoke DbgPrint, $CTA0("onUnload call\n")
onUnload endp

driverEntry proc theDriverObject:PDRIVER_OBJECT, theRegisterPath:PUNICODE_STRING
        local @idtInfo:IDTINFO
        local @idtEntry:ptr IDTENTRY
        local @buf[255]:byte

        mov eax, theDriverObject
        assume eax:ptr DRIVER_OBJECT
        mov [eax].DriverUnload, offset onUnload
        assume eax:nothing

        lea eax, @idtInfo
        sidt [eax]

        MAKELONG @idtInfo.hiIdtBase, @idtInfo.lowIdtBase

        mov @idtEntry, eax

        mov ecx, MAX_IDT_ENTRIES
        mov esi, 0
L1:
        mov edi, [@idtEntry + esi * type @idtEntry]
        assume edi:ptr IDTENTRY
        MAKELONG [edi].hioffset, [edi].lowoffset

        invoke _snprintf, @buf, 200, $CTA0("Interrupt %d: ISR 0x%08X\n"), esi, eax
        invoke DbgPrint, @buf
        inc esi
        loop L1
        ret
driverEntry endp

end driverEntry

:make
set drv=idtTest
\masm32\bin\ml /nologo /c /coff %drv%.bat
\masm32\bin\link /nologo /driver /base:0x10000 /align:32 /out:%drv%.sys /subsystem:native %drv%.obj
del %drv%.obj
echo.
pause

[课程]FART 脱壳王！加量不加价！FART作者讲授！

上传的附件：

• idtTest.rar （0.86kb，6次下载）