请教：碰到sysenter怎么办？-软件逆向-看雪-安全社区|安全招聘|kanxue.com

最新回复 (3)
d1y2j3 雪币： 213 活跃值： (16) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 133 粉丝 0 关注私信	d1y2j3 2004-11-29 21:35 2 楼 0 http://www.codeguru.com/Cpp/W-P/system/devicedriverdevelopment/article.php/c8223__1/ System Call Optimization with the SYSENTER Instruction 有些看不懂，///////////////////////////////////////////////// If you have paid close attention so far, you might have noticed that there is no "SYSEXIT_EIP_MSR" or "SYSEXIT_ESP_MSR" register. So, how does the SYSEXIT instruction know where to return to in the user-mode code that initially called SYSENTER? When you think about it, such information could not be fixed in an MSR because each system call can potentially originate from completely different locations in user-mode. Therefore, it is the responsibility of the caller (the code that calls SYSENTER) to place the address the CPU is to return to after the system call has returned in the EDX register. The caller must also place the current stack pointer (the value of ESP) in the ECX register. The SYSEXIT instruction will then restore the original value in the EIP and ESP by copying the content from EDX and ECX respectively. This will cause the execution to continue at the instruction after the original SYSENTER instruction. //////////////////////////////////////////////////////////// ----------------------------------------------------------------- 01年，知道有软件破解这回事，无奈人太笨，到现在还没学会：-（
riijj 雪币： 2319 活跃值： (565) 能力值： (RANK：300 ) 在线值：发帖 150 回帖 1307 粉丝 9 关注私信	riijj 7 2004-11-29 23:11 3 楼 0 楼主，为甚么你要跟进 system call 里 ?
d1y2j3 雪币： 213 活跃值： (16) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 133 粉丝 0 关注私信	d1y2j3 2004-11-29 23:40 4 楼 0 最初由 riijj 发布楼主，为甚么你要跟进 system call 里 ? 想看看从那里出来. ///////////////////////////////////////////// 在sysenter指令处的看ECX+B8的值,通常是产生异常的地方, 异常处理完后,返回的地方也在这里 ///////////////////////////////////////////// ----------------------------------------------------------------- 01年，知道有软件破解这回事，无奈人太笨，到现在还没学会：-（
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复

最新回复 (3)
d1y2j3 雪币： 213 活跃值： (16) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 133 粉丝 0 关注私信	d1y2j3 2004-11-29 21:35 2 楼 0 http://www.codeguru.com/Cpp/W-P/system/devicedriverdevelopment/article.php/c8223__1/ System Call Optimization with the SYSENTER Instruction 有些看不懂，///////////////////////////////////////////////// If you have paid close attention so far, you might have noticed that there is no "SYSEXIT_EIP_MSR" or "SYSEXIT_ESP_MSR" register. So, how does the SYSEXIT instruction know where to return to in the user-mode code that initially called SYSENTER? When you think about it, such information could not be fixed in an MSR because each system call can potentially originate from completely different locations in user-mode. Therefore, it is the responsibility of the caller (the code that calls SYSENTER) to place the address the CPU is to return to after the system call has returned in the EDX register. The caller must also place the current stack pointer (the value of ESP) in the ECX register. The SYSEXIT instruction will then restore the original value in the EIP and ESP by copying the content from EDX and ECX respectively. This will cause the execution to continue at the instruction after the original SYSENTER instruction. //////////////////////////////////////////////////////////// ----------------------------------------------------------------- 01年，知道有软件破解这回事，无奈人太笨，到现在还没学会：-（
riijj 雪币： 2319 活跃值： (565) 能力值： (RANK：300 ) 在线值：发帖 150 回帖 1307 粉丝 9 关注私信	riijj 7 2004-11-29 23:11 3 楼 0 楼主，为甚么你要跟进 system call 里 ?
d1y2j3 雪币： 213 活跃值： (16) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 133 粉丝 0 关注私信	d1y2j3 2004-11-29 23:40 4 楼 0 最初由 riijj 发布楼主，为甚么你要跟进 system call 里 ? 想看看从那里出来. ///////////////////////////////////////////// 在sysenter指令处的看ECX+B8的值,通常是产生异常的地方, 异常处理完后,返回的地方也在这里 ///////////////////////////////////////////// ----------------------------------------------------------------- 01年，知道有软件破解这回事，无奈人太笨，到现在还没学会：-（
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复