[新手求助]在驱动中如何查询设备（比如键盘）的中断号-付费问答-看雪-安全社区|安全招聘|kanxue.com

最新回复 (2)
曾定国雪币： 198 活跃值： (13) 能力值： ( LV4，RANK：50 ) 在线值：发帖 8 回帖 34 粉丝 0 关注私信	曾定国 1 2 楼顶顶顶顶顶顶 2008-12-5 09:55 0
kondo 雪币： 256 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 11 回帖 89 粉丝 0 关注私信	kondo 3 楼《Rootkits: Subverting the Windows Kernel》第8章里说了： The first task in sniffing a keystroke is to determine the interrupt that fires when a key is pressed. On my Win2k machine, this interrupt is 0x31. However, every machine is different. The only sure-fire way to detect the proper interrupt is to determine what interrupt is tied to IRQ 1 in the PIC (Programmable Interrupt Controller). IRQ 1 handles the keyboard. One method of doing this involves parsing the HAL.DLL image in the kernel. 最后给的结论是说：分析一下HAL.DLL，看一下IRQ1到底挂在哪个中断号上了？ 2008-12-23 18:02 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (2)
曾定国雪币： 198 活跃值： (13) 能力值： ( LV4，RANK：50 ) 在线值：发帖 8 回帖 34 粉丝 0 关注私信	曾定国 1 2 楼顶顶顶顶顶顶 2008-12-5 09:55 0
kondo 雪币： 256 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 11 回帖 89 粉丝 0 关注私信	kondo 3 楼《Rootkits: Subverting the Windows Kernel》第8章里说了： The first task in sniffing a keystroke is to determine the interrupt that fires when a key is pressed. On my Win2k machine, this interrupt is 0x31. However, every machine is different. The only sure-fire way to detect the proper interrupt is to determine what interrupt is tied to IRQ 1 in the PIC (Programmable Interrupt Controller). IRQ 1 handles the keyboard. One method of doing this involves parsing the HAL.DLL image in the kernel. 最后给的结论是说：分析一下HAL.DLL，看一下IRQ1到底挂在哪个中断号上了？ 2008-12-23 18:02 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复