int hook坛子里有,这个帖子很老了,当时q说的我也不会没去做,但现在来想想,他的意思把内存保护页改了不可写以后,钩了0e号中断,这个中断号不太清楚是干什么用的,可能是来处理内存页属性修改会中断的吧,我也不太清楚猜测而已,当时Q说在0e号中断判断下Cur Pro,可能就是这样了,你可以查下中断号0E的作用.
Interrupt 14—Page-Fault Exception (#PF)
Exception Class Fault.
Description
Indicates that, with paging enabled (the PG flag in the CR0 register is set), the
processor detected one of the following conditions while using the page-translation
mechanism to translate a linear address to a physical address:
• The P (present) flag in a page-directory or page-table entry needed for the
address translation is clear, indicating that a page table or the page containing
the operand is not present in physical memory.
• The procedure does not have sufficient privilege to access the indicated page
(that is, a procedure running in user mode attempts to access a supervisor-mode
page).
• Code running in user mode attempts to write to a read-only page. In the Intel486
and later processors, if the WP flag is set in CR0, the page fault will also be
triggered by code running in supervisor mode that tries to write to a read-only
user-mode page.
• An instruction fetch to a linear address that translates to a physical address in a
memory page with the execute-disable bit set (for Intel 64 and IA-32 processors
that support the execute disable bit, see Section 3.10, “PAE-Enabled Paging in
IA-32e Mode”).
• One or more reserved bits in page directory entry are set to 1. See description
below of RSVD error code flag.
The exception handler can recover from page-not-present conditions and restart the
program or task without any loss of program continuity. It can also restart the
program or task after a privilege violation, but the problem that caused the privilege
violation may be uncorrectable.
崩溃~
