[pso] [Windows - Tema1]asm_ mov syscall, eax
Bogdan Ardeleanu
bogdanardeleanu at gmail.com
Mon Mar 27 16:52:56 EEST 2006
----- Original Message -----
From: Adrian - Razvan Deaconescu
To: Proiectarea Sistemelor de Operare
Sent: Monday, March 27, 2006 11:48 AM
Subject: Re: [pso] [Windows - Tema1]asm_ mov syscall, eax
On 3/27/06, Bogdan Ardeleanu <bogdanardeleanu at gmail.com> wrote:
Scuze pentru eroarea lexicala de mai inainte, scrisesem "_mov", dar intrebarea se mentine!
hmm, poate o bucata mai mare de cod (nu doar partea cu asm) ar fi de dorit
Razvan
Ceea ce zic acum nu e mare lucru fata de ceea ce e in curs!
// global
int s_no;
[...]
NTSTATUS (*f)();
[...]
NTSTATUS interceptor(){
int syscall, params, syscall_table, syscall_index;
void *old_stack, *new_stack;
DbgPrint("Serviciu de sistem interceptat: %d - %d", syscall, s_no); // aici se afiseaza: 1 - 120
/*
syscall_table=syscall>>12;
syscall_index=syscall&0x0000FFF;
params=KeServiceDescriptorTable[syscall_table].spt[syscall_index];
// ... ceea ce e si in curs de fapt
_asm mov old_stack, ebp
_asm add old_stack, 8
_asm sub esp, params
_asm mov new_stack, esp
memcpy(new_stack, old_stack, params);
*/
// s_no oricum e validat din tabela 0
return syscalls[s_no].f();
}
void intercept(int syscall){
// nu pot detalia cod...dar se inlocuieste functie de tratare serviciu de sistem cu "intercept()", dezactivand protectia la scriere asupra tabelei.
}
------------------------------------------------------------------------------
_______________________________________________
pso mailing list
pso at cursuri.cs.pub.ro
http://cursuri.cs.pub.ro/cgi-bin/mailman/listinfo/pso
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cursuri.cs.pub.ro/pipermail/pso/attachments/20060327/2872ddb4/attachment.html
More information about the pso
mailing list