[pso] Parametrii apelurilor de sistem
Andy
patrascut at yahoo.com
Mon Mar 17 12:47:27 EET 2008
Am copiat exemplul din curs si am incercat interceptarea NtOpenFile. (am vazut ca pentru win 2k3 este 0x007a syscall-u - adica 122).
Interceptarea e ok, intra in interceptor pe acest syscall. Problema apare atunci cand incerc sa deschid orice fisier, imi returneaza "The parameter is incorect". De aici trag concluzia ca in stiva noua nu sunt salvati si parametrii. Gresesc cu ceva?
NTSTATUS interceptor(){
int syscall, params, syscall_table, syscall_index, r;
void *old_stack, *new_stack;
_asm mov syscall, eax
syscall_table=syscall>>12;
syscall_index=syscall&0x0000FFF;
params=KeServiceDescriptorTable[syscall_table].spt[syscall_index];
_asm mov old_stack, ebp
_asm add old_stack, 8
_asm sub esp, params
_asm mov new_stack, esp
memcpy(new_stack, old_stack, params);
r=f();
DbgPrint("%d: %d\n", syscall, r);
}
void intercept(int syscall){
int syscall_table, syscall_index;
syscall_table=syscall>>12;
syscall_index=syscall&0x0000FFF;
f = KeServiceDescriptorTable[syscall_table].st[syscall_index];
KeServiceDescriptorTableShadow[syscall_table].st[syscall_index]=interceptor;
}
---------------------------------
Never miss a thing. Make Yahoo your homepage.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cursuri.cs.pub.ro/pipermail/pso/attachments/20080317/b1621b67/attachment.htm
More information about the pso
mailing list