[pso] [tema1][win]Parametrii apelurilor de sistem

Andy patrascut at yahoo.com
Mon Mar 17 19:33:37 EET 2008


Salut,

Indr-adevar nu returnam eroarea :D. Scz daca am aruncat codul asa dar, se regaseste in totalitate in curs. O sa fiu mai atent next time.

Razvan Deaconescu <razvand at cs.pub.ro> wrote: On Mon, 2008-03-17 at 03:47 -0700, Andy wrote:
> Am copiat exemplul din curs si am incercat interceptarea NtOpenFile.
> (am vazut ca pentru win 2k3 este  0x007a syscall-u - adica 122). 
> Interceptarea e ok, intra in interceptor pe acest syscall. Problema
> apare atunci cand incerc sa deschid orice fisier, imi returneaza "The
> parameter is incorect". De aici trag concluzia ca in stiva noua nu
> sunt salvati si parametrii. Gresesc cu ceva?

In primul rand incearca sa fii mai grijuliu cand dai exemple de cod
relativ complete pe lista.

> NTSTATUS interceptor(){
>     int syscall, params, syscall_table, syscall_index, r;
>     void *old_stack, *new_stack;
> 
>     _asm mov syscall, eax
>     syscall_table=syscall>>12;
>     syscall_index=syscall&0x0000FFF;
>     params=KeServiceDescriptorTable[syscall_table].spt[syscall_index];
>     _asm mov old_stack, ebp
>     _asm add old_stack, 8
>     _asm sub esp, params
>     _asm mov new_stack, esp
>     memcpy(new_stack, old_stack, params);
>     r=f();
>     DbgPrint("%d: %d\n", syscall, r);
> }

What happened to 'return r'? Ce valoare are syscall si r in acel
DbgPrint?

Razvan


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
pso mailing list
pso at cursuri.cs.pub.ro
http://cursuri.cs.pub.ro/cgi-bin/mailman/listinfo/pso


       
---------------------------------
Never miss a thing.   Make Yahoo your homepage.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cursuri.cs.pub.ro/pipermail/pso/attachments/20080317/ffddde84/attachment.html 


More information about the pso mailing list