zoukankan      html  css  js  c++  java
  • 调用门学习笔记

    学习自大佬  https://bbs.pediy.com/thread-62263.htm

    10年前的帖子,现在拿来学习还看了一下午。。。。菜鸡努力学习中

    原理帖子中讲的很清楚了,只是自己实现了一遍代码。

    //如果以ULONG对齐粒度就gg
    #pragma pack(1) 
    typedef struct
    {
        USHORT TableLimit;
        ULONG TableBase;
    }GDT,*PGDT;
    //根据上图写出结构体
    typedef struct
    {
        unsigned short  offset_0_15;
        unsigned short  selector;
    
        unsigned char    param_count : 5;
        unsigned char    some_bits : 3;
    
        unsigned char    type : 4;
        unsigned char    app_system : 1;
        unsigned char    dpl : 2;
        unsigned char    present : 1;
    
        unsigned short  offset_16_31;
    } CALLGATE_DESCRIPTOR;
    
    
    void AddGate(ULONG Fun)
    {
        CALLGATE_DESCRIPTOR* CallGate;
        GDT* gdt = ExAllocatePool(NonPagedPool,sizeof(GDT));
        ULONG pos = 0,count = 0;
        USHORT Limit = 0;
        USHORT CallGateSel = 0;
        _asm
        {
            mov eax,gdt
            sgdt [eax]
        }
        Limit = gdt->TableLimit;
        CallGate = gdt->TableBase;
        CallGate++;//调试发现第一项为空(第一项为系统保留)
        count = (Limit + 1) / 8;//Limit里面是字节
        while (pos < count)
        {    
            if (CallGate->present == 0)
            {
                //找到空闲位置
                CallGate->offset_0_15 = Fun & 0xFFFF;//低16位偏移
                CallGate->selector = 0x8;
                CallGate->param_count = 0;
                CallGate->some_bits = 0;
                CallGate->type = 0xC;
                CallGate->app_system = 0;
                CallGate->dpl = 0x3;
                CallGate->present = 0x1;
                CallGate->offset_16_31 = Fun >> 0x10;//右移16位,保存高16位
                CallGateSel = (USHORT)((pos * sizeof(CALLGATE_DESCRIPTOR)) | 0x3);
                break;
            }
            pos ++;
            CallGate++;
        }
    }
    
    __declspec(naked) void MyFun()
    {
      __asm
      {
        pushad
        pushfd
        call Ring0Run
        popfd
        popad
        retf
      }
    }
    void Ring0Run() { DbgPrint("My CallGate Run...."); }
  • 相关阅读:
    关于Tomcat启动时报The APR based Apache Tomcat Native library which allows optimal performanc e in production environments was not found on the java.library.path
    Java线程池的实现
    搜索引擎关键字智能提示的一种实现
    python简单的爬虫,网页图片
    HDU2065 指数型母函数
    HDU2063 二分图最大匹配问题
    HDU2067 卡特兰数
    HDU2068 错排
    HDU2082 普通型母函数
    ZOJ3798 Abs Problem
  • 原文地址:https://www.cnblogs.com/Anony-WhiteLearner/p/8998786.html
Copyright © 2011-2022 走看看