[驱动开发] 遍历IDT表

A- A+
流沙团 驱动开发 5028View 0

没啥技术含量

主要就是指令 sidt 


详细代码 


#include <ntddk.h>

#define  WORD USHORT
#define  DWORD ULONG

#define MAKELONG(a,b) ((DWORD)((USHORT)a))|(((DWORD)b)<<16)

typedef struct _IDTR{
	USHORT   IDT_limit;
	USHORT   IDT_LOWbase;
	USHORT   IDT_HIGbase;
}IDTR, *PIDTR;

typedef struct _IDTENTRY
{
	unsigned short LowOffset;
	unsigned short selector;
	unsigned char retention : 5;
	unsigned char zero1 : 3;
	unsigned char gate_type : 1;
	unsigned char zero2 : 1;
	unsigned char interrupt_gate_size : 1;
	unsigned char zero3 : 1;
	unsigned char zero4 : 1;
	unsigned char DPL : 2;
	unsigned char P : 1;
	unsigned short HiOffset;
} IDTENTRY, *PIDTENTRY;

void readIDTinfo()
{
	IDTR idt;
	ULONG idtBase;
	ULONG uIndex;
	PIDTENTRY PIdtData;
	__asm{
		SIDT idt
	}
	DbgPrint("idtbase: 0x%X%X, limit: %x", idt.IDT_HIGbase, idt.IDT_LOWbase, idt.IDT_limit/8);
	idtBase = MAKELONG(idt.IDT_LOWbase, idt.IDT_HIGbase);
	DbgPrint("base: 0x%X", idtBase);

	//依次列出所有的idt表数据
	PIdtData = (PIDTENTRY)idtBase;
	DbgPrint("sizeof(IntData): %d", sizeof(PIdtData[0]));
	for (uIndex = 0; uIndex<(ULONG)idt.IDT_limit/8; uIndex++)
	{
		DbgPrint("%d, 0x%X", uIndex, MAKELONG(PIdtData[uIndex].LowOffset,PIdtData[uIndex].HiOffset));
	}
}


VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject)
{
	
	DbgPrint("DriverUnload");
}


NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING RegistryPath)
{
	readIDTinfo();

	pDriverObject->DriverUnload = DriverUnload;
	DbgPrint("DriverEntry");
	return STATUS_SUCCESS;
}

原文链接: [驱动开发] 遍历IDT表 版权所有,转载时请注明出处,违者必究。
注明出处格式:流沙团 ( https://www.gyarmy.com/post-499.html )

发表评论

0则评论给“[驱动开发] 遍历IDT表”