note : get address of KiFastCallEntry
2013-08-18 18:33
253 查看
在开源工程中看到取 KiFastCallEntry 地址, 但是 rdmsr 的参数 0x176, 是个魔法数.
查了资料, 弄清楚了魔法数的含义.
查了资料, 弄清楚了魔法数的含义.
#ifndef IA32_SYSENTER_EIP #define IA32_SYSENTER_CS 0x174 ///< The 16-bit selector of a Ring 0 code segment #define IA32_SYSENTER_EIP 0x176 ///< The 32-bit offset into a Ring 0 code segment #define IA32_SYSENTER_ESP 0x175 ///< The 32-bit stack pointer for a Ring 0 stack #endif // #ifndef IA32_SYSENTER_EIP
PUCHAR pKiFastCallEntry = NULL;
_asm
{
pushad;
mov ecx, IA32_SYSENTER_EIP;
rdmsr; ///< 读 MSR 寄存器
mov pKiFastCallEntry, eax;
popad;
}
/// 判断是否已经被Hook
if (0xe9 == *pKiFastCallEntry)
{
DbgPrint("Terminate System Thread\n");
return;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- GetAddressOfKiFastCallEntry()
- How can I get the IPv4 address of an interface in linux from C code ?
- get register by address instead of name
- note : get COM interface method address
- get IP address of a given machine
- Using PowerCLI to get the IP address of a VM
- Get IP address of iPhone
- Get IP address of the user in SAP ABAP
- Android: get IP address of device
- Get the IP address of a network interface in C using SIOCGIFADDR
- Studying note of GCC-3.4.6 source (112)
- Warning: Permanently added the RSA host key for IP address '192.30.253.113' to the list of known hos
- 01.MySql连接错误:Cannot get hostname for your address
- inline hook KiFastCallEntry
- load of misaligned address 0x000000835093 for type 'int'
- Spring v3.0.2 Learning Note 4 - Scope of Beans
- About the address of variable
- READING NOTE: Face Detection with End-to-End Integration of a ConvNet and a 3D Model
- note: the mangling of 'va_list' has changed in GCC
- Linux下时间输出格式精确到微秒-gettimeofday