diamond_sh Posted August 8, 2007 Posted August 8, 2007 hi everyonei am sorry for my bad english is there any way to interrupts access without using sys file?for example can i write kernel mode program in a dll?or can i acess to interrupts with directly using assembly in windows?please help me
human Posted August 8, 2007 Posted August 8, 2007 interupts are dead in win32, especialy win64. you have winapi, there are some kernel interupts that today even in xp are raplaced by sysenter
diamond_sh Posted August 9, 2007 Author Posted August 9, 2007 do you see trap flag plugin in ollydbg?it is in a dll that arrest of trapflag antidbg routine.how do this plugin work with interrupts ?is there any sys file for change cpu flags?
human Posted August 9, 2007 Posted August 9, 2007 (edited) better learn something more before giving stupid examples, sorry but no interupts are used today, for int1 int3 there are today exceptions, its should also generate interrupt but this is handled by windows or ring0 drivers. so only thing you get in ring3 is exceptions, you can handle them by you routine,seh or veh. to set flags whats the problem?pushfpop eaxor eax,1push eaxpopfand you set flags, problem is what will it generate, probably exception so you need to handle it.another wat is GetThreadContext and SetThreadContext www.msdn.com Edited August 9, 2007 by human
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now