i write a keylogger that modify IVT to intercept Int9 to retrieve keystrokes however when i try to write my keylogger in MBR i kant modify the 0:24h of int 9. why in windows MBR i dont modify the IVT?
You have an error in your code at line 17.
Unless you target pre-Win95 versions, you will not gain much by intercepting Int9 handling.
Not to offend you, but either you try to do something really cool that you cannot explain or you don’t understand certain basic topics like the difference between real mode and protected mode, the OS loading process, stuff like that. Anyway, in order to get any decent help you need to formulate the task you’re trying to solve and (since you apparently have some code that doesn’t work) the solution you’ve chosen but have difficulties to implement.
Joined: 24 Aug 2004
Location: Misner space
Re: Why windows freeze onto MBR if i try to write at interrupt?
i already know that isn't a good idea hook int 9 however i want know why windows freeze if i try to write at 0:24h at MBR?
Because your code it buggy? Because your code writes to memory used by Windows? Because Windows is buggy? Because Windows detects something not right? Because Windows writes to memory used by your code? All of the above? Remember that Windows isn't expecting anything to be in the RAM except for its own MBR so it would just use memory as it wants to.
Without the source code for either Windows or your MBR it is going to be very hard to find out why. You could try running in a VM and using a host debugger or logger.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum