flat assembler
Message board for the users of flat assembler.

Index > Windows > Kernel Drivers

Author
Thread Post new topic Reply to topic
marcinzabrze12



Joined: 07 Aug 2011
Posts: 60
marcinzabrze12
I have read discussion from there http://board.flatassembler.net/topic.php?t=10328 and base of it i wrote code of 'driver.sys' and 'program.exe'.

1. In 'driver.sys' change IA32_SYSENTER_EIP of MSR to main proc - NEW_IA32_SYSENTER_EIP (in DriverEntry function)
2. In 'program.exe' i use "sysenter" instruction like this:

Code:
proc switch_mode
                 mov        ebx, paramlist   ; point to list of parameters
                 pushfd
                 pop ecx
                 mov edi,   esp
                 mov edx,   TEST_SIGNAL   ; *** need explain
                 sysenter
                 nop
                 ret
endp 
    


And now after execute function "switch_mode" program going to
point NEW_IA32_SYSENTER_EIP.
There is the proplem:
Sometimes value of edx register is changed (<> TEST_SIGNAL ), bad sometimes everything is ok and then programm execute correctly.

Whats is the reason that EDX is changed among "sysenter" execute and NEW_IA32_SYSENTER_EIP ?

Or may be i wrong understand meaning of EDX register in this code ?

Thanks for any help and sorry for my english.
Post 03 Aug 2012, 14:03
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.