flat assembler
Message board for the users of flat assembler.
Index
> Windows > Kernel Drivers |
Author |
|
marcinzabrze12 03 Aug 2012, 14:03
I have read discussion from there http://board.flatassembler.net/topic.php?t=10328 and base of it i wrote code of 'driver.sys' and 'program.exe'.
1. In 'driver.sys' change IA32_SYSENTER_EIP of MSR to main proc - NEW_IA32_SYSENTER_EIP (in DriverEntry function) 2. In 'program.exe' i use "sysenter" instruction like this: Code: proc switch_mode mov ebx, paramlist ; point to list of parameters pushfd pop ecx mov edi, esp mov edx, TEST_SIGNAL ; *** need explain sysenter nop ret endp And now after execute function "switch_mode" program going to point NEW_IA32_SYSENTER_EIP. There is the proplem: Sometimes value of edx register is changed (<> TEST_SIGNAL ), bad sometimes everything is ok and then programm execute correctly. Whats is the reason that EDX is changed among "sysenter" execute and NEW_IA32_SYSENTER_EIP ? Or may be i wrong understand meaning of EDX register in this code ? Thanks for any help and sorry for my english. |
|||
03 Aug 2012, 14:03 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.