Message board for the users of flat assembler.
> Windows > Kernel Drivers
I have read discussion from there http://board.flatassembler.net/topic.php?t=10328 and base of it i wrote code of 'driver.sys' and 'program.exe'.
1. In 'driver.sys' change IA32_SYSENTER_EIP of MSR to main proc - NEW_IA32_SYSENTER_EIP (in DriverEntry function)
2. In 'program.exe' i use "sysenter" instruction like this:
proc switch_mode mov ebx, paramlist ; point to list of parameters pushfd pop ecx mov edi, esp mov edx, TEST_SIGNAL ; *** need explain sysenter nop ret endp
And now after execute function "switch_mode" program going to
There is the proplem:
Sometimes value of edx register is changed (<> TEST_SIGNAL ), bad sometimes everything is ok and then programm execute correctly.
Whats is the reason that EDX is changed among "sysenter" execute and NEW_IA32_SYSENTER_EIP ?
Or may be i wrong understand meaning of EDX register in this code ?
Thanks for any help and sorry for my english.
|03 Aug 2012, 14:03||
< Last Thread | Next Thread >
Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.
Website powered by rwasa.