sysenter problem

Index > Windows > sysenter problem

Author

Thread

asmrox

Joined: 19 Jan 2008
Posts: 160

asmrox

following code works on int 0x2e.

Code:

format pe console
section '.code' code readable executable
mov ebp,esp
push 40960000
call [malloc]
mov esi,eax
push 0
push 40960000
push esi
push 5
push aa
mov eax,0xAD
mov edx,esp
sysenter
aa:
push eax
push ff
call [printf]
mov esp,ebp
a:
add esi,dword [esi]
push dword [esi+60]
push dword [esi+68]
push f
call [printf]
mov esp,ebp
cmp dword [esi],0
jnz a
ret
section '.data' data readable writeable
f db '<%u> %ws',13,10,0
ff db '   returned: %p',13,10,13,10,0
section '.idata' import data readable
dd 0,0,0,RVA msvcrt_name,RVA msvcrt_table
dd 0,0,0,0,0
msvcrt_table:
malloc dd RVA _malloc
printf dd RVA _pritnf
dd 0
msvcrt_name db 'msvcrt.dll',0
_pritnf db 0,0,'printf',0
_malloc db 0,0,'malloc',0

Why it return 0xC0000003 ?

23 Feb 2008, 06:21

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system

revolution

asmrox wrote:

Why it return 0xC0000003 ?

Just use the API and you won't have any more problem. Simple rule of thumb: Don't use undocumented methods when there are perfectly functioning documented alternatives.

23 Feb 2008, 06:48

asmrox

Joined: 19 Jan 2008
Posts: 160

asmrox

im not asking you what should i learn, i have a problem, and i must solve it (your help would be nice).

23 Feb 2008, 10:58

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system

revolution

asmrox wrote:

i have a problem

Okay, but how can anyone help you unless they work at MS and know all about sysenter? You will have to supply which OS version and what patch level you expect your procedure to work with.

asmrox wrote:

i must solve it

I am very curious as to why you must use sysenter and can't use the normal allocation functions? Do tell.

asmrox wrote:

your help would be nice

I'll try my best to help you to understand that undocumented methods are, at best, problematic. You cannot guarantee they will work on all systems or even on any one system after a new patch. If you really really really really must use sysenter then you have to be very specific about exactly which OS etc. else if I have a different OS/patch level then my results may differ from yours and thus be totally useless to you.

23 Feb 2008, 11:29

f0dder

Joined: 19 Feb 2004
Posts: 3170
Location: Denmark

f0dder

revolution wrote:

I am very curious as to why you must use sysenter and can't use the normal allocation functions? Do tell.

Sheeeeeeeellcoooooooode.

_________________

- carpe noctem

23 Feb 2008, 20:27

AlexP

Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.

AlexP

f0dder wrote:

Sheeeeeeeellcoooooooode.

-lol-

24 Feb 2008, 00:55

asmrox

Joined: 19 Jan 2008
Posts: 160

asmrox

in shelcode i would use int 0x21

i just wana know how work sysenter

24 Feb 2008, 02:20

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system

revolution

asmrox wrote:

i just wana know how work sysenter

Then your solution is simple, don't use Windows as you testing platform. Load up a DOS and play with sysenter in there.

24 Feb 2008, 02:49

AlexP

Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.

AlexP

http://www.codeguru.com/cpp/w-p/system/devicedriverdevelopment/article.php/c8223/

24 Feb 2008, 02:53

asmrox

Joined: 19 Jan 2008
Posts: 160

asmrox

i already read this link, it doesnt explain how should sysenter look, it only says how it work...

24 Feb 2008, 08:08

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system

revolution

asmrox wrote:

i just wana know how work sysenter

asmrox wrote:

... it doesnt explain how should sysenter look, it only says how it work...

So which is it? You want to know how to "work" it or how it should "look"? We will all have a hard time answering your q's if you are not sure about what you really want.

24 Feb 2008, 13:41

asmrox

Joined: 19 Jan 2008
Posts: 160

asmrox

Quote:

if you are not sure about what you really want.

i want example Smile

24 Feb 2008, 13:45

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system

revolution

In what way does the link above not give you an example? Is shows how Windows uses sysenter to do it's thing, including the MSRs and GDT etc.. You said you want to learn about sysenter and it gives precise details about how to use it. So ... how about you tell us what you really want, else we will never be able to help.

24 Feb 2008, 13:51

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum