Index
> Windows > Hook keyboard interrupt |
| Author |
|
|
revolution 05 Oct 2008, 23:40
The interrupt vector is related to the hardware priority from the PIC. You can search all the related structures to find where it goes. The IDT is easily decoded.
And, yes, it might be the same for all versions, but just the same, it might also be different on all versions. It might also change at any time during the next patch Tuesday. Basically you can't guarantee anything since the kernel is not publicly documented. If you get stuck with anything check out my website for the IDT structure and the hardware interrupt layout. |
|||
05 Oct 2008, 23:40 |
|
|
bcdsys 06 Oct 2008, 03:13
I know IDT format and have INTEL MANUALS, I just can't find info about kbd IRQ vector. Is there way get vector from pic or from kernel, if so how? Searched google/altavista fro info but could not find answer.
|
|||
|
06 Oct 2008, 03:13 |
|
|
DOS386 06 Oct 2008, 06:08
bcdsys wrote: want hook kbd interrupt. What is vector for it on windows NT? Is it same for all version 2000/XP/20003/Vista, or does it change? Also, is idt descriptor type task gate/interrupt gate/trap gate? How do you intrude into Ring0 ?  When you have it you can read the IDT ...
Quote: get vector from pic or from kernel, if so how? PIC base ...  |
|||
|
06 Oct 2008, 06:08 |
|
|
vid 06 Oct 2008, 09:46
You need to read it from PIC, it is usually remapped to some "higher" interrupt (due to higher 4 bits of interrupt also working as priority level for it).
|
|||
|
06 Oct 2008, 09:46 |
|
|
bcdsys 08 Oct 2008, 03:18
How do I read value from PIC? Checked google, I know port 0x20 is PIC1 with IRQ1 (keyboard), but what do I read/write to port to get value?
|
|||
|
08 Oct 2008, 03:18 |
|
|
bcdsys 09 Oct 2008, 21:51
bump
can someone plase tell me how read int vector from pic |
|||
|
09 Oct 2008, 21:51 |
|
|
bcdsys 11 Oct 2008, 00:04
Found solution to problem. HalGetInterruptVector gets int vectors for IRQ.
Code: push 0 mov eax, esp push eax push eax push 1 ;IRQ push 1 ;IRQ push 0 push 1 call [HalGetInterruptVector] ;get vector of IRQ 1 add esp, 4 and eax, 0xFF ;fix vector returned by HalGetInterruptVector push eax push msg_disp_ptr call [DbgPrint] add esp, 8 returns 0x31 on win2k system and eax, 0xFF needed for correct vector, found on internet know 0x31 is vector and not error code, because IRQ 3 test returns 0x33 |
|||
|
11 Oct 2008, 00:04 |
|
|
bcdsys 11 Oct 2008, 00:55
I have successful hooked kbd interrupt, made counter count number key ints and disp at driver unload, found correctly counts ints. Know fasm kbd->ascii code exists fasmboard, will incorporate it in future version. One question: does AV scan for changed to IDT?
|
|||
|
11 Oct 2008, 00:55 |
|
|
revolution 11 Oct 2008, 01:04
bcdsys wrote: One question: does AV scan for changed to IDT? |
|||
|
11 Oct 2008, 01:04 |
|
|
bitRAKE 11 Oct 2008, 01:16
I use a USB keyboard - will your useful application also work for me?
|
|||
|
11 Oct 2008, 01:16 |
|
< Last Thread | Next Thread > |
Forum Rules:
|