久久综合伊人噜噜色,日本三级香港三级人妇电影精品,亚洲中文色资源,国产高清一区二区三区人妖

      <small id="r7w9x"></small>

          <td id="r7w9x"></td><sub id="r7w9x"><menu id="r7w9x"><samp id="r7w9x"></samp></menu></sub>
        2. 

          4. <th id="r7w9x"></th>
          1. 

            汶上信息港
            
標(biāo)題: 利用SEH進(jìn)入ring0以及單步自跟蹤的實(shí)現(xiàn) [打印本頁(yè)]
            

            
作者: hbhdgpyz    時(shí)間: 2008-9-28 16:36
            
標(biāo)題: 利用SEH進(jìn)入ring0以及單步自跟蹤的實(shí)現(xiàn)
            <FONT face=宋體 size=2>一、ring0!并不遙遠(yuǎn)...</FONT>
            
- l- `8 {, D. x' Y5 Y<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN></SPAN></P>+ w4 y1 h3 ^! C; I
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN>作為seh的一個(gè)有趣的應(yīng)用是進(jìn)入ring0,ring0意味著更多的權(quán)利,意味著你可以進(jìn)行一些其他ring3級(jí)應(yīng)用程序不能進(jìn)行的操作,譬如改自己的代碼段(在不修改段屬性的前提下),改系統(tǒng)數(shù)據(jù)(病毒?)等等,在9X下進(jìn)入ring0的方法很多,在NT下困難的多,SEH只是其中較簡(jiǎn)單的一種.打開調(diào)試器看看系統(tǒng)kernel的工作狀態(tài),在9X下cs一般是28h,ds,ss等通常是30h,因此只要我們的cs和ss等在異常處理程序中被賦予上述ring0選擇子值,進(jìn)入ring0就可以實(shí)現(xiàn).可能我們需要執(zhí)行較復(fù)雜的操作,在ring0下一般不能直接調(diào)用常用api,當(dāng)然VxD,WDM等提供的系統(tǒng)服務(wù)是另外一種選擇. 否則,這在用下述簡(jiǎn)單方法進(jìn)入ring0后執(zhí)行會(huì)產(chǎn)生錯(cuò)誤,因此,我們?cè)趓ing0下盡快完成需要完成的任務(wù),然后迅速返回ring3.</SPAN></P>- `" K( |4 w, m, h' d4 e; m
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">在<SPAN lang=EN-US>ring0下要完成如下任務(wù):</SPAN></SPAN></P># X( H. r# e' D4 C" |' i* m
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>; W' v! {, H7 ?( u( B
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">1.取CR3的值,返回ring3顯示.在ring3下不可以讀取cr3的值.你可以打開kernel調(diào)試器看看例子程序取到的值是否正確.</SPAN></P>
            
5 G* `1 U( t# B* y% W; ^<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">2.修改代碼段后面的jmp ****代碼,這在通常情況下只會(huì)導(dǎo)致保護(hù)錯(cuò)誤.而在ring0下是可以的,就像在前面例子中用she實(shí)現(xiàn)SMC的效果是一樣的,最后顯示幾個(gè)MsgBox,證明我們?cè)?jīng)到達(dá)過(guò)ring0</SPAN></P>
            
' d7 E5 E2 j) h/ k8 Q. _( ~8 `<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>8 o: t, V8 r" d4 c
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">這個(gè)例子是參考<SPAN lang=EN-US>owl的那個(gè)nasm寫的例子用masm改寫,并增加ring0下SMC的代碼部分以作演示.另外代碼中iretd指令并不是簡(jiǎn)單實(shí)現(xiàn)跳轉(zhuǎn),而是實(shí)現(xiàn)從ring0切回ring3的功能,在變換代碼特權(quán)級(jí)的同時(shí),堆棧的也要變換到ring3.可能原例子ljtt前輩的中文注釋容易引起初學(xué)者的誤解.</SPAN></SPAN></P>
            
" u! g2 n5 m: d' t<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>6 n4 Y9 a9 ]4 N0 K
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">別的不說(shuō)<SPAN lang=EN-US>,我發(fā)現(xiàn)進(jìn)入ring0后修改代碼段可以使trw的跟蹤崩潰...hmmm,好消息?代碼如下:</SPAN></SPAN></P>& J) j  R7 K: `! ?0 c
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">其中用的一些宏在<SPAN lang=EN-US>Ex5中已經(jīng)貼了,就不再重復(fù).</SPAN></SPAN></P>: ~4 V+ y1 T8 o/ G
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
            
: t& I7 _) ^- B+ J$ v0 v2 x" y/ `<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;Ex6,演示利用seh進(jìn)入ring0! by Hume,2002</SPAN></P>) k0 l8 Q% U% c7 Z
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;humewen@21cn.com </SPAN></P>
            
" r3 V! W! |7 c! m  [<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;hume.longcity.net</SPAN></P>
            
: w/ a5 d2 {4 M& K7 Z8 t<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>/ X* i8 A! S* j8 f
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">.586</SPAN></P>
            
" }' |( j' U. w% d: B8 U<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">.model flat, stdcall</SPAN></P>/ g% C& S; w3 `* Z5 E% ~  w/ g
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">option casemap :none<SPAN style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN>; case sensitive</SPAN></P>
            
* l# Q9 [2 a8 Q3 [<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">include hd.h</SPAN></P>2 Z4 @2 R$ ~0 p8 K
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">include mac.h</SPAN></P>
            
- G- Y- a& g0 X" Y+ J, \<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>( \' n' X) L. w4 ?/ y
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;;--------------</SPAN></P>+ Y7 [0 F  m8 F* O
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">ring0_xHandler<SPAN style="mso-tab-count: 1">&nbsp;&nbsp; </SPAN><SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>proto C :DWORD,:DWORD,:DWORD,:DWORD</SPAN></P>$ _" w9 |" E+ e, x% A& }* b" N5 e
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>.data</SPAN></P>
            
1 d$ }. W, v9 R: i* U; I* O4 ]! m4 N: ?<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">szbuf<SPAN style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN>db 100 dup (0)</SPAN></P>  \" X- H- e- R% O5 {3 B: ~( g
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">count<SPAN style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN>dd 0</SPAN></P>8 k+ Y8 K/ g' P% V& A
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;;-----------------------------------------</SPAN></P>
            
! N+ K6 ?, Y2 ]# l  _<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">.CODE</SPAN></P>! s' @! H. k+ q! E/ T
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">_Start:</SPAN></P>
            
0 r4 D5 x  J0 M: U1 c" T* V4 k' Y<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>assume fs:nothing</SPAN></P>. A1 W& r  l% j( C: ?
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>offset ring0_xHandler</SPAN></P>
            
4 H( S" o- u- w3 ~6 Q<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>fs:[0]</SPAN></P>
            
, B7 ^+ W- X) f% N<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>fs:[0],esp</SPAN></P>& m+ z; W: |/ l+ y
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;--------------------</SPAN></P>7 T; }4 `+ M: B+ B& Z" `
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>ecx,ds</SPAN></P>
            
( \$ A9 `8 k; y0 {2 E$ g" Q. E# M<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>test<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>ecx,100b</SPAN></P>
            
/ C; j! |2 V6 _5 |# h* b<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>jz<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>NT_2K_XP<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;NT/2K/XP has no LDT </SPAN></P>
            
: x+ B7 z- [: U' M9 b<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>pushfd</SPAN></P>
            
8 ~% }- [" U  Z; C, X<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>eax,esp</SPAN></P>
            
6 ]  U$ q% x/ L+ M3 x. l<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>
            
1 S" `5 {& m3 }3 F<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>int<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>3</SPAN></P># s' \1 k& y# i
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>ebx,cr3<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;現(xiàn)在,正式宣布,進(jìn)入ring0! </SPAN></P>
            
8 ~& F' K1 h% `% Y( Z<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;呵呵這樣簡(jiǎn)單就進(jìn)入ring0了,至于進(jìn)入</SPAN></P>
            
. Z9 `1 a3 ?* {<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>ebx<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;ring0有啥用,不要問(wèn)我!</SPAN></P>2 t+ O  u7 g# D. I; h+ N* j) B* E
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>lea<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>ebx,offset _modi<SPAN style="mso-spacerun: yes">&nbsp; </SPAN>;SMC</SPAN></P>
            
% r; C# P% I' j8 v' x8 ?6 c! {7 {<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp; </SPAN><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>byte ptr[ebx],75h ;修改jmp addinfo為jnz addinfo指令</SPAN></P>: z0 m- E2 y; r/ `  u& C
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>pop<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>ebx</SPAN></P>
            
; X* E8 L8 u; X<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>
            
8 p9 s5 v! ^+ P: h5 I# F) o<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>edx<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;ss</SPAN></P>2 j& g7 f" K1 }
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>eax<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;esp</SPAN></P>6 R) d# F5 \: M; _* j* C; M, v( {
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[eax]<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;eflags<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>
            
; Y) E0 _8 q* q' N7 i' }% P<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>ecx<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN>;cs</SPAN></P>, _+ r0 J0 p, I! Q% ]% L# b+ P
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>offset ring3back<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;eip</SPAN></P>0 Y6 p! I6 d" c
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>iretd<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;這里是通過(guò)iretd 指令返回特權(quán)級(jí)3</SPAN></P>
            
$ [$ Q  O7 O: G  N+ ?9 k8 m( G<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>
            
. B* R% ]# v; z4 ^<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">ring3back:</SPAN></P>: v2 L& _# E# c4 a: Y/ t
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>popfd</SPAN></P>1 J/ q( v1 C  J& `, a1 {
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>invoke<SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>wsprintf,addr szbuf,ddd("It's in ring0,please see CR3==%08X",0dh,oah,"following display Modified info..."),ebx</SPAN></P>
            
% T3 j. S& Z4 G2 K<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>invoke<SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>MessageBox,0,addr szbuf,ddd("Ring0! by Hume[AfO]"),40h<SPAN style="mso-spacerun: yes">&nbsp; </SPAN></SPAN></P>
            
" N: w% E" O, H3 g: u, S; p<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>xor<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>eax,eax</SPAN></P>
            
8 B, o# f+ ]+ V0 A7 \<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;add<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>eax,2</SPAN></P>
            
2 b/ E5 ]8 r) P) R3 c9 o<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>.data</SPAN></P>
            
2 n: g" e# x1 k4 g' R* L<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>Nosmc db "Not modified area!",0</SPAN></P>
            
* C: c3 q% U$ v* k' b8 n1 G& I# _" _<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>besmc db "haha,I am modified by self in ring0!",0</SPAN></P>
            
# [* M- O  ]. ~* M" P<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;</SPAN>.code</SPAN></P>
            
4 p( N# J9 l, U2 t<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>ebx,offset Nosmc</SPAN></P># K0 x+ M* ?  X
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>eax,0</SPAN></P>* T3 P) d# r0 Y( g5 {
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">_modi:</SPAN></P>1 U! O, U9 C7 t
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;</SPAN><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>jmp<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>addinfo<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;SMC后將這里改為jnz addinfo </SPAN></P>7 g& g' y4 h( M- u. V" W2 |$ Z
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>& C; r. Z! J: J! `5 z9 Q8 T
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>ebx,offset besmc</SPAN></P>3 M6 ]2 Q0 ^: h. T0 }
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>eax,30h</SPAN></P>
            
7 J0 b6 t, A9 d, R$ s/ Z- \<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">addinfo:</SPAN></P>
            
, O' T9 C3 [- d+ Y: E% ^) G<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>invoke<SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>MessageBox,0,ebx,ddd("Rin0 SMC test"),eax</SPAN></P>, T, j- {- [. I: Q1 M
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">_exit:</SPAN></P>8 `0 O9 v. ^2 i  F8 w
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;--------------------<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>; d- w9 ?5 P# W, m  k. @% c
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>pop<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>fs:[0]</SPAN></P>
            
8 g  h. Q3 r" _<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;</SPAN>add<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>esp,4</SPAN></P>
            
8 [- Y: T3 s% X  s<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>invoke<SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>ExitProcess,0</SPAN></P>
            
# W' X$ a  P- D$ z* h% U<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>
            
1 b4 a9 \1 s! s+ m" o<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">NT_2K_XP:</SPAN></P>
            
3 ~( D" }& _+ r% k  \<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>invoke<SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>MessageBox,0,ddd("The example not support NT/2K/Xp,only 9x!"),ddd("By hume"),20h</SPAN></P>6 ~6 T& I. p& D5 c, ?
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>jmp<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>_exit</SPAN></P>1 v2 a9 W- b  ]
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
            
! v' X) \. F1 ?8 q<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">ring0_xHandler PROC C pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD</SPAN></P>
            
3 P  z* e0 D- `$ }' h4 Q& ^2 C<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>pushad<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>$ W4 K+ {$ i: ^9 Y( I' ?- \, ^3 {
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">assume<SPAN style="mso-spacerun: yes">&nbsp; </SPAN>edi:ptr CONTEXT</SPAN></P>% n5 `# k& p9 q/ E0 X( |
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">assume<SPAN style="mso-spacerun: yes">&nbsp; </SPAN>esi:ptr EXCEPTION_RECORD</SPAN></P>
            
* w' ?5 V# A* t! o<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P># W, v! Q4 ~) s' w) `. W
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>esi,pExcept</SPAN></P>
            
. y- Z: G) s) ?<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>edi,pContext<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>/ s' i6 ?" y8 c% P
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>test<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[esi+4],1<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;Exception flags</SPAN></P>
            
/ \4 T! T+ t6 s" m<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>jnz<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>@f<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>* r8 L4 X! Q3 Z8 C7 [$ z
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>test<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[esi+4],6</SPAN></P>, B% k  J% s8 v; h9 z+ [+ {
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>jnz<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>@f</SPAN></P>  {; L2 B) J% u7 Z
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>cmp<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[esi],80000003h<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;break ponit flag</SPAN></P>
            
2 C' y( ~5 p4 }$ o+ m4 n<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>jnz<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>@f<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>
            
- H2 v0 y" [2 s$ a0 {# J6 H" e<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>) Q% t2 I( S2 M$ M+ i# p: v% t
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>m2m<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>[edi].regEcx,[edi].regCs<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;保存3級(jí)代碼段選擇子</SPAN></P>- r( r8 a: _, Q9 W4 K; j
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;</SPAN>[edi].regCs,28h<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;0級(jí)代碼段選擇子</SPAN></P>
            
( O4 d# O/ q2 V, _7 T: Z<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>
            
" G% O6 C  |. Y+ U<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>m2m<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>[edi].regEdx,[edi].regSs<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;保存3級(jí)堆棧段選擇子</SPAN></P>
            
/ N* k- F9 i  r( h3 M<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>[edi].regSs,30h<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;0級(jí)堆棧選擇子</SPAN></P>
            
' m& Z. n# @' J( j! c: H<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>3 d2 M/ `% P# v2 d
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[esp+7*4],0</SPAN></P>6 ~( q' i& o: T8 S' ]
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>popad<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>. h" `) H" n! p( }  O: i8 [6 f% ?
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>ret</SPAN></P>
            
: G/ o/ N4 r" D" P<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">@@:</SPAN></P>5 r' C4 ~. @% S% z6 }$ \' t( t
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="mso-spacerun: yes">&nbsp;</SPAN>dword ptr[esp+7*4],1</SPAN></P>* i( D! r5 W# }5 R4 Q% W
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>popad<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>, q- a4 \- m( u$ A6 Y  _
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>ret</SPAN></P>1 I3 \! z: K+ H# c$ r
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">ring0_xHandler ENDP</SPAN></P>
            
9 n4 N$ q- |! @4 t1 y0 l6 q# q6 r<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
            
$ s' L& |1 O" b! a: F- v<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">END<SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>_Start</SPAN></P>3 h% R$ y7 u$ Q5 m  O6 l
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>, }9 B9 O6 {) J% p
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;</SPAN>由于在NT/2K/XP下這種進(jìn)入ring0的方法不能使用,所以首先區(qū)別系統(tǒng)版本,如果是NT/2K/XP則拒絕執(zhí)行, 原理是在NT/2K/XP下沒有LDT,因此測(cè)試選擇子是否指向LDT,這是一種簡(jiǎn)單的方法,但不推薦使用, 最好使用GetVersionEx...至于</SPAN></P>
            
0 a8 M8 X2 L) P: G, ]0 B% r<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[esp+7*4],0</SPAN></P>. o* y6 Y+ s& c: V
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>popad<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>$ T. ^! f. b; z) q
            
<P class=MsoNormal><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;</SPAN>是返回eax=1的實(shí)現(xiàn)</SPAN></P>




            

            

            歡迎光臨 汶上信息港 (http://m.junkejituan.com/)

Powered by Discuz! X3.5