note : get address of KiFastCallEntry
来源:互联网 发布:富盈网络水军 编辑:程序博客网 时间:2024/06/06 00:32
在开源工程中看到取 KiFastCallEntry 地址, 但是 rdmsr 的参数 0x176, 是个魔法数.
查了资料, 弄清楚了魔法数的含义.
#ifndef IA32_SYSENTER_EIP#define IA32_SYSENTER_CS 0x174 ///< The 16-bit selector of a Ring 0 code segment#define IA32_SYSENTER_EIP 0x176 ///< The 32-bit offset into a Ring 0 code segment#define IA32_SYSENTER_ESP0x175 ///< The 32-bit stack pointer for a Ring 0 stack#endif // #ifndef IA32_SYSENTER_EIP
PUCHAR pKiFastCallEntry = NULL;
_asm{pushad;mov ecx, IA32_SYSENTER_EIP;rdmsr; ///< 读 MSR 寄存器mov pKiFastCallEntry, eax;popad;}/// 判断是否已经被Hookif (0xe9 == *pKiFastCallEntry){DbgPrint("Terminate System Thread\n");return;}- note : get address of KiFastCallEntry
- note : get COM interface method address
- get register by address instead of name
- Android: get IP address of device
- get IP address of a given machine
- KiFastCallEntry
- note : calculate opcode address
- get ip address & mac address
- get ip address
- Get IP Address
- get mac address
- Get Mac Address
- note : Get PID List
- How can I get the IPv4 address of an interface in linux from C code ?
- Get the IP address of a network interface in C using SIOCGIFADDR
- Several address of statistics
- The address of IP
- Address Of A Gif
- 第一篇文章
- xml--通过jdom解析及生产XML
- J2EE初学者要理解的几个问题
- operator new和operator delete->优化内存分配
- ubuntu12.04 显示桌面快捷键,命令
- note : get address of KiFastCallEntry
- Android提交数据到服务器的两种方式四种方法
- vba md5 加密(支持16,32)
- MVC学习实例记录(使用MVC4做的电影管理程序)
- android画图实例_[调用资源_画图]
- JSP学习笔记2
- j2ee学习方法摘要
- Rsync服务搭建小结
- ListView中为每个item设置监听器
