Keyboard Interrupt Hook using I/O APIC
来源:互联网 发布:剑灵雪域公主数据 编辑:程序博客网 时间:2024/04/30 09:06
By: chpie
tested on the winXP, Pentium D Hyper-threading Enabled.
Summary :: Using the 8259a compatible PIC to be deliver the interrupt
signal by Delivery mode of the I/O APIC to be the ExtINT,
the interrupt related by the IRQ 1 able to be not refer
the I/O APIC's Redirection Table.
- It is higher priority of the hooking than the direct
modification of the I/O APIC's vector.
- The vector can be hidden on the thread getting the keyboard
vector from the I/O APIC.
Flow ::
1. IRQ 1 Assert !!!
2. The I/O APIC receives the signal and refers the I/O Redirection table.
3. Sending the signal from the destination Local APIC.
4. Local APIC pass the signal to the processor for its delivery mode ExtINT
5. A processor receives the signal.
6. The processor Assert the INTA signal.
7. The I/O APIC acknowledged.
8. The processor Assert the second INTA signal.
9. The I/O APIC delivers the signal to the 8259a compatible PIC
for ExtINT to its Delivery mode.
10. 8259a compatible PIC sends 2 bytes after second INTA pulse.
11. The processor execute 2 bytes sended.
12. our interrupt handler executed.
sourcecode and binary are available on the
http://www.rootkit.com/vault/chpie/apic_keyboard.zip
Keyboard Interrupt Hooking by manipulating the I/O APIC
tested on the winXP, Pentium D Hyper-threading Enabled.
Summary :: Using the 8259a compatible PIC to be deliver the interrupt
signal by Delivery mode of the I/O APIC to be the ExtINT,
the interrupt related by the IRQ 1 able to be not refer
the I/O APIC's Redirection Table.
- It is higher priority of the hooking than the direct
modification of the I/O APIC's vector.
- The vector can be hidden on the thread getting the keyboard
vector from the I/O APIC.
Flow ::
1. IRQ 1 Assert !!!
2. The I/O APIC receives the signal and refers the I/O Redirection table.
3. Sending the signal from the destination Local APIC.
4. Local APIC pass the signal to the processor for its delivery mode ExtINT
5. A processor receives the signal.
6. The processor Assert the INTA signal.
7. The I/O APIC acknowledged.
8. The processor Assert the second INTA signal.
9. The I/O APIC delivers the signal to the 8259a compatible PIC
for ExtINT to its Delivery mode.
10. 8259a compatible PIC sends 2 bytes after second INTA pulse.
11. The processor execute 2 bytes sended.
12. our interrupt handler executed.
sourcecode and binary are available on the
http://www.rootkit.com/vault/chpie/apic_keyboard.zip
- Keyboard Interrupt Hook using I/O APIC
- Interrupt--PIC--APIC
- Interrupt--PIC--APIC .
- Interrupt--PIC--APIC
- APIC Virtualization and Virtual Interrupt
- keyboard hook
- KEYBOARD HOOK
- KeyBoard Hook
- interrupt using
- Advanced Programmable Interrupt Controller(APIC) & OS development
- Advanced Programmable Interrupt Controller(APIC) & OS development
- I-Keyboard
- Using I/O completion ports with UDP
- Boost application performance using asynchronous I/O
- Linux I/O Performance Tests using dd
- Final Keyboard Hook
- Keyboard Hook dll
- Keyboard Hook Dialog
- 在MonthCalendar控件中选中日期
- 我的资料
- Hibernate入门 - 基础配置
- GhostWriting: Writing to another process without opening it nor actually writing to it
- 如何在mysql 中建立有关联关系的表
- Keyboard Interrupt Hook using I/O APIC
- JAVA集合框架思考
- 经验总结:ASP与存储过程解析
- 4MB to 1024 x 4KB...
- 利用.NET Framework类库中的Clipboard类,实现数据的复制(剪切)和粘贴
- javascript 匹配所有空格的正则表达式
- 8月10号请年假在家
- IBM小机及BLADE pc负载均衡实施方案
- Javascript中最常用的55个经典技巧