获取中断描述符表IDT的信息

<pre name="code" class="cpp">//GetIDT.h文件#ifndef _WIN32_WINNT// Allow use of features specific to Windows XP or later.                   #define _WIN32_WINNT 0x0501// Change this to the appropriate value to target other versions of Windows.#endif#ifdef __cplusplusextern "C" {#endif#include <ntddk.h>#include <ntddstor.h>#include <mountdev.h>#include <ntddvol.h>#ifdef __cplusplus}#endif//***************************************************************************************************************//GetIDT.cpp文件#include "GetIDT.h"//#include <stdio.h> //IDT表的最大项数为256#define MAX_IDT_ENTRIES    0XFF#define MAKELONG(a, b)\((unsigned long) (((unsigned short) (a)) | ((unsigned long) ((unsigned short) (b))) << 16))//SIDT返回的数据格式typedef struct{unsigned short IDTLimit;        //IDT表项的个数unsigned short LowIDTBase;      //地址低16位unsigned short HiIDTBase;       //地址高16位}IDTINFO, *PIDTINFO;#pragma pack(1)typedef struct{unsigned short LowOffset;//地址低16位unsigned short Selector;//段选择字unsigned char  unused_lo;//保留unsigned char  segment_type:4;//中断门类型unsigned char  system_segment_flag:1;   //为0是中断门unsigned char  DPL:2;                   //特权级unsigned char  P:1;                     //现在是否是使用中断     unsigned short HiOffset;                //地址高16位}IDTENTRY, *PIDTENTRY;#pragma pack()//卸载例程void GetIDTUnload(IN PDRIVER_OBJECT DriverObject);//创建和关闭例程NTSTATUS GetIDTCreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);//默认处理例程NTSTATUS GetIDTDefaultHandler(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);//获取IDT表的例程函数NTSTATUS Fun_GetIDT();#ifdef __cplusplus//驱动入口函数extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath);#endifNTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath){//设备名称UNICODE_STRING DeviceName;//设备连接符UNICODE_STRING Win32Device;//设备对象PDEVICE_OBJECT DeviceObject = NULL;NTSTATUS status;unsigned i;//DeviceName-设备对象名称RtlInitUnicodeString(&DeviceName,L"\\Device\\GetIDT0");//Win32Device-连接符RtlInitUnicodeString(&Win32Device,L"\\DosDevices\\GetIDT0");for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++){//设置默认的处理例程函数DriverObject->MajorFunction[i] = GetIDTDefaultHandler;}//设置创建处理例程函数DriverObject->MajorFunction[IRP_MJ_CREATE] = GetIDTCreateClose;//设置关闭处理例程函数DriverObject->MajorFunction[IRP_MJ_CLOSE] = GetIDTCreateClose;//设置卸载处理例程函数DriverObject->DriverUnload = GetIDTUnload;//创建设备对象status = IoCreateDevice(DriverObject,0,&DeviceName,FILE_DEVICE_UNKNOWN,  //设备类型0,FALSE,&DeviceObject);if (!NT_SUCCESS(status))return status;if (!DeviceObject)return STATUS_UNEXPECTED_IO_ERROR;//设置缓冲区通信方式DeviceObject->Flags |= DO_DIRECT_IO;//设置字对齐DeviceObject->AlignmentRequirement = FILE_WORD_ALIGNMENT;//创建连接符status = IoCreateSymbolicLink(&Win32Device, &DeviceName);//设备初始化完成DeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;//获取IDT表Fun_GetIDT();return STATUS_SUCCESS;}//获取IDT表的例程函数NTSTATUS Fun_GetIDT(){IDTINFO idtInfo;PIDTENTRY pIdtEntry;//获取IDT表的基地址__asm sidt idtInfopIdtEntry = (PIDTENTRY)MAKELONG(idtInfo.LowIDTBase, idtInfo.HiIDTBase);for (unsigned long i = 0; i < MAX_IDT_ENTRIES; i++){//char szBuffer[255];PIDTENTRY pTmpIdtEntry = &pIdtEntry[i];//获取IDT表的每项的地址unsigned long lgAddr = MAKELONG(pTmpIdtEntry->LowOffset, pTmpIdtEntry->HiOffset);        //_snprintf(szBuffer, 253, "中断号：%d，地址：%08X\r\n", i, lgAddr);//显示KdPrint(("中断号：%04d，地址：%08X\r\n", i, lgAddr));}return STATUS_SUCCESS;}//卸载例程void GetIDTUnload(IN PDRIVER_OBJECT DriverObject){UNICODE_STRING Win32Device;RtlInitUnicodeString(&Win32Device,L"\\DosDevices\\GetIDT0");IoDeleteSymbolicLink(&Win32Device);IoDeleteDevice(DriverObject->DeviceObject);}//创建关闭例程NTSTATUS GetIDTCreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp){Irp->IoStatus.Status = STATUS_SUCCESS;Irp->IoStatus.Information = 0;IoCompleteRequest(Irp, IO_NO_INCREMENT);return STATUS_SUCCESS;}//默认处理例程NTSTATUS GetIDTDefaultHandler(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp){Irp->IoStatus.Status = STATUS_NOT_SUPPORTED;Irp->IoStatus.Information = 0;IoCompleteRequest(Irp, IO_NO_INCREMENT);return Irp->IoStatus.Status;}