Menu
▾
▴
Re: [line-devel] NTCreatePort failed with a c0000022
|
From: Michael V. <mi...@bl...> - 2001-04-21 23:52:58
|
On Sat, 21 Apr 2001, Jordan Stout wrote: > Therefore I gues you could write an INT 80 handler that does something like > this. > > get the ring3 stack pointer. > add 4 to it. > write the ring3 EIP to the new stack location. > change the iret return address to your new handler > change the iret return stackpointer to the new stack-pointer > do an IRETD Yeah, that was pretty much what I was thinking. > One question is how is the interrupt handler going to know where to return > to. > I guess you create a new int80 syscall that passes the return address to the > int-80 handler. then the int80 handler would have to maintain a mapping of > process handles and return-addresses. LINE actually already does that. The debugger process (Line.exe) needs to know the syscall handler address, so the first thing that the Linux process does is execute a hidden syscall (eax=0xdeadbeef if I remember correctly) to tell Line.exe the address. > P.S. undocumented NT also says "windows 95 procieds a mechanism to hook > software interrupts by means of Set_PM_Int_Vector and Hook_V86_Int_Chain VxD > services" Ah, ok. Win9x needs this sort of device driver much more than NT/2K. When 9x executes a int 80 it stops cold, so Line rewrites them to int 03. Kludgy but it works (most of the time). Mike |
