Dev.2010. 7. 27. 13:09
Dev.2010. 7. 20. 14:06
64bit에서는 인라인어셈은 빌드가 안된다.
asm 파일로 따로 만들어서 포함하여 빌드 하여야 한다.
다음은 msdn에서 찾았다.
SOURCE 파일 예제 인듯..
asm 파일로 따로 만들어서 포함하여 빌드 하여야 한다.
다음은 msdn에서 찾았다.
SOURCE 파일 예제 인듯..
| # # The developer defines the TARGETNAME variable. It is the name of # the target (component) that is being built by this makefile. # It should not include any path or filename extension. # TARGETNAME=xxxxx # # The developer defines the TARGETPATH and TARGETTYPE variables. # The first variable specifies where the target will be built. The second specifies # the type of target (either PROGRAM, DYNLINK, LIBRARY, UMAPPL_NOLIB or # BOOTPGM). Use UMAPPL_NOLIB when you are only building user-mode # programs and do not need to build a library. # TARGETPATH=obj # Select one of the following, and delete the others: TARGETTYPE=PROGRAM TARGETTYPE=DYNLINK TARGETTYPE=LIBRARY TARGETTYPE=UMAPPL_NOLIB TARGETTYPE=BOOTPGM TARGETTYPE=DRIVER TARGETTYPE=DRIVER_LIBRARY TARGETTYPE=EXPORT_DRIVER TARGETTYPE=GDI_DRIVER TARGETTYPE=MINIPORT TARGETTYPE=NOTARGET TARGETTYPE=PROGLIB# # If your TARGETTYPE is DRIVER, you can optionally specify DRIVERTYPE. # If you are building a WDM Driver, use DRIVERTYPE=WDM, if you are building # a VxD use DRIVERTYPE=VXD. Otherwise, delete the following two lines. # DRIVERTYPE=WDM DRIVERTYPE=VXD # # The TARGETLIBS macro specifies additional libraries to link against your target # image. Each library path specification should contain an asterisk (*) # where the machine-specific subdirectory name should go. # TARGETLIBS= # # The INCLUDES variable specifies any include paths that are specific to # this source directory. Separate multiple paths with single # semicolons. Relative path specifications are okay. # INCLUDES=..\inc # # The developer defines the SOURCES macro. It contains a list of all the # source files for this component. Specify each source file on a separate # line using the line-continuation character. This minimizes merge # conflicts if two developers are adding source files to the same component. # SOURCES=source1.c \ source2.c \ source3.c \ source4.c i386_SOURCES=i386\source1.asm IA64_SOURCES=ia64\source1.s # # Next, specify options for the compiler using C_DEFINES. # All parameters specified here will be passed to both the C # compiler and the resource compiler. C_DEFINES= # # Next, specify one or more user-mode test programs and their type. # Use UMTEST for optional test programs. Use UMAPPL for # programs that are always built when the directory is built. See also # UMTYPE, UMBASE, and UMLIBS. If you are building a driver, the next # 5 lines should be deleted. # UMTYPE=nt UMTEST=bunny*baz UMAPPL=bunny*baz UMBASE=0x1000000 UMLIBS=obj\*\bunny.lib # # Defining either (or both) the variables NTTARGETFILE0 and/or NTTARGETFILES # causes makefile.def to include .\makefile.inc immediately after it # specifies the top level targets (all, clean and loc) and their dependencies. # The makefile.def file expands NTTARGETFILE0 as the first dependent for the # "all" target and NTTARGETFILES as the last dependent for the "all" target. # This is useful for specifying additional targets and dependencies that do not fit the # general case covered by makefile.def. # # NTTARGETFILE0= # NTTARGETFILES= |
Dev.2010. 7. 16. 14:29
| ULONGLONG GetKeServiceDescriptorTable64() { //Pattern char KiSystemServiceStart_pattern[13] = "\x8B\xF8\xC1\xEF\x07\x83\xE7\x20\x25\xFF\x0F\x00\x00"; //Scan boundaries ULONGLONG CodeScanStart = (ULONGLONG)&_strnicmp; ULONGLONG CodeScanEnd = (ULONGLONG)&KdDebuggerNotPresent; //Another needed variables UNICODE_STRING Symbol; ULONGLONG i, tbl_address, b; //Loop - to find the KiSystemServiceStart function for (i = 0; i < CodeScanEnd - CodeScanStart; i++) { //Check if those bytes are equal to our pattern-bytes if (!memcmp((char*)(ULONGLONG)CodeScanStart +i, (char*)KiSystemServiceStart_pattern,13)) { //Search lea rdx, * - by opcodes: 4c 8d for (b = 0; b < 50; b++) { tbl_address = ((ULONGLONG)CodeScanStart+i+b); //Check for lea rdx, * and calculate base address from relative address if (*(USHORT*) ((ULONGLONG)tbl_address ) == (USHORT)0x8d4c) return ((LONGLONG)tbl_address +7) + *(LONG*)(tbl_address +3); } } } return 0; } |
