Loading... 结构体-http://www.irohane.top/index.php/archives/613/ 里面都有包含 ``` #define MAKE_LONG(a,b) ((a) + (b<<16)) NTSTATUS EnumIDT() { NTSTATUS status = STATUS_SUCCESS; IDT_INFO stcIDT = { 0 }; PIDTENTRY pIdEntry = NULL; ULONG uAddr = 0; // 获取IDT 值 _asm sidt stcIDT; //IDT Array pIdEntry = (PIDTENTRY)MAKE_LONG(stcIDT.uLowIdtBase, stcIDT.uHighIdtBase); KdPrint(("-------------IDT---------------\n")); KdPrint(("IDT Addr: 0x%p\n", pIdEntry)); for (ULONG i = 0; i < 0x100; ++i) { KdPrint(("Interrupted number: %d\n", i)); uAddr = MAKE_LONG(pIdEntry[i].uOffsetLow, pIdEntry[i].uOffsetHigh); if (uAddr == 0 && pIdEntry[i].DPL == 0 && pIdEntry[i].uSelector == 0 && pIdEntry[i].GateType == 0) { KdPrint(("输出完毕\n")); break; } KdPrint(("Interrupted Addr: 0x%p\n", uAddr)); KdPrint(("selector: %d\n", pIdEntry[i].uSelector)); KdPrint(("GataType: %d\n", pIdEntry[i].GateType)); KdPrint(("DPL: %d\n\n", pIdEntry[i].DPL)); } return status; } NTSTATUS EnumGDT() { NTSTATUS status = STATUS_SUCCESS; GDT_INFO stcGDT = { 0 }; PGDTENTRY pGdTEntry = NULL; ULONG uData = 0; unsigned int nGdtEntry = 0; //GDT Table _asm sgdt stcGDT; //GDT Array pGdTEntry = (PGDTENTRY)MAKE_LONG(stcGDT.uLowGdtBase, stcGDT.uHighGdtBase); KdPrint(("-------------GDT---------------\n")); KdPrint(("GDT Addr: 0x%p\n", pGdTEntry)); nGdtEntry = stcGDT.uGdtLimit / 8; for (ULONG i = 0; i < nGdtEntry; ++i) { if (!(pGdTEntry[i].HighWord.Bits.Pres)) continue; uData = (ULONG)pGdTEntry[i].BaseLow + ((ULONG)(pGdTEntry[i].HighWord.Bits.BaseMid) << 16) + ((ULONG)(pGdTEntry[i].HighWord.Bits.BaseHi) << 24); KdPrint(("BaseAddr: 0x%p\n", uData)); uData = pGdTEntry[i].LimitLow + ((ULONG)(pGdTEntry[i].HighWord.Bits.LimitHi) << 16); KdPrint(("Segment Limit: 0x%08X ", uData)); (pGdTEntry[i].HighWord.Bits.Granularity) ? KdPrint(("pages\n")) : KdPrint(("bytes\n")); KdPrint(("DPL: %d\n", pGdTEntry[i].HighWord.Bits.Dpl)); if ((pGdTEntry[i].HighWord.Bits.S == 0)) { KdPrint(("Type: System segment\t")); switch (pGdTEntry[i].HighWord.Bits.Type) { case 12: KdPrint(("Call Gate ")); break; case 14: KdPrint(("Interruptting Gate ")); break; case 15: KdPrint(("Trap Gate ")); break; case 5: KdPrint(("Task Gate ")); break; default: KdPrint(("Unknown ")); break; } KdPrint(("\n")); } else { if (pGdTEntry[i].HighWord.Bits.Type & 0x8) { KdPrint(("Type: Code Segment\n")); KdPrint(("Attr: ")); KdPrint(("%s", pGdTEntry[i].HighWord.Bits.Type & 0x4 ? "C" : "-")); KdPrint(("%s", pGdTEntry[i].HighWord.Bits.Type & 0x2 ? "R" : "-")); KdPrint(("%s", pGdTEntry[i].HighWord.Bits.Type & 0x1 ? "A" : "-")); KdPrint(("\n")); } else { KdPrint(("Type: Data Segment\n")); KdPrint(("Attr: ")); KdPrint(("%s", pGdTEntry[i].HighWord.Bits.Type & 0x4 ? "E" : "-")); KdPrint(("%s", pGdTEntry[i].HighWord.Bits.Type & 0x2 ? "W" : "-")); KdPrint(("%s", pGdTEntry[i].HighWord.Bits.Type & 0x1 ? "A" : "-")); KdPrint(("\n")); } } KdPrint(("\n")); } return status; } ``` 最后修改:2021 年 02 月 27 日 © 允许规范转载 赞 0 如果觉得我的文章对你有用,请随意赞赏