Under windows protected mode, the compiler&&reads the interrupt descriptor table?

星光月寂

Can I read the entry address of an interrupt under windows? Similar to * 4 under dos. Whether it can be read is also unmodifiable!

No way, the boss must ask to read the address and modify it.

Is the compilation environment under windows different from the programming environment used under dos? What compiler should be used?

Thank you!

amiu888

Unless your program can run at ring0 level, it is not allowed to modify. It's unclear if you read it.

xsteel

Operable under windows, the compiler can choose masm32

wudongjay

Did not understand.

Is there an API to support reading? ? ? Or directly find the location of the descriptor table? ? ? Or is there a fixed entry address? ? ?

renzichao

Refer to "80386 Programming in Protected Mode" or the first volume of Intel manual (available for download on Intel website)
98 can read and write directly after class, for example, the following assembly program rewrites the interrupt:
.386
    .model flat, stdcall
option casemap: none

include windows.inc
include kernel32.inc
include user32.inc

INTNUM equ 9

includelib kernel32.lib
includelib user32.lib

.data
szAppName db "Ring0 Try--using IDT",0
szFormat db "My INT %u handler return the value of CRO: %08X",0
szMsg db 512 dup(0)

IDTR df 0
OldGate dq 0
MyGate dw 0
            dw 28h
            dw 0EE00h
            dw 0

.code

start:

    ;construct my call gate
    mov eax, IntHandler
    mov MyGate, ax
    shr eax, 16
    mov [MyGate+6], ax

    ;save old IDT
    sidt IDTR
    mov ebx, dword ptr [IDTR+2]
    add ebx, 8*INTNUM
    push ebx
    mov esi, ebx
    mov edi, offset OldGate
    cld
    movsd
    movsd

    ;modify IDT
    mov edi, ebx
    mov esi, offset MyGate
    cli
    movsd
    movsd

    ;interrupt!
    sti
    int INTNUM

    ;restore IDT
    pop edi
    mov esi, offset OldGate
    cli
    movsd
    movsd
    sti

    ;OK!
    invoke wsprintf, addr szMsg, addr szFormat, INTNUM, eax
    invoke MessageBox, NULL, addr szMsg, addr szAppName, MB_OK
   
    invoke ExitProcess, 0

IntHandler:
    mov eax, cr0
    iretd

end start

But NT/2000/XP does not work, you need to write a kernel driver.

renzichao

The compiler can use Microsoft's masm32

星光月寂

Seeing everyone's replies, thank you very much! I will try it

In fact, my ultimate goal is to be able to modify the entry address of int 17h (print interrupt) so that under windows, as long as a printing action occurs, it will enter my interrupt service program and modify the printing content.

I don't know, under windows, can it be achieved in this way? In other words, under windows, will printing trigger an int 17h interrupt?

Thank you again for your attention!

renzichao

It seems that LZ could not get rid of the influence of DOS. You should write a printer driver and insert it into the Windows driver stack instead of interrupting

星光月寂

Yeah! I'm stuck in dos thinking!

In fact, the main reason is that I am not familiar with the working principle of windows, and I have never touched the content of the kernel! Please forgive me!

renzichao: Can you give me some pointers about writing the printer driver? Let me start! Thank you!

renzichao

The Windows kernel driver is very complicated. There are many basic introductions on the Internet, and MS also has special materials. But it's expensive, a few hundred yuan.
WDM (Windows Diver Model) uses IRP (Interrupt Request Package) processing center, similar to Windows applications centered on message processing, driving and system mutual account to complete tasks.
If you are not familiar with the Windows architecture, it may be difficult to develop such a difficult thing as a print driver. If time is tight, I suggest you ask someone for help. If you have time, learn slowly. If you have a good foundation and are willing to work hard, it is at least half a year to get started.