IDT重构问题求解

Windows内核调试

IDT重构问题求解

Hanjey 2015-09-22, 17:20 下午
各位老师,小弟想重构下IDT并使其中的内核函数地址都指向自己重载的内核。但是构建好后,在未作任何设置的情况下(即并没有修改IDTR),加载驱动成功后大概-10-20秒,就出现问题,具体dbg调试代码如下

new_itemAddress[f4] = 0x857d53f3
 new_itemAddress[f5] = 0x857d53fa
 new_itemAddress[f6] = 0x857d5401
 new_itemAddress[f7] = 0x857d5408
 new_itemAddress[f8] = 0x857d540f
 new_itemAddress[f9] = 0x857d5416
 new_itemAddress[fa] = 0x857d541d
 new_itemAddress[fb] = 0x857d5424
 new_itemAddress[fc] = 0x857d542b
 new_itemAddress[fd] = 0x857d5432
 new_itemAddress[fe] = 0x857d5439
 new_itemAddress[ff] = 0x857d5440
Assertion: *** DPC watchdog timeout
    This is NOT a break in update time
    This is most likely a BUG in an ISR
    Perform a stack trace to find the culprit
    The period will be doubled on continuation
    Use gh to continue!!

nt!KeAccumulateTicks+0x3c5:
83c4e67f cd2c            int     2Ch
kd> g
Continuing an assertion failure can result in the debuggee
being terminated (bugchecking for kernel debuggees).
If you want to ignore this assertion, use 'ahi'.
If you want to force continuation, use 'gh' or 'gn'.
kd> gn
Assertion: *** DPC watchdog timeout
    This is NOT a break in update time
    This is most likely a BUG in an ISR
    Perform a stack trace to find the culprit
    The period will be doubled on continuation
    Use gh to continue!!

nt!KeAccumulateTicks+0x3c5:
83c4e67f cd2c            int     2Ch
kd> gh
Assertion: *** DPC watchdog timeout
    This is NOT a break in update time
    This is most likely a BUG in an ISR
    Perform a stack trace to find the culprit
    The period will be doubled on continuation
    Use gh to continue!!

nt!KeAccumulateTicks+0x3c5:
83c4e67f cd2c            int     2Ch





上边是我打印的IDT中的函数地址,这里显示了一部分

Powered by Community Server Powered by CnForums.Net