当前位置：首页 > news >正文

axure rp8怎么做网站谷歌seo价格

news 2025/7/27 21:58:01

axure rp8怎么做网站,谷歌seo价格,网站建设的电话,淄博三合一网站开发保护模式阶段测试-模拟3环0环调用最近又复习了一下保护模式相关的内容，然后打算搞个能够把段页的大部分知识能够串联起来的测试代码最终想到的一个项目如下： 三环部分： 0.编写一个函数读取高2g的地址内容 1.通过设备通信到0环告诉0环我新…

保护模式阶段测试-模拟3环0环调用

最近又复习了一下保护模式相关的内容，然后打算搞个能够把段页的大部分知识能够串联起来的测试代码
最终想到的一个项目如下：

三环部分：
0.编写一个函数读取高2g的地址内容
1.通过设备通信到0环告诉0环我新增加的函数地址
2.通过3环0环共享的数据结构取到新增加的中断号
3.调用中断号读取高2G地址内容
驱动部分：
0。接收到3环的函数地址
1.插入一个中断门，中断门的函数地址为3环传进来的那个
2.申请一个物理页里面填充一个数据结构，此数据结构中存放我们新的中断号

测试代码：

驱动代码

#include <ntddk.h>
//#include <ntifs.h>
#define NTSTRSAFE_LIB
#include <ntstrsafe.h>
#include <intrin.h>extern NTSTATUS PsLookupProcessByProcessId(HANDLE    ProcessId,PEPROCESS* Process
);PDEVICE_OBJECT g_pDev = NULL;
UNICODE_STRING devName = { 0 };
UNICODE_STRING symName = { 0 };
DWORD32 g_idtNum = 0;
PVOID sharedMem;VOID Unload(PDRIVER_OBJECT pDriver) {KdPrint(("unload"));IoDeleteSymbolicLink(&symName);IoDeleteDevice(g_pDev);}typedef struct _IDTR {UINT16 limit;UINT16 base_low;UINT16 base_hight;
}IDTR, *PIDTR;
#define DEVICE_OBJECT_NAME L"\\Device\\systest"
#define DEVICE_LINK_NAME L"\\??\\systest"
#define MAKE_WORD(a,b) ((a) + (b << 16))
#define MAKE_BASE(a) (DWORD32)(((a >> 32) & 0x00000000ffff0000) + ((a & 0x000000000000ffff)))
#define IOCTL_SYS_INJECTIDT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, \METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_SYS_MAKE_SHAREDPAGE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, \METHOD_BUFFERED, FILE_ANY_ACCESS)NTSTATUS InjectIDT(UINT64 new_idte , PDWORD32 idtNum) 
{// 获取idt表IDTR idtr = { 0 };__sidt(&idtr);KdPrint(("idt base=0x%x, limit=0x%x\r\n", MAKE_WORD(idtr.base_low, idtr.base_hight), idtr.limit));// 构造中断描述符//UINT64 new_idte = 0x0;// 寻找未使用的位置插入描述符PDWORD64 idteArr = (PDWORD64)MAKE_WORD(idtr.base_low, idtr.base_hight);for (size_t i = 0; i < (idtr.limit >> 3); i++){if (MAKE_BASE(idteArr[i]) == 0x0) {idteArr[i] = new_idte;KdPrint(("中断号：0x%x", i));*idtNum = i;g_idtNum = i;return STATUS_SUCCESS;}}return STATUS_UNSUCCESSFUL;
}NTSTATUS MakeSharedPage(UINT32 pid, DWORD32 addr)
{NTSTATUS status = STATUS_SUCCESS;PEPROCESS pEprocess = NULL;DWORD32 oldCr3 = 0;DWORD32 newCr3 = 0;DWORD32* pdt_va = (DWORD32*)0xc0300000;UCHAR* ptt_va = (UCHAR*)0xc0000000;__try {status = PsLookupProcessByProcessId((HANDLE)pid, &pEprocess);if (!NT_SUCCESS(status)) {KdPrint(("get eprocess failed!\r\n"));return STATUS_UNSUCCESSFUL;}newCr3 = *(DWORD32*)((UINT8*)pEprocess + 0x18);sharedMem = ExAllocatePool(PagedPool, 0x1000);if (sharedMem == NULL) {KdPrint(("alloc memory failed!\r\n"));return STATUS_UNSUCCESSFUL;}//拆分new_vaKdPrint(("开始拆分线性地址"));DWORD32 new_va_10_1 = addr >> 0x16;DWORD32 new_va_10_2 = addr << 0xa;new_va_10_2 >>= 0x16;DWORD32 new_va_12 = addr & 0x00000fff;KdPrint(("addr:0x%x, 10:0x%x, 10:0x%x, 12:0x%x \r\n", addr, new_va_10_1, new_va_10_2, new_va_12));DWORD32 old_va_10_1 = (DWORD32)sharedMem >> 0x16;DWORD32 old_va_10_2 = (DWORD32)sharedMem << 0xa;old_va_10_2 >>= 0x16;DWORD32 old_va_12 = (DWORD32)sharedMem & 0x00000fff;KdPrint(("addr:0x%p, 10:0x%x, 10:0x%x, 12:0x%x \r\n", sharedMem, old_va_10_1, old_va_10_2, old_va_12));DbgBreakPoint();//挂载物理页KdPrint(("开始挂载物理页"));KIRQL irql = KeRaiseIrqlToDpcLevel();oldCr3 = __readcr3();__writecr3(newCr3);KeLowerIrql(irql);DWORD32* sys_pte = (ptt_va + ((new_va_10_1 << 12) + (new_va_10_2 << 2)));DWORD32* user_pte = (ptt_va + ((old_va_10_1 << 12) + (old_va_10_2 << 2)));KdPrint(("0x%p---0x%p\r\n", sys_pte, user_pte));*user_pte = *sys_pte;irql = KeRaiseIrqlToDpcLevel();__writecr3(oldCr3);KeLowerIrql(irql);//向共享页写入数据RtlMoveMemory(sharedMem, &g_idtNum, sizeof(g_idtNum));}__except (1) {KdPrint(("exception happened!\n"));return STATUS_UNSUCCESSFUL;}return STATUS_SUCCESS;
}NTSTATUS DeviceControl(PDEVICE_OBJECT pDev, PIRP pIrp)
{NTSTATUS status = STATUS_SUCCESS;ULONG_PTR Informaiton = 0;ULONG ioControlCode = 0;PVOID input = NULL;ULONG inputLen = 0;PVOID output = NULL;ULONG outputLen = 0;PIO_STACK_LOCATION pIoStackLocation = IoGetCurrentIrpStackLocation(pIrp);ioControlCode = pIoStackLocation->Parameters.DeviceIoControl.IoControlCode;input = pIrp->AssociatedIrp.SystemBuffer;output = pIrp->AssociatedIrp.SystemBuffer;inputLen = pIoStackLocation->Parameters.DeviceIoControl.InputBufferLength;outputLen = pIoStackLocation->Parameters.DeviceIoControl.OutputBufferLength;switch (ioControlCode){case IOCTL_SYS_INJECTIDT:{if (input == NULL || output ==NULL || inputLen <= 0 || outputLen <= 0) {status = STATUS_UNSUCCESSFUL;break;}UINT64 newIdte = *((PUINT64)input);status = InjectIDT(newIdte, (PDWORD32)output);if (NT_SUCCESS(status)) {Informaiton = sizeof(DWORD32);}break;}case IOCTL_SYS_MAKE_SHAREDPAGE:{if (input == NULL || output == NULL || inputLen <= 0 || outputLen <= 0) {status = STATUS_UNSUCCESSFUL;break;}DWORD32* data = (DWORD32*)input;UINT32 pid = data[0];DWORD32 addr = data[1];status = MakeSharedPage(pid, addr);if (!NT_SUCCESS(status)) {KdPrint(("failed make shared page!\n"));}break;}default:break;}pIrp->IoStatus.Status = status;pIrp->IoStatus.Information = Informaiton;IoCompleteRequest(pIrp, IO_NO_INCREMENT);return status;
}NTSTATUS PassFunc(PDEVICE_OBJECT pDev, PIRP pIrp)
{pIrp->IoStatus.Information = 0;pIrp->IoStatus.Status = STATUS_SUCCESS;IoCompleteRequest(pIrp, IO_NO_INCREMENT);return STATUS_SUCCESS;
}NTSTATUS DriverEntry(PDRIVER_OBJECT pDriver, PUNICODE_STRING pRegPath) {NTSTATUS status = STATUS_SUCCESS;pDriver->DriverUnload = Unload;for (size_t i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++){pDriver->MajorFunction[i] = PassFunc;}pDriver->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DeviceControl;do{KdPrint(("begin\r\n"));//创建设备对象RtlInitUnicodeString(&devName, DEVICE_OBJECT_NAME);status = IoCreateDevice(pDriver, 0, &devName, FILE_DEVICE_UNKNOWN, 0, FALSE, &g_pDev);if (!NT_SUCCESS(status)) {KdPrint(("Create Dev Object Failed!\r\n"));break;}RtlInitUnicodeString(&symName, DEVICE_LINK_NAME);status = IoCreateSymbolicLink(&symName, &devName);if (!NT_SUCCESS(status)) {KdPrint(("Create Sym Link Failed!\r\n"));IoDeleteDevice(g_pDev);break;}g_pDev->Flags |= DO_BUFFERED_IO;} while (FALSE);return status;
}

应用层代码：

// test1.cpp : 定义控制台应用程序的入口点。
//#include "stdafx.h"
#include <windows.h>#define DEVICE_LINK_NAME L"\\\\.\\systest"
#define IOCTL_SYS_INJECTIDT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, \METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_SYS_MAKE_SHAREDPAGE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, \METHOD_BUFFERED, FILE_ANY_ACCESS)int _tmain(int argc, _TCHAR* argv[])
{HANDLE devHandle = CreateFile(DEVICE_LINK_NAME,GENERIC_READ | GENERIC_WRITE,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);if (devHandle == NULL || devHandle == INVALID_HANDLE_VALUE) {printf("open dev failed\n");return 0;}UINT32 idtNum = 0;UINT64 idte = 0x0102030405060708;DWORD returnLen = 0;BOOL IsOK = DeviceIoControl(devHandle,IOCTL_SYS_INJECTIDT,&idte,sizeof(UINT64),&idtNum,4,&returnLen,NULL);if (IsOK) {printf("idt num 0x%x\n", idtNum);} else {printf("control dev failed\n");}//创建共享内存LPVOID buf = VirtualAlloc(NULL, 1024, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);UINT32 indata[2] = {GetCurrentProcessId(), (UINT32)buf};IsOK = DeviceIoControl(devHandle,IOCTL_SYS_MAKE_SHAREDPAGE,indata,sizeof(indata),indata,sizeof(indata),&returnLen,NULL);if (IsOK) {printf("idt num 0x%x\n", (UINT32*)buf);} else {printf("make shared page failed\n");}CloseHandle(devHandle);devHandle = NULL;return 0;
}