ELF loading
in [ASM]
|
From: //o//annabee on 30 Aug 2007 11:14 P� Thu, 30 Aug 2007 16:01:26 +0100, skrev //\\o//\\annabee <w(a)w.w.w>: > P� Thu, 30 Aug 2007 15:56:43 +0100, skrev //\\o//\\annabee <w(a)w.w.w>: > >> P� Thu, 30 Aug 2007 12:44:39 +0100, skrev Betov <betov(a)free.fr>: >> >>> //\\\\o//\\\\annabee <w(a)w.w.w> �crivait >>> news:op.txver3l1in6out(a)fasdfasdfasdfas: >>> >>>> Does it work for NT as well? >>> >>> Tell me when i will have the answer to the question, please. >>> >>> :)) >>> >>> Betov. >> >> I did try it once, and downloaded it a few days ago as well. >> It does not work. Maybe it can be tweaked to work. > > well....stupid me, it may actually work.... > thanks :) no... I dont think it works. How can I confirm it? As far as I can see, the int5 code never executes, and the the messagebox does not run under ring0. maybe its to early to say.... how can I confirm that I am at ring0? >>> < http://rosasm.org > >>> >>> >> >
From: Frank Kotler on 30 Aug 2007 10:35 Evenbit wrote: .... > Would "WindowsAsm" also be considered a "misappropriation?" Probably. See: Lindows. Best, Frank
From: Betov on 30 Aug 2007 10:55 //\\\\o//\\\\annabee <w(a)w.w.w> �crivait news:op.txvol4dyin6out(a)fasdfasdfasdfas: > no... I dont think it works. > How can I confirm it? > > As far as I can see, the int5 code never executes, > and the the messagebox does not run under ring0. > maybe its to early to say.... how can I confirm that > I am at ring0? I don't know. Here, it hangs, at run time, at CLI. (Win-2000, here). Betov. < http://rosasm.org >
From: //o//annabee on 30 Aug 2007 12:23 P� Thu, 30 Aug 2007 15:55:04 +0100, skrev Betov <betov(a)free.fr>: > //\\\\o//\\\\annabee <w(a)w.w.w> �crivait > news:op.txvol4dyin6out(a)fasdfasdfasdfas: > >> no... I dont think it works. >> How can I confirm it? >> >> As far as I can see, the int5 code never executes, >> and the the messagebox does not run under ring0. >> maybe its to early to say.... how can I confirm that >> I am at ring0? > > I don't know. Here, it hangs, at run time, at CLI. > > (Win-2000, here). hmm... Now I am really worried. it does run here, without the debugger....??? that means CLI is allowed... does that mean what I think it means? What does that mean? If CLI is priveledged?... why it does not crash outside the debugger? it runs all the way to the "int 5", confirmed... But the code at "ExceptionHook" never runs. So that means the IDT was not changed? main: cli sti push 0 call 'KERNEL32.ExitProcess' This crashes also outside the debugger. So..... hehehehhehehe. Are we allready there long time ago ? > > Betov. > > < http://rosasm.org > >
From: //o//annabee on 30 Aug 2007 12:26
P� Thu, 30 Aug 2007 15:55:04 +0100, skrev Betov <betov(a)free.fr>: > //\\\\o//\\\\annabee <w(a)w.w.w> �crivait > news:op.txvol4dyin6out(a)fasdfasdfasdfas: > >> no... I dont think it works. >> How can I confirm it? >> >> As far as I can see, the int5 code never executes, >> and the the messagebox does not run under ring0. >> maybe its to early to say.... how can I confirm that >> I am at ring0? > > I don't know. Here, it hangs, at run time, at CLI. > > (Win-2000, here). Main: push ebp ; First save all nessesary startup values ; to restore them after Ring0 code finishes lea eax D$esp-8 xor ebx ebx xchg D$fs:ebx eax call @0 @0: push 0 push Capt push Msg push 0 call 'user32.MessageBoxA' cli sti push 0 push Capt push Msg push 0 call 'user32.MessageBoxA' push 0 | call 'KERNEL32.ExitProcess' This runs fine!! but the reprogamming of IDT does not work. > > > Betov. > > < http://rosasm.org > > |