NMI (int 0x02) is by default setup as TaskGate, which means that it points to TSS Descriptor where is stored TSS needed to transfer execution to r0 when NMI occurs.
sice not running:
sice running:Code:00000002 0.00003269 TaskGate: 02 [58:00000000] DPL=0 P 00000003 0.00004917 + TSS at 80872568 - cs:eip = [08:8086698C]
No practical rce use, but still funny thingCode:00000002 0.00004665 IdtGate : 02 [08:B45AE617] DPL=0 P
Another SoftIce detection method (and general ring 0 gem) for the collection, thanks as usual deroko.
"Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."
indeed it's sice detection, but I was playing with IPI and NMI when I saw this thingy, and completly forgot that it it can be used as sice detection
A little OT, but since we're talking about hooking... I was looking at your code under the "ultimate" project and had a question on where c:\tasm32\include\shitheap.inc came from? I see it referenced in many other projects but I don't see it included with the source. I'm using borland turbo assembler and tools 5.0, perhaps I should be incorporating other toolkits?
parad0x:
See my response in your "original" Post. Do not double post!
http://www.woodmann.com/forum/showthread.php?p=72492#post72492
Regards,
JMI
Posting Permissions
Bookmarks