address of int80 idt

From: bugghy
Date: Thu Jul 15 2004 - 10:31:52 EST



Hy, I'm working on an improved rk detector and I've got some problems.
I use this code to get the address of int80's idt (interrupt description
table)

struct idtr
{
unsigned short limit;
unsigned int base;
} __attribute__ ((packed));


void find_int80()
{
struct idtr idtr;
memset(&idtr, 0, sizeof(struct idtr));
asm ("sidt %0" : "=m" (idtr));
printf("idtr.base=0x%08x\n", idtr.base);
kmem_read(fd, &idt, sizeof(idt), idtr.base + 0x80 * sizeof(struct
idt));
...
}

The problem is that on some kernels 2.4.22 (and I think on 2.6.7, 2.2.26
and 2.4.26 too) on vmware sidt returns a bogus address for idtr.base:
idtr.base=0xffc6a370 (2.4.22)


If I try to read from /dev/kmem from this address it doesn't work.

I printed the contents of struct idtr after the sidt call, here it is:
ff 07 70 a3 c6 ff

What could be the problem? Is there any solution for this? Most of the
time works but not on my (2.4.22) vmware. And if this is not a bug, what
would be another method of doing this ?

PS: Please cc me the answer as I'm not on this mailling list.

Thanks in advance,
Bugghy


--
------------------------
- Software is like sex -
- it's better when -
- it's free -
- Linus Torvalds -
------------------------

Attachment: signature.asc
Description: This is a digitally signed message part