address of int80 idt
From: bugghy
Date: Thu Jul 15 2004 - 10:31:52 EST
Hy, I'm working on an improved rk detector and I've got some problems.
I use this code to get the address of int80's idt (interrupt description
table)
struct idtr
{
unsigned short limit;
unsigned int base;
} __attribute__ ((packed));
void find_int80()
{
struct idtr idtr;
memset(&idtr, 0, sizeof(struct idtr));
asm ("sidt %0" : "=m" (idtr));
printf("idtr.base=0x%08x\n", idtr.base);
kmem_read(fd, &idt, sizeof(idt), idtr.base + 0x80 * sizeof(struct
idt));
...
}
The problem is that on some kernels 2.4.22 (and I think on 2.6.7, 2.2.26
and 2.4.26 too) on vmware sidt returns a bogus address for idtr.base:
idtr.base=0xffc6a370 (2.4.22)
If I try to read from /dev/kmem from this address it doesn't work.
I printed the contents of struct idtr after the sidt call, here it is:
ff 07 70 a3 c6 ff
What could be the problem? Is there any solution for this? Most of the
time works but not on my (2.4.22) vmware. And if this is not a bug, what
would be another method of doing this ?
PS: Please cc me the answer as I'm not on this mailling list.
Thanks in advance,
Bugghy
--
------------------------
- Software is like sex -
- it's better when -
- it's free -
- Linus Torvalds -
------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part