Interrupt Hooking on Windows XP

digelo · August 08, 2012, 04:38:04 PM

I found this great article about hooking and handling interrupts : http://www.codeproject.com/Articles/4664/Interrupt-Hooking-and-retrieving-device-informatio by Alexander M .

im sure this is very useful for people are interested on device driver developing like me :D

digelo · August 08, 2012, 05:14:02 PM

im working on translating it to masm32 ... i attach my code here till now its not working ,still there is some parts i don understand well.
i use InterruptHookGUI.exe(original one) in testlab folder for testing my translated driver.
it would be nice if somebody notice me my faults.

Executing InterruptHookGUI.exe may crash your windows !!!

qWord · August 09, 2012, 12:29:41 PM

There are a lot of errors in your code -> compare it with the corrected code in the attachment (driver only).
The functionality of the driver is not tested...

qWord

digelo · August 11, 2012, 05:11:57 PM

thank you qword
im working on that

qWord · August 11, 2012, 09:39:04 PM

There are some bugs in my code:
- In the IOCTL_UNHOOK_INT Handler, there are two push/pop-pairs. These should be replaced with:

Code Select

mov cx,OriginalHandlers[ebx*sizeof INT_VECTOR].wHighOffset 
mov Vec.wHighOffset,cx
mov cx, OriginalHandlers[ebx*sizeof INT_VECTOR].wLowOffset
mov Vec.wLowOffset,cx

- In the procedures LoadINTVector and SaveINTVector the local dwBase is used for INVOKE but never filled -> the invoke -parameter must be replaced by EAX.

The MASM Forum

News:

Interrupt Hooking on Windows XP

digelo

digelo

qWord

digelo

qWord