I found this great article about hooking and handling interrupts : http://www.codeproject.com/Articles/4664/Interrupt-Hooking-and-retrieving-device-informatio (http://www.codeproject.com/Articles/4664/Interrupt-Hooking-and-retrieving-device-informatio) by Alexander M .
im sure this is very useful for people are interested on device driver developing like me :D
im working on translating it to masm32 ... i attach my code here till now its not working ,still there is some parts i don understand well.
i use InterruptHookGUI.exe(original one) in testlab folder for testing my translated driver.
it would be nice if somebody notice me my faults.
Executing InterruptHookGUI.exe may crash your windows !!!
There are a lot of errors in your code -> compare it with the corrected code in the attachment (driver only).
The functionality of the driver is not tested...
qWord
thank you qword
im working on that
There are some bugs in my code:
- In the IOCTL_UNHOOK_INT Handler, there are two push/pop-pairs. These should be replaced with:
mov cx,OriginalHandlers[ebx*sizeof INT_VECTOR].wHighOffset
mov Vec.wHighOffset,cx
mov cx, OriginalHandlers[ebx*sizeof INT_VECTOR].wLowOffset
mov Vec.wLowOffset,cx
- In the procedures LoadINTVector and SaveINTVector the local dwBase is used for INVOKE but never filled -> the invoke -parameter must be replaced by EAX.