| View previous topic :: View next topic |
| Author |
Message |
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
 Posted: Sun Jan 18, 2009 5:04 pm Post subject: [Help] Driver Crashes... |
 |
|
Well... I modified my driver so that it stores the call numbers and where they point then setting them after they have hooked it.
Now when I try to open applications, it gives me an error telling me that cannot write to physical memory or something... I think I screwed up my NtWriteVirtualMemory Like this...
Last edited by dnsi0 on Tue Jan 20, 2009 8:34 pm; edited 1 time in total |
|
| Back to top |
|
 |
BanMe
Master Cheater
![]() Reputation: 0
Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA
|
| Posted: Sun Jan 18, 2009 6:01 pm Post subject: |
|
|
try KeServiceDescriptorTable->NumberOfServices*4 ...
also try the disable WriteProtection to restore it and try using return; even though your functions are void...
regards BanMe
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Jan 18, 2009 6:37 pm Post subject: |
|
|
should I disable before I call that load of functions or after?
and you cant return void functions lol.
and NumberOfServices Isn't a member...
Edit: Ok.. I added the disable interrupts.
Loading Driver. Brb after BSOD.
Edit2: Still BSOD.
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Sun Jan 18, 2009 7:35 pm Post subject: |
|
|
Does it even stall your processor? Because since you didn't create a new thread for it your computer should actually freeze.  You can't just use KeStallExecutionProcessor in the kernel in the your main thread, it will just stall your entire computer. Everything.
If it hasn't gotten to the freezing yet then you have a problem in SaveSDT.
How about you handle errors?? Handle exceptions?? __try/__except(1)
It'l stop you from crashing. Debug?? You can't fix an error if you don't try all these things.
| Code: | BOOLEAN SaveSDT()
{
ULONG ulSize, ulRealLoc;
BOOLEAN bRET;
LPVOID FakeSDT;
ulSize = KeServiceDescriptorTable->TableSize*sizeof(ULONG);
bRET = TRUE;
if (ulSize > 0)
{
FakeSDT = ExAllocatePool(NonPagedPool, ulSize);
if (FakeSDT != NULL)
{
__try
{
RtlCopyMemory(FakeSDT, KeServiceDescriptorTable->ServiceTable, ulSize);
ulRealLoc = &KeServiceDescriptorTable->ServiceTable[0];
if (ulRealLoc != NULL)
&KeServiceDescriptorTable->ServiceTable[0] = (ULONG)FakeSDT; // Dunno if this will work...
}
__except(1)
{
bRET = FALSE;
DbgPrint("Avoided a BSOD...");
}
}
}
return bRET;
} |
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Jan 18, 2009 8:40 pm Post subject: |
|
|
So If i use try/catch blocks it will prevent system crash right?
And my system is weird... It doesn't bsod it just crashes. (Reboots)
|
|
| Back to top |
|
|
HomerSexual
Grandmaster Cheater Supreme
 Reputation: 5
Joined: 03 Feb 2007
Posts: 1657
|
| Posted: Sun Jan 18, 2009 8:41 pm Post subject: |
|
|
| dnsi0 wrote: | So If i use try/catch blocks it will prevent system crash right?
And my system is weird... It doesn't bsod it just crashes. (Reboots) |
Im no expert, but isn't that a sign that you are writing too big of a buffer or something. or just a general write fault?
_________________
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Sun Jan 18, 2009 8:52 pm Post subject: |
|
|
Make sure to uncheck restart automatically:
| Description: |
|
| Filesize: |
80.58 KB |
| Viewed: |
7049 Time(s) |
|
_________________
|
|
| Back to top |
|
|
sphere90
Grandmaster Cheater
 Reputation: 0
Joined: 24 Jun 2006
Posts: 912
|
| Posted: Sun Jan 18, 2009 11:06 pm Post subject: |
|
|
The reason of BSOD is because he's trying to a write protected region of memory. You need to disable the WP bit first.
| Code: | __asm
{
cli
mov eax,CR0
and eax,not 0x10000
mov CR0,eax
}
(ULONG)KeServiceDescriptorTable->ServiceTable=(ULONG)FakeSDT;
__asm
{
mov eax,CR0
xor eax,0x10000
mov CR0,eax
sti
} |
_________________
Give a hungry man a fish and he'll be full for a day. Teach a hungry man how to fish and he'll be full for the rest of his life. |
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Mon Jan 19, 2009 10:49 am Post subject: |
|
|
| That's why you should include exception handling code.
|
|
| Back to top |
|
|
oib111
I post too much
 Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Mon Jan 19, 2009 11:15 am Post subject: |
|
|
Just wondering, is KeServiceDescriptorTable documented anywhere?
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
smartz993
I post too much
 Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Mon Jan 19, 2009 11:20 am Post subject: |
|
|
| oib111 wrote: | | Just wondering, is KeServiceDescriptorTable documented anywhere? |
Check OSR.
|
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Mon Jan 19, 2009 11:34 am Post subject: |
|
|
| smartz993 wrote: | | oib111 wrote: | | Just wondering, is KeServiceDescriptorTable documented anywhere? |
Check OSR. |
You mean http://www.osronline.com/ ?
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
smartz993
I post too much
Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Mon Jan 19, 2009 11:38 am Post subject: |
|
|
| oib111 wrote: | | smartz993 wrote: | | oib111 wrote: | | Just wondering, is KeServiceDescriptorTable documented anywhere? |
Check OSR. |
You mean http://www.osronline.com/ ? |
Yes, that's what i mean.
| dnsi0 wrote: | should I disable before I call that load of functions or after?
and you cant return void functions lol.
and NumberOfServices Isn't a member...
Edit: Ok.. I added the disable interrupts.
Loading Driver. Brb after BSOD.
Edit2: Still BSOD. |
Lol are you kidding me ?
and you cant return void functions lol.
Since when ? Dumb fucks =[
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Mon Jan 19, 2009 6:35 pm Post subject: |
|
|
whats the equivalent of the @ symbol from delphi to C?
so @variable would return where the variable is located as a pointer.
Nvm... Found it its the & symbol...
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Mon Jan 19, 2009 7:10 pm Post subject: |
|
|
& - Reference to (or "Address of..")
* - Dereference (Value pointed by)
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
