Hello,
Been toying with some stuff and I came across the SIDT instruction and I came up with the following code:
Update:
Right, after some digging I managed to get the address using the compiler intrinsic:
regards
Been toying with some stuff and I came across the SIDT instruction and I came up with the following code:
Code: Select all
The thing the sidt instruction is generating an exception - 0xC0000096: Privileged instruction. As far as I understood sidt is not a privileged instruction and ring3 code can actually execute it and acquire the address of the IDT in memory, but the lidt (which is used to change idtr contents) is privileged and needs to be executed from rin0. So the question is why is this giving me an exception? I'm testing on win 7 x64 from a normal usermode application (if i put this code into my driver probably it will run without problems?) . void extractIDT() {
IDTR idt;
__asm {
cli;
sidt idt;
sti;
}
DWORD add = splice(idt.baseAddressHigh, idt.baseAddressLow);
printf("%X", add);
}
Update:
Right, after some digging I managed to get the address using the compiler intrinsic:
Code: Select all
But I'm curious as to why __sidt() would work and inline asm not?__sidt(&idt);regards
