Skip to content

Instantly share code, notes, and snippets.

@Alikberov
Last active Dec 2, 2019
Embed
What would you like to do?
Exception Parse
#include "stdafx.h"
#define _At_
#define _Out_
#define _In_
#define _In_opt_
#define _Out_
#define _Out_opt_
#define _Inout_
#define _Inout_opt_
#define _Inout_updates_opt_(x)
#define MEM_EXTENDED_PARAMETER_TYPE_BITS 8
#define FILE_SEQUENTIAL_ONLY 0x00000004
#define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
typedef struct MEM_EXTENDED_PARAMETER {
struct {
DWORD64 Type : MEM_EXTENDED_PARAMETER_TYPE_BITS;
DWORD64 Reserved : 64 - MEM_EXTENDED_PARAMETER_TYPE_BITS;
} DUMMYSTRUCTNAME;
union {
DWORD64 ULong64;
PVOID Pointer;
SIZE_T Size;
HANDLE Handle;
DWORD ULong;
} DUMMYUNIONNAME;
} MEM_EXTENDED_PARAMETER, *PMEM_EXTENDED_PARAMETER;
//typedef DWORD NTSTATUS;
typedef DWORD ULONG_PTR;
typedef struct _IO_STATUS_BLOCK {
union {
NTSTATUS Status;
PVOID Pointer;
} DUMMYUNIONNAME;
ULONG_PTR Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
typedef HANDLE (NTAPI *fpNtCurrentProcess)(void);
//_Must_inspect_result_
//__kernel_entry NTSYSCALLAPI
typedef NTSTATUS (NTAPI *fpNtCreateSection) (
_Out_ PHANDLE SectionHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ PLARGE_INTEGER MaximumSize,
_In_ ULONG SectionPageProtection,
_In_ ULONG AllocationAttributes,
_In_opt_ HANDLE FileHandle
);
typedef void(NTAPI *fpRtlInitUnicodeString)(
PUNICODE_STRING DestinationString,
PCWSTR SourceString
);
typedef
//NTSYSAPI
NTSTATUS
(NTAPI
*fpNtCreateFile)(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER AllocationSize OPTIONAL,
IN ULONG FileAttributes,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN PVOID EaBuffer OPTIONAL,
IN ULONG EaLength );
//__kernel_entry NTSYSCALLAPI
typedef NTSTATUS (NTAPI *fpNtOpenFile) (
_Out_ PHANDLE FileHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_In_ ULONG ShareAccess,
_In_ ULONG OpenOptions
);
typedef NTSYSAPI NTSTATUS (NTAPI *fpNtMapViewOfSection) (
_In_ HANDLE SectionHandle,
_In_ HANDLE ProcessHandle,
_Inout_ _At_ PVOID *BaseAddress,
_Inout_opt_ PLARGE_INTEGER SectionOffset,
_Inout_ PSIZE_T ViewSize,
_In_ ULONG AllocationType,
_In_ ULONG Win32Protect,
_Inout_updates_opt_(ParameterCount) MEM_EXTENDED_PARAMETER* Parameters,
_In_ ULONG ParameterCount
);
typedef NTSTATUS(NTAPI *fpNtCreateProcess)
(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN ULONG Flags,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL
);
fpRtlInitUnicodeString RtlInitUnicodeString;
fpNtCreateFile NtCreateFile;
fpNtCurrentProcess NtCurrentProcess;
fpNtCreateSection NtCreateSection;
fpNtOpenFile NtOpenFile;
fpNtMapViewOfSection NtMapViewOfSection;
fpNtCreateProcess NtCreateProcess;
/*
NTSTATUS NTAPI
NtCreateProcessEx(OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN ULONG Flags,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL,
IN BOOLEAN InJob);
*/
// Macro-Codes of instructions
//////////////////////////////
#define X86_HLT 0xF4 // hlt
#define X86_INT 0xCD // int
#define X86_CLI 0xFA // cli
#define X86_STI 0xFB // sti
#define X86_ES 0x26 // es:
#define X86_CS 0x2E // cs:
#define X86_SS 0x36 // ss:
#define X86_DS 0x3E // ds:
#define X86_FS 0x64 // fs:
#define X86_GS 0x65 // gs:
#define X86_D16 0x66 // Data Override
#define X86_LOCK 0xF0 // lock
#define X86_REPNE 0xF2 // repne
#define X86_REP 0xF3 // rep/repe
#define X86_INSB 0x6C // insb
#define X86_INSD 0x6D // insd/insw
#define X86_OUTSB 0x6E // outsb
#define X86_OUTSD 0x6F // outsd/outsw
#define X86_IN_ALI 0xE4 // in al,i8
#define X86_IN_AXI 0xE5 // in (e)ax,i8
#define X86_OUT_ALI 0xE6 // out i8,al
#define X86_OUT_AXI 0xE7 // out i8,(e)ax
#define X86_IN_AL 0xEC // in al,dx
#define X86_IN_AX 0xED // in (e)ax,dx
#define X86_OUT_AL 0xEE // out dx,al
#define X86_OUT_AX 0xEF // out dx,(e)ax
// Flags of x86-instructions
//////////////////////////////
#define X86_USE_IM8 0x0001 // immediate byte
#define X86_USE_D16 0x0002 // 2 bytes
#define X86_USE_OUT 0x0004 // out/outs
#define X86_USE_D8 0x0008 // 8 bits
#define X86_USE_EAX 0x0010 // accumulator
#define X86_USE_ECX 0x0020 // ecx as loop conter
#define X86_USE_EDX 0x0040 // edx as port index
#define X86_USE_EBX 0x0080 // ebx
#define X86_USE_ESP 0x0100 // esp
#define X86_USE_EBP 0x0200 // ebp
#define X86_USE_ESI 0x0400 // esi as source
#define X86_USE_EDI 0x0800 // edi as destination
#define X86_USE_BUS 0x1000 // lock-prefix
DWORD nPorts = 0; // Number of accessable ports
///////////////////////////////////////////////////////////////////////
// DisplayError
// Displays the error number and corresponding message.
///////////////////////////////////////////////////////////////////////
void DisplayError(char *pszAPI) {
LPVOID lpvMessageBuffer;
CHAR szPrintBuffer[512];
DWORD nCharsWritten;
DWORD idError = GetLastError();
if(!idError)
return;
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM,
NULL, idError,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR)&lpvMessageBuffer, 0, NULL);
wsprintf(szPrintBuffer,
"ERROR:\r\n"
"\tAPI = %s\r\n"
"\tCode: %d\r\n"
"\tHint: %s",
pszAPI, idError, (char *)lpvMessageBuffer);
LocalFree(lpvMessageBuffer);
WriteConsole(GetStdHandle(STD_OUTPUT_HANDLE),szPrintBuffer,
lstrlen(szPrintBuffer),&nCharsWritten,NULL);
MessageBox(NULL, szPrintBuffer, "", MB_OK);
ExitProcess(idError);
}
LONG WINAPI x86_cmd_show(_EXCEPTION_POINTERS *ep, DWORD sel, int d8, DWORD usage) {
int j;
char cmd[32][16] = {
"INSB",
"INSD",
"OUTSB",
"OUTSD",
"IN AL,%3d",
"IN EAX,%3d",
"OUT %3d,AL",
"OUT %3d,EAX",
"---",
"HLT",
"CLI",
"STI",
"IN AL,EDX",
"IN EAX,EDX",
"OUT EDX,AL",
"OUT EDX,EAX",
"INSB",
"INSW",
"OUTSB",
"OUTSW",
"IN AL,%3d",
"IN AX,%3d",
"OUT %3d,AL",
"OUT %3d,AX",
"---",
"HLT",
"CLI",
"STI",
"IN AL,EDX",
"IN AX,EDX",
"OUT EDX,AL",
"OUT EDX,AX"
};
char str[16][16] = {
"---",
"---",
"CS:",
"DS:",
"ES:",
"FS:",
"GS:",
"SS:",
"---",
"---",
"---",
"---",
"LOCK ",
"---",
"REPE ",
"REPNE "
};
if(sel != 0 || (sel & 0xF) != 8) {
//if(0xEC == *ic) {
DWORD port = ep->ContextRecord->Edx;
DWORD ticks;
DWORD static delta = 0;
DWORD static max = 0;
DWORD static reset = 0;
DWORD reseter = 100;
_asm rdtsc;
_asm mov ticks,eax;
printf("%08X %08X ", ep->ExceptionRecord->ExceptionAddress, sel);
if(d8 >= 0)
printf("%02X|", d8);
else
printf(" |");
j = 4;
while(((sel >> j) & 0xF) > 0 && j < 32) {
printf(str[(sel >> j) & 0x0F]);
j += 4;
}
if(usage & X86_USE_ECX)
printf("(ECX) ");
if(usage & X86_USE_EAX) { // port in/out
if(usage & X86_USE_OUT) { // port output
printf("OUT ");
if(usage & X86_USE_EDX)
printf("EDX,");
else
printf("%02X,", d8);
if(usage & X86_USE_D8)
printf("AL");
else
if(usage & X86_USE_D16)
printf("AX");
else
printf("EAX");
} else { // port input
printf("IN ");
if(usage & X86_USE_D8)
printf(" AL");
else
if(usage & X86_USE_D16)
printf(" AX");
else
printf("EAX");
if(usage & X86_USE_EDX)
printf(",EDX");
else
printf(",%02X", d8);
}
} else
if(usage & X86_USE_EDX) {
if(usage & X86_USE_ESI)
printf("OUTS");
else
printf("INS");
if(usage & X86_USE_D8)
printf("B");
else
if(usage & X86_USE_D16)
printf("W");
else
printf("D");
} else
printf(cmd[sel & 0xF]);
if((sel & 0xF) == 0x9 && !(usage & X86_USE_IM8)) {
if(reseter < reset ++)
reset = 0,
max = 0;
if(max < ep->ContextRecord->Eax - delta)
max = ep->ContextRecord->Eax - delta;
printf("\t %9d > %9d ticks", max, ep->ContextRecord->Eax - delta);
}
printf("\r\n\t");
if(usage & X86_USE_EAX)
printf("EAX:%08X ", ep->ContextRecord->Eax);
if(usage & X86_USE_ECX)
printf("ECX:%08X ", ep->ContextRecord->Ecx);
if(usage & X86_USE_EDX)
printf("EDX:%08X ", ep->ContextRecord->Edx);
if(usage & X86_USE_ESI)
printf("ESI:%08X ", ep->ContextRecord->Esi);
if(usage & X86_USE_EDI)
printf("EDI:%08X ", ep->ContextRecord->Edi);
printf("\r\n");
_asm rdtsc;
_asm sub eax,ticks;
_asm mov delta,eax;
//printf("%08X %02X|IN AL,DX ; Port #%04X is bad; Ports available - %d\r", ea, *ic, port, nPorts);
return EXCEPTION_CONTINUE_EXECUTION;
}
return EXCEPTION_EXECUTE_HANDLER;
}
LONG WINAPI TopLevelExceptionFilter(_EXCEPTION_POINTERS *ep) {
DWORD ea = (DWORD)ep->ExceptionRecord->ExceptionAddress;
BYTE *ic = (BYTE *)ea;
DWORD sel = 0;
BYTE cc;
int d8 = -1;
DWORD i = 0;
bool d16 = false;
DWORD usage = 0;
do {
cc = *(BYTE *)(ea + i ++);
printf("%02X ", cc);
switch(cc) {
// Parse for prefixes
case X86_D16:
usage |= X86_USE_D16;
d16 = true;
continue;
case X86_CS:
sel |= 0x2 << (i << 2);
continue;
case X86_DS:
sel |= 0x3 << (i << 2);
continue;
case X86_ES:
sel |= 0x4 << (i << 2);
continue;
case X86_FS:
sel |= 0x5 << (i << 2);
continue;
case X86_GS:
sel |= 0x6 << (i << 2);
continue;
case X86_SS:
sel |= 0x7 << (i << 2);
continue;
case X86_LOCK:
usage |= X86_USE_BUS;
sel |= 0xC << (i << 2);
continue;
case X86_REPNE:
usage |= X86_USE_ECX;
sel |= 0xF << (i << 2);
continue;
case X86_REP:
usage |= X86_USE_ECX;
sel |= 0xE << (i << 2);
continue;
// Parse for instruction
case X86_INSB: // 0x0
usage |= X86_USE_EDI;
sel |= (cc & 0x3);
break;
case X86_INSD: // 0x1
usage |= X86_USE_EDI;
sel |= (cc & 0x3);
break;
case X86_OUTSB: // 0x2
usage |= X86_USE_ESI | X86_USE_OUT | X86_USE_D8;
sel |= (cc & 0x3);
break;
case X86_OUTSD: // 0x3
usage |= X86_USE_ESI | X86_USE_OUT;
sel |= (cc & 0x3);
break;
case X86_IN_ALI: // 0x4
usage |= X86_USE_EAX | X86_USE_IM8 | X86_USE_D8;
d8 = *(BYTE *)(ea + i ++);
sel |= (cc & 0xF);
cc = 0;
break;
case X86_IN_AXI: // 0x5
usage |= X86_USE_EAX | X86_USE_IM8;
d8 = *(BYTE *)(ea + i ++);
sel |= (cc & 0xF);
cc = 0;
break;
case X86_OUT_ALI: // 0x6
usage |= X86_USE_EAX | X86_USE_IM8 | X86_USE_OUT | X86_USE_D8;
d8 = *(BYTE *)(ea + i ++);
sel |= (cc & 0xF);
cc = 0;
break;
case X86_OUT_AXI: // 0x7
usage |= X86_USE_EAX | X86_USE_IM8 | X86_USE_OUT;
d8 = *(BYTE *)(ea + i ++);
sel |= (cc & 0xF);
cc = 0;
break;
case X86_CLI: // 0xA
sel |= (cc & 0xF);
cc = 0;
break;
case X86_STI: // 0xB
sel |= (cc & 0xF);
cc = 0;
break;
case X86_IN_AL: // 0xC
usage |= X86_USE_EAX | X86_USE_EDX | X86_USE_D8;
sel |= (cc & 0xF);
cc = 0;
break;
case X86_IN_AX: // 0xD
usage |= X86_USE_EAX | X86_USE_EDX;
sel |= (cc & 0xF);
cc = 0;
break;
case X86_OUT_AL: // 0xE
usage |= X86_USE_EAX | X86_USE_EDX | X86_USE_OUT | X86_USE_D8;
sel |= (cc & 0xF);
cc = 0;
break;
case X86_OUT_AX: // 0xF
usage |= X86_USE_EAX | X86_USE_EDX | X86_USE_OUT;
sel |= (cc & 0xF);
cc = 0;
break;
case X86_INT: // 0x9
usage |= X86_USE_IM8;
d8 = *(BYTE *)(ea + i ++);
case X86_HLT: // 0x9
sel |= 9;
default:
sel |= 8;
cc = 0;
break;
}
} while(cc);
ep->ContextRecord->Eip += i;
ep->ContextRecord->EFlags |= 1 << 11; // Overflow Flags
ep->ExceptionRecord->ExceptionAddress = (void *)(ea + i);
return x86_cmd_show(ep, sel, d8, usage);
}
void LoadApplication(HANDLE File, int h) {
/* ObjAttr.Length = sizeof OBJECT_ATTRIBUTES;
ObjAttr.RootDirectory = 0;
ObjAttr.ObjectName = 0;*/
// NtOpenFile(&hFile, FILE_ALL_ACCESS, &ofs, &StatusBlock, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_SEQUENTIAL_ONLY);
// printf("%08X:hFile\r\n", hFile);
OBJECT_ATTRIBUTES ObjAttr;
IO_STATUS_BLOCK StatusBlock;
HANDLE hSection;
HANDLE hProcess;
PVOID ImageBaseAddr;
SIZE_T ViewSize;
HANDLE hFile;
OBJECT_ATTRIBUTES ofs;
UNICODE_STRING dn;
IO_STATUS_BLOCK State;
DWORD Error;
//
ZeroMemory(&State,sizeof(IO_STATUS_BLOCK));
WCHAR *ch1 = L"\\??\\C:\\test.bat";
RtlInitUnicodeString(&dn, ch1);
InitializeObjectAttributes(&ofs, &dn, 0, 0, 0);
//
Error = NtCreateFile(&hFile,PAGE_EXECUTE/*|GENERIC_WRITE|GENERIC_READ|GENERIC_EXECUTE*0*/,&ofs, &State,0,FILE_ATTRIBUTE_NORMAL,0,0/*FILE_SUPERSEDE*/,0,0,0);
printf("%08X %08X:hFile\r\n", Error, hFile);
Error = NtCreateSection(&hSection, SECTION_ALL_ACCESS, &ofs, NULL, PAGE_EXECUTE_READWRITE, SEC_IMAGE|SEC_FILE|SEC_COMMIT, &hFile);
printf("%08X %08X:hSection\r\n", Error, hSection);
Error = NtMapViewOfSection(hSection, (void *)-1, &ImageBaseAddr, NULL, &ViewSize, 0, PAGE_EXECUTE_READWRITE, NULL, 0);
printf("%08X %08X:ImageBaseAddr\r\n", Error, ImageBaseAddr);
Error = NtCreateProcess(&hProcess, PROCESS_ALL_ACCESS, NULL, (void *)-1, PROCESS_CREATE_FLAGS_BREAKAWAY, hSection, NULL, NULL);
printf("%08X %08X:hProcess\r\n", Error, hProcess);
// NtCreateThread(&hThread, THREAD_ALL_ACCESS, NULL, hProcess, &ClientId, &ThreadContext, &InitialTeb, TRUE);
// NtCreateThreadEx(&hThread, THREAD_ALL_ACCESS, NULL, hProcess, (PUSER_THREAD_START_ROUTINE)Foo, (PVOID)Param1(), THREAD_CREATE_FLAGS_CREATE_SUSPENDED, 0, 0, 0, NULL);
}
void Loader(void) {
HMODULE hNtDll = LoadLibrary("ntdll.dll");
HMODULE hKernel = LoadLibrary("kernel.dll");
RtlInitUnicodeString = (fpRtlInitUnicodeString)GetProcAddress(hNtDll, "RtlInitUnicodeString");
printf("%08X:RtlInitUnicodeString\r\n", RtlInitUnicodeString);
NtCreateFile = (fpNtCreateFile)GetProcAddress(hNtDll, "NtCreateFile");
printf("%08X:NtCreateFile\r\n", NtCreateFile);
NtOpenFile = (fpNtOpenFile)GetProcAddress(hNtDll, "NtOpenFile");
printf("%08X:NtOpenFile\r\n", NtOpenFile);
NtCreateSection = (fpNtCreateSection)GetProcAddress(hNtDll, "NtCreateSection");
printf("%08X:NtCreateSection\r\n", NtCreateSection);
NtMapViewOfSection = (fpNtMapViewOfSection)GetProcAddress(hNtDll, "NtMapViewOfSection");
printf("%08X:NtMapViewOfSection\r\n", NtMapViewOfSection);
NtCreateProcess = (fpNtCreateProcess)GetProcAddress(hNtDll, "NtCreateProcess");
printf("%08X:NtCreateProcessEx\r\n", NtCreateProcess);
NtCurrentProcess = (fpNtCurrentProcess)GetProcAddress(hNtDll, "NtCurrentProcess");
printf("%08X:NtCurrentProcess\r\n", NtCurrentProcess);
system("pause");
LoadApplication(0,//CreateFile("C:/test.bat", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0),
0);
system("pause");
}
// INT 0x03,0x04,0x2D, ..4F
int (*NtSetLdtEntries)(DWORD, DWORD, DWORD, DWORD, DWORD, DWORD);
LDT_ENTRY ll;
int main(int argc, char* argv[])
{
SYSTEM_INFO si;
DWORD base = 0x0490;
int ret;
COORD coord = {0, 0};
Loader();
HANDLE hStdOut = GetStdHandle(STD_OUTPUT_HANDLE);
GetSystemInfo(&si);
printf("wProcessorArchitecture:%08X\r\n", si.wProcessorArchitecture);
printf("dwPageSize:%08X\r\n", si.dwPageSize);
printf("lpMinimumApplicationAddress:%08X\r\n", si.lpMinimumApplicationAddress);
printf("lpMaximumApplicationAddress:%08X\r\n", si.lpMaximumApplicationAddress);
printf("dwActiveProcessorMask:%08X\r\n", si.dwActiveProcessorMask);
printf("dwNumberOfProcessors:%08X\r\n", si.dwNumberOfProcessors);
printf("dwAllocationGranularity:%08X\r\n", si.dwAllocationGranularity);
printf("wProcessorLevel:%08X\r\n", si.wProcessorLevel);
printf("VirtualAlloc:%08X",
VirtualAlloc((void*)si.lpMinimumApplicationAddress,
(DWORD)si.lpMaximumApplicationAddress - (DWORD)si.lpMinimumApplicationAddress - si.dwAllocationGranularity - 0x1000000,
MEM_COMMIT, PAGE_EXECUTE_READWRITE));
// DisplayError("VirtualAlloc");
system("Pause");
//VirtualAlloc((void*)0x570000, 0x70000000, MEM_RESERVE, PAGE_EXECUTE_READWRITE);
*(FARPROC*)(&NtSetLdtEntries) = GetProcAddress(LoadLibrary("ntdll.dll"), "NtSetLdtEntries");
ll.BaseLow = base & 0xFFFF;
ll.HighWord.Bytes.BaseMid = base >> 16;
ll.HighWord.Bytes.BaseHi = base >> 24;
ll.LimitLow = 400;
ll.HighWord.Bits.LimitHi = 0;
ll.HighWord.Bits.Granularity = 0;
ll.HighWord.Bits.Default_Big = 1;
ll.HighWord.Bits.Reserved_0 = 0;
ll.HighWord.Bits.Sys = 0;
ll.HighWord.Bits.Pres = 1;
ll.HighWord.Bits.Dpl = 3;
ll.HighWord.Bits.Type = 0x13;
// ret = NtSetLdtEntries(0x08, *(DWORD*)&ll, *((DWORD*)(&ll)+1),0,*(DWORD*)&ll, *((DWORD*)(&ll)+1));
//SetUnhandledExceptionFilter(TopLevelExceptionFilter);
printf("Hello World!\n");
for(int i = 0x2E00; i <= 0xFFFF; ++ i) {
SetConsoleCursorPosition(hStdOut, coord);
_asm {
rdtsc
mov esi,esp
mov edi,esp
mov ecx,1
mov ebx,eax
mov edx,i // Index of IO-Port
_emit X86_REP
_emit X86_REP
_emit X86_SS
out 54,eax
movsd
_emit X86_REP
_emit X86_DS
_emit X86_DS
_emit X86_DS
_emit X86_DS
_emit X86_DS
_emit X86_DS
_emit X86_DS
_emit X86_DS
_emit X86_DS
_emit X86_DS
_emit X86_DS
_emit X86_DS
_emit X86_DS
movsd
_emit X86_REP
_emit X86_CS
_emit X86_DS
_emit X86_ES
_emit X86_FS
_emit X86_GS
_emit X86_SS
_emit X86_GS
_emit X86_FS
_emit X86_ES
_emit X86_DS
_emit X86_CS
_emit X86_DS
_emit X86_ES
_emit X86_IN_AL
repe lock in al,dx // Try for port-read
repne lock out dx,eax;
repe lock cli
sti
/*mov al,0xC3
shl eax,16
mov al,0xCD
mov ah,dh
push eax
call esp
pop eax*/
rdtsc
sub eax,ebx
hlt
jo err // Overflow if unaccessable
inc nPorts
err:
}
//system("pause");
}
printf("\nPorts available - %d\r\n", nPorts);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment