From: invalid@nospicedham.lkntrgzxc.com
On Sun, 28 Oct 2018 08:41:50 +0100
"R.Wieser" wrote:
> > I would suggest hooking two interrupts. One is for the random
> > or changing or relocatable interrupt that you call to access the
> > API. The other would be on a fixed interrupt with a unique
> > registers value, say in AX, for the call to detect the presence or
> > installation of the packet driver API.
>
> I'm afraid you misunderstood: Finding the API (and by it its INT)
> isn't the problem, the packetdriver spec already took care of that
> (unique string at a fixed offset).
Oh, sorry.
Then, I'd probably recommend Rick's interrupt redirect using INT 0x03,
i.e., trap-flag interrupt. There is even a special shorter
instruction, INT3 as 0xCC, to call the interrupt.
Of course, if you use an INT instruction, you also have it's slow
overhead. So, it may be worthwhile to just copy and patch the
address into a indirect jump instruction.
I use the following code in some personal DOS interrupt trace programs.
I "borrowed" some DOS TSR installation code from a Benjamin Lunt
example. This interrupt setting code was likely a port of his example
code.
The code is similar to other posted code, except it uses DOS calls to
get/set the interrupts. The two 21h's, i.e., AL, in the two MOV AX
instructions, would need to be set to the interrupt you want to wrap.
The code is for NASM.
Obviously, you can modify this to read and store one interrupt, such as
for your packetdriver, in olddosint, and have another new interrupt
installed elsewhere via newdosint, e.g., INT 0x03.
olddosint: dw 00h,00h
newdosint: cli
...
jmp far [cs:olddosint]
install: mov ax,3521h
int 21h
mov [olddosint],bx
mov [olddosint+2],es
push cs
pop ds
mov dx,newdosint
mov ax,2521h
int 21h
...
Rod Pemberton
--
Bitcoin is a pump-and-dump scam driven by a perpetual Ponzi scheme.
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
