c - "Trapping" a processes' own sysenter calls in userspace on Windows -


i'm working on runtime non-native binary translator in windows, , far i've been able "trap" interrupts (i.e. int 0x99) os binaries i'm trying emulate using ugly hack uses windows seh handle invalid interrupts; because system call vector different 1 in windows, allowing me catch these "soft" exceptions doing this:

static int __stdcall handler_cb(exception_pointers* pes, ...) {      if (pes->exceptionrecord->exceptioncode != exception_access_violation)         return exception_continue_search;      char* instruct = (char*) pes->contextrecord->eip;      if (!instruct)         handle_invalid_instruction(instruct);         switch (instruct[0])     {         case 0xcd: // int         {             if (instruct[1] != 0x99) // int 0x99                 handle_invalid_instruction(instruct);             handle_syscall_translation();             ...         }         ...         default:             halt_and_catch_fire();     }     return exception_success; }

which works (but slowly), problem windows first attempts handle instruction/interrupt, , non-native binaries use sysenter/sysexit instead of int 0x99, systenter instructions in non-native binary valid nt kernel calls when executed, meaning handler never called, , worse; state of "host" os compromised. there way "trap" sysenter instructions in windows? how go doing this?

as far know, there no way (from user-mode process) "disable" sysenter, executing generate exception. (i'm assuming programs don't try sysexit, because ring 0 can that).

the option think have virtualbox does, , scan invalid instructions, replacing them illegal opcodes or similar, can trap on, , emulate. see 10.4. details software virtualization.

to fix these performance , security issues, virtualbox contains code scanning , analysis manager (csam), disassembles guest code, , patch manager (patm), can replace @ runtime.

before executing ring 0 code, csam scans recursively discover problematic instructions. patm performs in-situ patching, i.e. replaces instruction jump hypervisor memory integrated code generator has placed more suitable implementation. in reality, complex task there lots of odd situations discovered , handled correctly. so, current complexity, 1 argue patm advanced in-situ recompiler.


Comments

Post a Comment

Popular posts from this blog

android - MPAndroidChart - How to add Annotations or images to the chart -

i working latest mpandroidchart library , looking way add annotations or images clickable. example: once data reaches value event occurs want able display user - there multiple events can occur annotations (not sure if right word) or image added @ point in chart. any pointers welcome. check documentation of yaxis . focus on setspacetop(...) , setaxismaxvalue(...) methods. for background: bar-shadow , disable calling: barchart.setdrawbarshadow(false) or change color: bardataset.setbarshadowcolor(int color)
Read more

javascript - Add class to another page attribute using URL id - Jquery -

i have attached id url. ex: when click link 1 , has #tab-2 id , takes me landing page. in landing page have find element has #tab-2 id have add class .active . i tried no luck. please 1 correct code. thanks js fiddle link html <div class="menu"> <ul> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-2">link 1</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-44">link 2</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-74">link 3</a></li> </ul> </div> landing page <div class="tab"> <ul> <li><a id="tab-2" class="active" >link 1 content</a></li> <li><a id="tab-44" >link 2 content</a></li> <li><a id="tab-74" >link 3 content</a></l...
Read more

firefox - Where is 'webgl.osmesalib' parameter? -

i'm trying webgl running on firefox (v37.0.2) via software acceleration mesa. tried following steps have been stated in article: http://www.binarytides.com/enable-webgl-firefox-ubuntu/ however, unable find parameter named ' webgl.osmesalib ' in about:config section? has been removed (or renamed)? if yes, how should instruct firefox use mesa's software acceleration webgl? looks support osmesa removed in favour llvmpipe.
Read more