如何进入系统“呼叫"状态? [英] How to step into sysenter "call"

问题描述

最近我遇到了SendInput API(USER32！NtUserSendInput)的问题.我跟踪到该函数，但最后我进入了"sysenter".而且我无法走得更远.

谷歌搜索之后，有一些关于sysenter的文章.但是他们都帮不上忙.

我认为一定有办法，可以给一些提示吗?

谢谢

Recently I encountered a problem with SendInput API(USER32!NtUserSendInput). I traced into the function, but finally I come to "sysenter". And I could not go further.

After Googling, there is some article about sysenter. But none of them could help.

I think there must be a way, could any give some hints?

Thank you

推荐答案

sysenter是特权指令，用于快速进入保护级别0.不允许输入保护级别，并且一定不能与位于其的调试器一起使用该保护级别在更高的水平上.

http://siyobik.info/index.php?module=x86&id=313 [ ^ ]

也许您可以在调试模式下启动Windows，然后尝试使用与串行端口的连接来捕获一些输出.
http://support.microsoft.com/kb/15198 [

sysenter is a privileged instruction to fast enter protection level 0. You are not allowed to enter it and can certainly not follow it with your debugger that is located at a much higher level.

http://siyobik.info/index.php?module=x86&id=313[^]

Maybe you could start windows in debugmode and try to catch some of the output using a connection to the serial port.
http://support.microsoft.com/kb/15198[^]

Good luck!

感谢您的发帖.

确实，我为虚拟PC设置了调试模式(使用VBox).

我已经读过一些有关"x86指令集"的内容，这非常复杂.
什么是SYSENTER_CS_MSR，SYSENTER_ESP_MSR等?从应用程序方面来看，有eax，ebx和eip，esp，ebp等.那些(SYSENTER_CS_MSR)在哪里?是否可以通过调试器进行检索?

谢谢.

Thanks for your post.

Indeed, I set up debug mode for a virtual pc, ( using VBox ).

I have read something About "x86 Instruction Set", it is much to complicated.
What is SYSENTER_CS_MSR,SYSENTER_ESP_MSR, etc ? From applications side there are, eax,ebx, and eip, esp, ebp etc. Where are those (SYSENTER_CS_MSR) located? Is possible to retrieve via debugger?

Thank you.

我认为，您只需要此代码的cpp源即可.
保护环已在此处进行了系统修饰.

I think, that you just need the cpp source of this code.
The protection rings is system menshioned here.

这篇关于如何进入系统“呼叫"状态?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！