CONTEXT 프로젝트(2) POPAD -0924 임기준

---

monitor.asm

---

;DATA: 09/24

.386

.MODEL FLAT

PUBLIC _STST

PUBLIC _LDST

.CODE

_STST PROC NEAR32

PUSH EBP

MOV EBP, ESP

PUSHFD

MOV EAX, [EBP - 4]

AND EAX, 0FFFFFEFFh

MOV [EBP - 4], EAX

MOV ESP, [EBP + 8]

ADD ESP, 40

PUSHAD

PUSH [EBP + 4]

PUSH [EBP - 4]

ADD ESP, 24

MOV EAX, EBP ;PUSH EBP + 8

ADD EAX, 8 ;PUSH EBP + 8

PUSH EAX ;PUSH EBP + 8

PUSH [EBP] ;old ebp

MOV ESP, EBP

POP EBP

RET

_STST ENDP

_LDST PROC NEAR32

MOV ESP, [ESP + 4] ; context구조체 주소로 이동 ESX = &CONTEXT

POPFD ; EFL = CONTEXT.EFL

POP EAX ; EIP값을 백업 EAX = OLD EIP

MOV EBX, ESP ; 현재 ESP값을 저장 EBX = current ESP

MOV ESP, [ESP + 12] ; OLD ESP위치로 이동 ESP = old ESP

PUSH EAX ; RETURN ADDRESS값을 메모리에 저장 SAVE old EIP

MOV ESP, EBX ; ESP = current ESP

POPAD

MOV ESP, [ESP - 20]

SUB ESP, 4

RET

_LDST ENDP

END

---

context.c

---

#include <stdio.h>

typedef struct _context

{

int efl;

int eip;

int edi;

int esi;

int ebp;

int esp;

int ebx;

int edx;

int ecx;

int eax;

} context;

void LDST(context *);

void STST(context *);

void printReg(context *stpReg);

int main ()

{

context stReg ={0,};

printf("==========================초기="

"=상태=========================\n");

printReg(&stReg);

printf("================================"

"=============================\n");

printf("<STST>\n");

STST(&stReg);

printReg(&stReg);

getchar();

printf("<LDST>\n");

LDST(&stReg);

printf("KERNEL PANIC\n");

return 0;

}

void printReg(context *stpReg)

{

printf ("EAX         VALUE : 0x%08X ECX         VALUE : 0x%08X\n", stpReg->eax, stpReg->ecx);

printf ("EDX         VALUE : 0x%08X EBX         VALUE : 0x%08X\n", stpReg->edx, stpReg->ebx);

printf ("ESP ADDRESS VALUE : 0x%08X EBP ADDRESS VALUE : 0x%08X\n", stpReg->esp, stpReg->ebp);

printf ("ESI ADDRESS VALUE : 0x%08X EDI ADDRESS VALUE : 0x%08X\n", stpReg->esi, stpReg->edi);

printf ("EIP ADDRESS VALUE : 0x%08X EFL ADDRESS VALUE : 0x%08X\n", stpReg->eip, stpReg->efl);

return;

}

---

※실행결과※