So are there any people on this board who know about protected
mode/ring zero programming? Or at least a link to forums about this

I basically want this question to be answered:

Assuming I managed to get into ring0 (under windows), how
would my interrupt-handler-replacement know the EIP-register value
of the process where it came from?
Since Windows is not using the Task State Segment to save the regs,
I'm really interested how to solve this.

I'm not trying anything special. Just learning pmode/ring0 by doing
:grin: ...

aweX <-
Posted on 2003-01-26 21:15:07 by aweX

There is probably still no better way to get into low level coding than to get the DDK for the version of windows you are using as this will give you the techniques for device drivers.

There were a few fudges with win95 oem but they were changed in later versions so there is not much chance of dsoing this stuff any other way than to write device driver code.

Posted on 2003-01-27 01:05:02 by hutch--
Thanks for your reply, hutch--

But driver development won't cover interrupt handlers, would it ?
... especially the question I stated above.

I've read through much pmode stuff, now I want to get into
practise. I think drivers are a bit too much for such a start, I will
read Iczelion's driver tuts though.

aweX <-
Posted on 2003-01-27 01:13:24 by aweX
EIP would be at SS:ESP

The stack frame of an 32-bit interrupt gate (and an interrupt handler would most likely be called thru such a gate) looks like:

dword EIP
dword CS
dword EFLAGS
dword ESP ;only if ring switch occured
dword SS ;only if ring switch occured

if a V86 mode routine was interrupted, all the other 4 segment registers are onto the stack too and initialized with zero (as far as I remember)
Posted on 2003-01-27 16:56:27 by japheth