I tried to test 3th bit in cr4 register and before it i loaded cr4 into eax, just like this:



mov eax,cr4
test eax,4
jz good


winXP said me that:

you fellow used the Privileged instruction (0xc0000096) at the location 0x00402000 and now your application will be closed

click on OK to terminate the program
click on CANCEL to terminate yourself.



I don't really know, what the hell is going on:notsure:
Posted on 2004-01-09 07:51:24 by etn
Hi, etn


mov eax, CR4


is only possible if your program is running in CPL = 0.
To make this you need to write a device driver or
another way to execute your code in Ring 0.
Posted on 2004-01-09 08:07:08 by Opcode
but i needn't CPL0 i only want to test the 3th bit on cr4 register , that is all.

what a pulp...
oh! Krrisna, Ring 0...

couldn't the exception be off?
Posted on 2004-01-09 08:13:56 by etn
There is no other way to access the CR4 register in the Intel Architeture
if the code is not running in CPL = 0.



MOV to/from special registers CPU: 386+ Priv

In protected mode, MOV to/from a special register is a privileged
instruction and can be executed only if CPL=0. 32-bit operands are
always used with these instructions, regardless of the operand-size
attribute.

Note that the CR4 register was introduced with the Pentium, and that
the test registers do not exist on the Pentium or the Pentium Pro.


Opcode Format
0F 20 /r MOV r32,CR0/CR2/CR3/CR4
0F 21 /r MOV r32,DR0/DR1/DR2/DR3/DR6/DR7
0F 22 /r MOV CR0/CR2/CR3/CR4,r32
0F 23 /r MOV DR0/DR1/DR2/DR3/DR6/DR7,r32
0F 24 /r MOV r32,TR6/TR7 ; 386-486
0F 26 /r MOV TR6/TR7,r32 ; 386-486
0F 24 /r MOV r32,TR3/TR4/TR5 ; 486
0F 26 /r MOV TR3/TR4/TR5,r32 ; 486



You are needing to read more the Intel? Architecture Software Developer's Manuals.
http://www.intel.com/design/pentium/manuals/
Posted on 2004-01-09 08:24:12 by Opcode
THX men, you raised my spirits:cool:
Posted on 2004-01-09 08:37:55 by etn
Run the code in Ring0 (driver most probably) instead of Ring3.
Posted on 2004-01-09 10:07:42 by roticv

Run the code in Ring0 (driver most probably) instead of Ring3.


Excuse me, maybe I'm mistaken and I have a different perception.
But isn't that answer has been already given?
Posted on 2004-01-09 10:19:58 by Eternal Idol Birmingham

click on OK to terminate the program
click on CANCEL to terminate yourself.


Since you are posting, I guess you clicked "OK" :grin:
Posted on 2004-01-09 14:02:18 by ThoughtCriminal
no,

U R wrong!

I pressed cancel but like always without any succes ;)
Posted on 2004-01-12 07:44:27 by etn