Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BSOD sgdt #41

Open
baby0o01999 opened this issue Oct 22, 2021 · 0 comments
Open

BSOD sgdt #41

baby0o01999 opened this issue Oct 22, 2021 · 0 comments

Comments

@baby0o01999
Copy link

BSOD code

sgdt [rcx]

windbg----------------------------------------------------
PROCESS_NAME: Notepad2.exe

TRAP_FRAME: ffff9f040f207c70 -- (.trap 0xffff9f040f207c70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000033 rbx=0000000000000000 rcx=0000000000000006
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80123823ccb rsp=ffff9f040f207e00 rbp=0000000000000000
r8=ffff9f040f207fe0 r9=0000000000000802 r10=0000000000000000
r11=ffff78fb67e00000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
DdiMon+0x3ccb:
fffff80123823ccb 66891f mov word ptr [rdi],bx ds:0000000000000000=????
Resetting default scope

BAD_STACK_POINTER: ffff9f040f207b28

STACK_TEXT:
ffff9f040f207b28 fffff801189ce569 : 000000000000000a 000001e21abb0000 00000000000000ff 0000000000000000 : nt!KeBugCheckEx
ffff9f040f207b30 fffff801189ca8a5 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiBugCheckDispatch+0x69
ffff9f040f207c70 fffff80123823ccb : 0000000000000000 0000000000000033 ffff9f040f207eb0 ffff9f0407361000 : nt!KiPageFault+0x465
ffff9f040f207e00 0000000000000000 : 0000000000000033 ffff9f040f207eb0 ffff9f0407361000 0000000242e89222 : DdiMon+0x3ccb

SYMBOL_NAME: DdiMon+3ccb

MODULE_NAME: DdiMon

IDA pro DdiMon+3ccb
v21 = UtilVmRead(kGuestGdtrBase);
v22 = UtilVmRead(kGuestGdtrLimit);
v23 = (*(_QWORD *)(v21 + 8 * ((unsigned __int64)(unsigned __int16)UtilVmRead(kGuestCsSelector) >> 3)) >> 53) & 1i64;
*(_WORD *)v11 = v22; // BSOD
if ( v23 )
*(_QWORD *)(v11 + 2) = v21;
else
*(_DWORD *)(v11 + 2) = v21;
goto LABEL_44;

vmm.cpp
// 64bit
descriptor_table_reg->base = gdt_base; //BSOD
descriptor_table_reg->limit = gdt_limit;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@baby0o01999