Hi All: I am doing some research on how VBox handling system calls for WindowsXP.
I found a function "PATMPatchSysenterXP" in PATMGuest.cpp. It transformed the 'sysenter' into old "int 0x2e". And I intercepted all 'int 0x2e' in TRPM. But I found that the system call number, regarded to be stored in EAX was not correct. The numbers were usually greater that 0xFF. I also disassembled the opcode around the 'int 0x2e'. They are not the way how ‘int 0x2e’ system calls were invoked, which made me confused. lea esp, [esp+0] lea edx, [esp+8] int 0x2e ret Could someone give me some clues to move on ? Thanks in advance. Qiang Huang
_______________________________________________ vbox-dev mailing list [email protected] https://www.virtualbox.org/mailman/listinfo/vbox-dev
