diff --git a/22_day/Makefile b/22_day/Makefile index 479f271..4f9d08d 100644 --- a/22_day/Makefile +++ b/22_day/Makefile @@ -46,6 +46,9 @@ bootpack.bim : $(OBJS_BOOTPACK) Makefile bootpack.hrb : bootpack.bim Makefile $(BIM2HRB) bootpack.bim bootpack.hrb 0 +haribote.sys : asmhead.bin bootpack.hrb Makefile + copy /B asmhead.bin+bootpack.hrb haribote.sys + hello.hrb : hello.nas Makefile $(NASK) hello.nas hello.hrb hello.lst @@ -64,33 +67,26 @@ hello3.bim : hello3.obj a_nask.obj Makefile hello3.hrb : hello3.bim Makefile $(BIM2HRB) hello3.bim hello3.hrb 0 -haribote.sys : asmhead.bin bootpack.hrb Makefile - copy /B asmhead.bin+bootpack.hrb haribote.sys +bug1.bim : bug1.obj Makefile + $(OBJ2BIM) @$(RULEFILE) out:bug1.bim map:bug1.map bug1.obj a_nask.obj -crack1.bim : crack1.obj Makefile - $(OBJ2BIM) @$(RULEFILE) out:crack1.bim map:crack1.map crack1.obj a_nask.obj +bug1.hrb : bug1.bim Makefile + $(BIM2HRB) bug1.bim bug1.hrb 0 -crack1.hrb : crack1.bim Makefile - $(BIM2HRB) crack1.bim crack1.hrb 0 +bug2.bim : bug2.obj Makefile + $(OBJ2BIM) @$(RULEFILE) out:bug2.bim map:bug2.map bug2.obj -crack2.hrb : crack2.nas Makefile - $(NASK) crack2.nas crack2.hrb crack2.lst +bug2.hrb : bug2.bim Makefile + $(BIM2HRB) bug2.bim bug2.hrb 0 -crack3.hrb : crack3.nas Makefile - $(NASK) crack3.nas crack3.hrb crack3.lst +bug3.bim : bug3.obj Makefile + $(OBJ2BIM) @$(RULEFILE) out:bug3.bim map:bug3.map bug3.obj a_nask.obj -crack4.hrb : crack4.nas Makefile - $(NASK) crack4.nas crack4.hrb crack4.lst - -crack5.hrb : crack5.nas Makefile - $(NASK) crack5.nas crack5.hrb crack5.lst - -crack6.hrb : crack6.nas Makefile - $(NASK) crack6.nas crack6.hrb crack6.lst +bug3.hrb : bug3.bim Makefile + $(BIM2HRB) bug3.bim bug3.hrb 0 haribote.img : ipl10.bin haribote.sys Makefile \ - hello.hrb hello2.hrb a.hrb hello3.hrb crack1.hrb crack2.hrb crack3.hrb \ - crack4.hrb crack5.hrb crack6.hrb + hello.hrb hello2.hrb a.hrb hello3.hrb bug1.hrb bug2.hrb bug3.hrb $(EDIMG) imgin:../z_tools/fdimg0at.tek \ wbinimg src:ipl10.bin len:512 from:0 to:0 \ copy from:haribote.sys to:@: \ @@ -100,12 +96,9 @@ haribote.img : ipl10.bin haribote.sys Makefile \ copy from:hello2.hrb to:@: \ copy from:a.hrb to:@: \ copy from:hello3.hrb to:@: \ - copy from:crack1.hrb to:@: \ - copy from:crack2.hrb to:@: \ - copy from:crack3.hrb to:@: \ - copy from:crack4.hrb to:@: \ - copy from:crack5.hrb to:@: \ - copy from:crack6.hrb to:@: \ + copy from:bug1.hrb to:@: \ + copy from:bug2.hrb to:@: \ + copy from:bug3.hrb to:@: \ imgout:haribote.img # 其他指令 diff --git a/22_day/bootpack.c b/22_day/bootpack.c index 68d25e2..c215441 100644 --- a/22_day/bootpack.c +++ b/22_day/bootpack.c @@ -41,6 +41,7 @@ void HariMain(void) 0, 0, 0, '_', 0, 0, 0, 0, 0, 0, 0, 0, 0, '|', 0, 0 }; int key_to = 0, key_shift = 0, key_leds = (binfo->leds >> 4) & 7, keycmd_wait = -1; + struct CONSOLE *cons; init_gdtidt(); init_pic(); @@ -223,6 +224,14 @@ void HariMain(void) fifo32_put(&keycmd, KEYCMD_LED); fifo32_put(&keycmd, key_leds); } + if (i == 256 + 0x3b && key_shift != 0 && task_cons->tss.ss0 != 0) { /* Shift+F1 */ + cons = (struct CONSOLE *) *((int *) 0x0fec); + cons_putstr0(cons, "\nBreak(key) :\n"); + io_cli(); /*不能在改变寄存器值时切换到其他任务*/ + task_cons->tss.eax = (int) &(task_cons->tss.esp0); + task_cons->tss.eip = (int) asm_end_app; + io_sti(); + } if (i == 256 + 0xfa) { /*键盘成功接收到数据*/ keycmd_wait = -1; } diff --git a/22_day/bootpack.h b/22_day/bootpack.h index 8322e34..99eb7a1 100644 --- a/22_day/bootpack.h +++ b/22_day/bootpack.h @@ -24,6 +24,7 @@ void load_idtr(int limit, int addr); int load_cr0(void); void store_cr0(int cr0); void load_tr(int tr); +void asm_inthandler0c(void); void asm_inthandler0d(void); void asm_inthandler20(void); void asm_inthandler21(void); @@ -34,6 +35,7 @@ void farjmp(int eip, int cs); void farcall(int eip, int cs); void asm_hrb_api(void); void start_app(int eip, int cs, int esp, int ds, int *tss_esp0); +void asm_end_app(void); /* fifo.c */ struct FIFO32 { @@ -248,6 +250,7 @@ void cmd_dir(struct CONSOLE *cons); void cmd_type(struct CONSOLE *cons, int *fat, char *cmdline); int cmd_app(struct CONSOLE *cons, int *fat, char *cmdline); int *hrb_api(int edi, int esi, int ebp, int esp, int ebx, int edx, int ecx, int eax); +int *inthandler0c(int *esp); int *inthandler0d(int *esp); /* file.c */ diff --git a/22_day/bug1.c b/22_day/bug1.c new file mode 100644 index 0000000..1430edf --- /dev/null +++ b/22_day/bug1.c @@ -0,0 +1,13 @@ +void api_putchar(int c); +void api_end(void); + +void HariMain(void){ + char a[100]; + a[10] = 'A'; /*这句当然没有问题*/ + api_putchar(a[10]); + a[102] = 'B'; /*这句就有问题了*/ + api_putchar(a[102]); + a[123] = 'C'; /*这句也有问题了*/ + api_putchar(a[123]); + api_end(); +} \ No newline at end of file diff --git a/22_day/bug2.c b/22_day/bug2.c new file mode 100644 index 0000000..c6f65e7 --- /dev/null +++ b/22_day/bug2.c @@ -0,0 +1,3 @@ +void HariMain(void){ + for (;;) { } +} \ No newline at end of file diff --git a/22_day/bug3.c b/22_day/bug3.c new file mode 100644 index 0000000..5982e10 --- /dev/null +++ b/22_day/bug3.c @@ -0,0 +1,9 @@ +void api_putchar(int c); +void api_end(void); + +void HariMain(void) +{ + for (;;) { + api_putchar('a'); + } +} diff --git a/22_day/console.c b/22_day/console.c index 18a49de..18b8bf6 100644 --- a/22_day/console.c +++ b/22_day/console.c @@ -326,10 +326,24 @@ int *hrb_api(int edi, int esi, int ebp, int esp, int ebx, int edx, int ecx, int return 0; } +int *inthandler0c(int *esp) +{ + struct CONSOLE *cons = (struct CONSOLE *) *((int *) 0x0fec); + struct TASK *task = task_now(); + char s[30]; + cons_putstr0(cons, "\nINT 0C :\n Stack Exception.\n"); + sprintf(s, "EIP = %08X\n", esp[11]); + cons_putstr0(cons, s); + return &(task->tss.esp0); /*强制结束程序*/ +} + int *inthandler0d(int *esp) { struct CONSOLE *cons = (struct CONSOLE *) *((int *) 0x0fec); struct TASK *task = task_now(); + char s[30]; cons_putstr0(cons, "\nINT 0D :\n General Protected Exception.\n"); + sprintf(s, "EIP = %08X\n", esp[11]); + cons_putstr0(cons, s); return &(task->tss.esp0); /*强制结束程序*/ } diff --git a/22_day/crack1.c b/22_day/crack1.c deleted file mode 100644 index d74acf3..0000000 --- a/22_day/crack1.c +++ /dev/null @@ -1,7 +0,0 @@ -void api_end(void); - -void HariMain(void) -{ - *((char *) 0x00102600) = 0; - api_end(); -} diff --git a/22_day/crack2.nas b/22_day/crack2.nas deleted file mode 100644 index 73a9fb0..0000000 --- a/22_day/crack2.nas +++ /dev/null @@ -1,7 +0,0 @@ -[INSTRSET "i486p"] -[BITS 32] - MOV EAX,1*8 ; OS用的段号 - MOV DS,AX ; 将其存入DS - MOV BYTE [0x102600],0 - MOV EDX,4 - INT 0x40 diff --git a/22_day/crack3.nas b/22_day/crack3.nas deleted file mode 100644 index 990f86d..0000000 --- a/22_day/crack3.nas +++ /dev/null @@ -1,16 +0,0 @@ -[INSTRSET "i486p"] -[BITS 32] - MOV AL,0x34 - OUT 0x43,AL - MOV AL,0xff - OUT 0x40,AL - MOV AL,0xff - OUT 0x40,AL - -; 上述代码的功能与下面代码相当 -; io_out8(PIT_CTRL, 0x34); -; io_out8(PIT_CNT0, 0xff); -; io_out8(PIT_CNT0, 0xff); - - MOV EDX,4 - INT 0x40 diff --git a/22_day/crack4.nas b/22_day/crack4.nas deleted file mode 100644 index 823cef7..0000000 --- a/22_day/crack4.nas +++ /dev/null @@ -1,6 +0,0 @@ -[INSTRSET "i486p"] -[BITS 32] - CLI -fin: - HLT - JMP fin diff --git a/22_day/crack5.nas b/22_day/crack5.nas deleted file mode 100644 index 584964c..0000000 --- a/22_day/crack5.nas +++ /dev/null @@ -1,5 +0,0 @@ -[INSTRSET "i486p"] -[BITS 32] - CALL 2*8:0xac1 - MOV EDX,4 - INT 0x40 diff --git a/22_day/crack6.nas b/22_day/crack6.nas deleted file mode 100644 index 2923b28..0000000 --- a/22_day/crack6.nas +++ /dev/null @@ -1,6 +0,0 @@ -[INSTRSET "i486p"] -[BITS 32] - MOV EDX,123456789 - INT 0x40 - MOV EDX,4 - INT 0x40 diff --git a/22_day/dsctbl.c b/22_day/dsctbl.c index cdcee71..05bfe89 100644 --- a/22_day/dsctbl.c +++ b/22_day/dsctbl.c @@ -23,6 +23,7 @@ void init_gdtidt(void) load_idtr(LIMIT_IDT, ADR_IDT); /* IDT设置*/ + set_gatedesc(idt + 0x0c, (int) asm_inthandler0c, 2 * 8, AR_INTGATE32); set_gatedesc(idt + 0x0d, (int) asm_inthandler0d, 2 * 8, AR_INTGATE32); set_gatedesc(idt + 0x20, (int) asm_inthandler20, 2 * 8, AR_INTGATE32); set_gatedesc(idt + 0x21, (int) asm_inthandler21, 2 * 8, AR_INTGATE32); diff --git a/22_day/mtask.c b/22_day/mtask.c index 7f844c2..b518641 100644 --- a/22_day/mtask.c +++ b/22_day/mtask.c @@ -135,6 +135,7 @@ struct TASK *task_alloc(void) task->tss.gs = 0; task->tss.ldtr = 0; task->tss.iomap = 0x40000000; + task->tss.ss0 = 0; return task; } } diff --git a/22_day/naskfunc.nas b/22_day/naskfunc.nas index 35950c7..d32a472 100644 --- a/22_day/naskfunc.nas +++ b/22_day/naskfunc.nas @@ -15,13 +15,13 @@ GLOBAL _load_tr GLOBAL _asm_inthandler20, _asm_inthandler21 GLOBAL _asm_inthandler27, _asm_inthandler2c - GLOBAL _asm_inthandler0d - GLOBAL _memtest_sub + GLOBAL _asm_inthandler0c, _asm_inthandler0d + GLOBAL _asm_end_app, _memtest_sub GLOBAL _farjmp, _farcall GLOBAL _asm_hrb_api, _start_app EXTERN _inthandler20, _inthandler21 EXTERN _inthandler27, _inthandler2c - EXTERN _inthandler0d + EXTERN _inthandler0c, _inthandler0d EXTERN _hrb_api [SECTION .text] @@ -178,6 +178,26 @@ _asm_inthandler2c: POP ES IRETD +_asm_inthandler0c: + STI + PUSH ES + PUSH DS + PUSHAD + MOV EAX,ESP + PUSH EAX + MOV AX,SS + MOV DS,AX + MOV ES,AX + CALL _inthandler0c + CMP EAX,0 + JNE _asm_end_app + POP EAX + POPAD + POP DS + POP ES + ADD ESP,4 ; 在INT 0x0c中也需要这句 + IRETD + _asm_inthandler0d: STI PUSH ES @@ -190,7 +210,7 @@ _asm_inthandler0d: MOV ES,AX CALL _inthandler0d CMP EAX,0 - JNE end_app + JNE _asm_end_app POP EAX POPAD POP DS @@ -250,15 +270,16 @@ _asm_hrb_api: MOV ES,AX CALL _hrb_api CMP EAX,0 ; 当EAX不为0时程序结束 - JNE end_app + JNE _asm_end_app ADD ESP,32 POPAD POP ES POP DS IRETD -end_app: -; EAX为tss.esp0的地址 - MOV ESP,[EAX] +_asm_end_app: +; EAX为tss.esp0的地址 + MOV ESP,[EAX] + MOV DWORD [EAX+4],0 POPAD RET ; 返回cmd_app