NMI (int 0x02) is by default setup as TaskGate, which means that it points to TSS Descriptor where is stored TSS needed to transfer execution to r0 when NMI occurs.

sice not running:


sice running:

No practical rce use, but still funny thing

Another SoftIce detection method (and general ring 0 gem) for the collection, thanks as usual deroko.

indeed it's sice detection, but I was playing with IPI and NMI when I saw this thingy, and completly forgot that it it can be used as sice detection

A little OT, but since we're talking about hooking... I was looking at your code under the "ultimate" project and had a question on where c:\tasm32\include\shitheap.inc came from? I see it referenced in many other projects but I don't see it included with the source. I'm using borland turbo assembler and tools 5.0, perhaps I should be incorporating other toolkits?

parad0x:

See my response in your "original" Post. Do not double post!

http://www.woodmann.com/forum/showthread.php?p=72492#post72492

Regards,