IDT检测（支持多核cpu,兼容xp & vista）

获取idt信息再简单不过，只是随手实验的代码。欢迎各种飘过

ms的某些改动真是很烦人，没多大用处，又给兼容带来许多麻烦，大概ms以为vista会大卖，xp是淘汰货不用兼容了吧！我晕。（win7界面很难看。。学Ubuntu没学好吧....）

1. DbgPrin 用不了，查了查资料

• Enable output of DbgPrint/KdPrint messages by default --Open the key "HKLM\SYSTEM\CCS\Control\Session Manager\Debug Print Filter".  Under this key, create a  value with the name "DEFAULT"  Set the value of this key equal to the DWORD value 8 to enable xxx_INFO_LEVEL output as well as xxx_ERROR_LEVEL output.  Or try setting the mask to 0xF so you get all output.  You must reboot for these changes to take effect.各种吃饱了没事干。
  
  

  2.获取cpu数目的方式变了，具体方法看下文。

    1 #define MAKELONG(a, b) ((unsigned long) (((unsigned short) (a)) | ((unsigned long) ((unsigned short) (b))) << 16)) 
    2 
    3 
    4 VOID ShowIDTinfo( 
    5                  IN struct _KDPC  *Dpc, 
    6                  IN ULONG cpuNum, 
    7                  IN PVOID  SystemArgument1, 
    8                  IN PVOID  SystemArgument2); 
    9 typedef struct _IDTENTRY 
   10 { 
   11     unsigned short LowOffset; 
   12     unsigned short selector; 
   13     unsigned char unused_lo; 
   14     unsigned char segment_type:4;    //0x0E is an interrupt gate 
   15     unsigned char system_segment_flag:1; 
   16     unsigned char DPL:2;           // descriptor privilege level 
   17     unsigned char P:1;              /* present */ 
   18     unsigned short HiOffset; 
   19 } IDTENTRY,*PIDTENTRY; 
   20 
   21 /* sidt returns idt in this format */ 
   22 typedef struct _IDTINFO 
   23 { 
   24     unsigned short IDTLimit; 
   25     unsigned short LowIDTbase; 
   26     unsigned short HiIDTbase; 
   27 } IDTINFO,*PIDTINFO; 
   28 typedef  ULONG (NTAPI *fnKeQueryActiveProcessorCount)(OUT PKAFFINITY  ActiveProcessors); 
   29 ULONG g_dwBuildNumber; 
   30 //记录完成dpc的数量 
   31 volatile LONG g_FinshedDPC = 0; 
   32 //入口函数 
   33 extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject,IN PUNICODE_STRING pRegistryPath) 
   34 { 
   35     NTSTATUS status; 
   36 
   37     //注册驱动调用函数入口 
   38     pDriverObject->DriverUnload = (PDRIVER_UNLOAD)DriverUnload; 
   39     pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]= DriverIOCtrl    ; 
   40     pDriverObject->MajorFunction[IRP_MJ_CLOSE]= DriverDispatch    ; 
   41     pDriverObject->MajorFunction[IRP_MJ_CREATE]= DriverDispatch    ; 
   42     pDriverObject->MajorFunction[IRP_MJ_READ]= DriverDispatch    ; 
   43     pDriverObject->MajorFunction[IRP_MJ_WRITE]= DriverDispatch    ; 
   44 
   45 
   46     //创建设备 
   47     status = CreateDevice(pDriverObject); 
   48 
   49     ULONG count = 0; 
   50     UNICODE_STRING  ustr; 
   51     PKDPC pdpc; 
   52     PsGetVersion(0,0,&g_dwBuildNumber,0); 
   53     //__asm int 3 
   54     //动态获取地址，因为获取cpu数目的方法在vista sp1即以后版本有所改变， 
   55     //如果直接使用KeQueryActiveProcessorCount将导致驱动在xp下无法加载 
   56     if (g_dwBuildNumber == 2600 || g_dwBuildNumber == 6000) 
   57     { 
   58         RtlInitUnicodeString(&ustr,L"KeNumberProcessors"); 
   59         PVOID p = MmGetSystemRoutineAddress(&ustr); 
   60         if (p!=0) 
   61         { 
   62             count = *(ULONG *)p; 
   63         }     
   64     } 
   65     else 
   66     { 
   67         KAFFINITY procs; 
   68         RtlInitUnicodeString(&ustr,L"KeQueryActiveProcessorCount"); 
   69         fnKeQueryActiveProcessorCount MyQueryActiveProcessorCount = (fnKeQueryActiveProcessorCount)MmGetSystemRoutineAddress(&ustr); 
   70         if (MyQueryActiveProcessorCount != 0) 
   71         { 
   72             count = MyQueryActiveProcessorCount(&procs); 
   73         } 
   74 
   75     } 
   76     if (count==1) 
   77     { 
   78         ShowIDTinfo(0,0,0,0); 
   79     } 
   80     else 
   81     { 
   82         ULONG currrent_pro_num = KeGetCurrentProcessorNumber(); 
   83         ShowIDTinfo(0,currrent_pro_num,0,0); 
   84         g_FinshedDPC = 1; 
   85         PKDPC temp_dpc; 
   86         temp_dpc = (PKDPC)ExAllocatePoolWithTag(NonPagedPool,sizeof(KDPC)*count,'rm'); 
   87         pdpc = temp_dpc; 
   88         if (temp_dpc == NULL) 
   89             return status; 
   90         for (ULONG i = 0;i<count;i++,*temp_dpc++) 
   91         { 
   92             if (i!=currrent_pro_num) 
   93             { 
   94                 //传入一个cpu号就好 
   95                 KeInitializeDpc(temp_dpc,(PKDEFERRED_ROUTINE)ShowIDTinfo,(PVOID)i); 
   96                 KeSetTargetProcessorDpc(temp_dpc,i); 
   97                 KeInsertQueueDpc(temp_dpc,NULL,NULL); 
   98 
   99             } 
  100              
  101 
  102         } 
  103         //等待所有的dpc历程完事儿 
  104         while(InterlockedCompareExchange(&g_FinshedDPC,count,count) != count) 
  105         { 
  106             __asm nop 
  107         } 
  108         ExFreePoolWithTag(pdpc,'rm'); 
  109     } 
  110 
  111     return status; 
  112 } 
  113 
  114 VOID ShowIDTinfo( 
  115                  IN struct _KDPC  *Dpc, 
  116                  IN ULONG cpuNum, 
  117                  IN PVOID  SystemArgument1, 
  118                  IN PVOID  SystemArgument2) 
  119  { 
  120      IDTINFO idt_info; 
  121   
  122      __asm sidt  idt_info 
  123   
  124      PIDTENTRY pIDTen =( PIDTENTRY)MAKELONG(idt_info.LowIDTbase,idt_info.HiIDTbase); 
  125      PIDTENTRY pIDTtmp; 
  126      ULONG addr; 
  127   
  128      for (ULONG i=0;i<0xFF;i++) 
  129      { 
  130          pIDTtmp = &pIDTen[i]; 
  131          addr = MAKELONG(pIDTtmp->LowOffset,pIDTtmp->HiOffset); 
  132         DbgPrint("CPU:%d       Index:%d       Addr:0x%x   DPL:%d\n",cpuNum,i,addr,pIDTtmp->DPL);         
  133      } 
  134 
  135     InterlockedIncrement(&g_FinshedDPC); 
  136   
  137  }

  
  恩，就这样，利用dpc可以指定执行的cpu数目来搞。