问题
I am trying to read data from a cpu control register using inline assembly. Im initially targeting x86-64. I'm not that familiar with c or assembly but ive managed to put together a very simple attempt as follows:
#include <stdio.h>
#include <stdint.h>
int main() {
uint64_t result;
asm ("movq %%cr4, %0;"
: "=r" (result) ::
);
printf("result: %d \n", result);
return 0;
}
This compiles but throws a runtime error in gdb:
Thread 1 received signal SIGILL, Illegal instruction.
main () at main.c:6
6 asm ("movq %%cr4, %0;"
I think the c/assembly is correct as I'm able to pull values from other registers. I presume the error is due to the fact that I'm not running in kernel mode (based on what I've read) but I don't fully understand what that entails and with my limited understanding of c/assembly I'm not sure i should be playing with kernel mode just yet.
Is there any other way of doing this outside of kernel mode? For example is this info available via an exposed dll call somewhere.
I would welcome any comments on the implications of running an app in kernel mode.
回答1:
Update: This answer is not appropriate for CR registers, per this comment.
What you're looking for is the so-called 'WinRing0.sys' driver, which exposes an API allowing you to read from user-mode all the various interesting MSRs that are only available to kernel (ring 0) code.
This is an open-source component, but most importantly someone has already paid to sign to the driver so it can be loaded in Windows (as an individual, it is practically impossible to sign a current Windows driver even if you are willing to pay). You can find the 32-bit and 64-bit (WinRing0x64.sys) binaries here.
More details are available in this answer - the question there is about programming performance counters, but the access needed is the same and WinRing0.sys will work for both use-cases.
来源:https://stackoverflow.com/questions/46459328/read-the-value-of-a-cpu-control-register-from-admin-privilege-app-windows