Interrupt Debug Service (0×2D), Boot loader, Vista 64bits (On the fly)
by Matthieu Suiche on Mar.10, 2007, under On the fly, Reverse Engineering, Windows
DebugPrint proc near
mov r9d, r8d
mov r8d, edx
mov dx, [rcx]
mov rcx, [rcx+8]
mov eax, 1
int 2Dh ; Internal routine for MSDOS (IRET)
int 3 ; Trap to Debugger
retn
DebugPrint endp
DebugPrompt proc near
mov r9w, [rdx+2]
mov r8, [rdx+8]
mov dx, [rcx]
mov rcx, [rcx+8]
mov eax, 2
int 2Dh ; Internal routine for MSDOS (IRET)
int 3 ; Trap to Debugger
retn
DebugPrompt endp
DebugService2 proc near
mov eax, r8d
int 2Dh ; Internal routine for MSDOS (IRET)
int 3 ; Trap to Debugger
retn
DebugService2 endp
BlBdStart+11C:
lea rdx, [rsp+78h+var_28]
lea rcx, [rsp+78h+var_58]
mov r8d, 3
call DebugService2
BlBdStop proc near
lea rdx, [rax-28h]
mov r8d, 4
xor ecx, ecx
[...]
call DebugService2
typedef enum _STATUS_DEBUG_SERVICE {
STATUS_PRINT = 1,
STATUS_PROMPT = 2,
STATUS_START = 3,
STATUS_STOP = 4
} STATUS_DEBUG_SERVICE;
