Thanks Inaki.
you are right, I was confused by the segment registers from Windbg which
presents DS, ES = 0x23, but real register was DS, ES = 0x0 because of it is
from V86
Thanks again.
“Andy Jung” wrote in message news:xxxxx@ntdev…
> does anyone have any idea about following thing.
> I hooked int 0xe (by changing idt) in windows XP.
> it worked well, but when I run a 16bit program, the program does not work
> well
> ntvdm just present an error message.
>
> so, accoding to the understanding the problem,
> I just changed the the code of int 0xe into jmp nt!KiTrap0E(relative
> jmp,such code e9 ea 49 68 86) by kernel debuger
> and it work well to pass through.
> However when I change the code jmp jmp nt!KiTrap0E(indirect jmp ,such code
> ff 25 a8 f0 e5),
> NTVDM again present the error message.
>
> I can’t understand the difference between indirect jmp, and relative jmp
> that circumstance.
>
>
>
>
>