约有 306 项符合查询结果, 以下是第 24 - 31项。
费时 < 1 秒。
大米下nt!KiFastCallEntry断点后试着继续跟踪,呵呵
有空在Advdbg给大伙讲讲你的Hook扫描~
Posted in Windows内核调试
by
王宇
on 2008-10-05
wow~
欢迎sudami同学(hi.baidu.com/sudami)!我5号到~
Posted in Windows内核调试
by
王宇
on 2008-09-29
显式强制加lock前缀的适用范围是:
- The bit test and modify instructions (BTS, BTR, and BTC).
- The exchange instructions (XADD, CMPXCHG, and CMPXCHG8B).
- The LOCK prefix is automatically assumed for XCHG instruction.
- The following single-operand arithmetic and logical instructions: INC, DEC, NOT,
and NEG.
- The following two-operand arithmetic and ...
Posted in Windows内核调试
by
王宇
on 2008-09-26
嗯 是的!我只是一开始很好奇,像:RtlInterlockedSetBitsDiscardReturn 是 lock or [ecx], eaxRtlInterlockedAndBitsDiscardReturn 是 lock and [ecx], eaxInterlockedExchangeAdd 是 lock xadd [ecx], eaxInterlockedCompareExchange 是 lock cmpxchg [ecx], edx等等等等可凭啥InterlockedExchange 是 xchg [ecx], eax 呢,难道这指令就是多核安全的?!后来翻了Intel手册才知道,嗨,还真是安全的,请看:7.1.2.1 Automatic LockingThe ...
Posted in Windows内核调试
by
王宇
on 2008-09-26
天呐 MJ真的来了... -___-
热烈欢迎!!! ^_^
Posted in Windows内核调试
by
王宇
on 2008-09-25
http://seclists.org/vulnwatch/2004/q1/att-0041/xploit_dbg_cpp
Posted in Windows内核调试
by
王宇
on 2008-09-15
论坛似乎将 尖括号对 认为是“注释”? 上面的 _KiInitializeKernel 例程参数被截断了(这里的masm语法格式将参数置于尖括号内),它的完整参数如下:
offset _KiInitialProcess,ebx,edx,dword ptr PCR[PcPrcb],eax,_KeLoaderBlock
另外,看着 KPCR 和 KPCRB 长起来的感觉很不错~
Posted in Windows内核调试
by
王宇
on 2008-09-09
类似的,开中断也是一样,请参看Win源码:
; arg6 - LoaderBlock
; arg5 - processor number
; arg4 - addr of prcb
; arg3 - idle thread's stack
; arg2 - addr of current thread obj
; arg1 - addr of current process obj
; initialize system data structures
; and HAL.
stdCall _KiInitializeKernel,
;
; Set idle thread priority.
;
mov ...
Posted in Windows内核调试
by
王宇
on 2008-09-09
另,推荐一个DPC实验工具:
http://www.thesycon.de/deu/latency_check.shtml
还有一个微软的文章:
http://www.microsoft.com/whdc/driver/perform/mmdrv.mspx
http://www.microsoft.com/china/whdc/driver/perform/mmdrv.mspx
Posted in Windows内核调试
by
王宇
on 2008-09-03
