约有 21 项符合查询结果, 以下是第 1 - 3项。
费时 < 1 秒。
InitializeObjectAttributes(&ObjectAttributes, KeyName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); status = ZwOpenKey(&CCSKey, KEY_ALL_ACCESS, &ObjectAttributes);
这里总是返回STATUS_OBJECT_NAME_NOT_FOUND,事实上注册表中确有这个键,汇编跟进去失败在CmpParseKey里面
kcb->ExtFlags & ...
Posted in Windows内核调试
by
compiler
on 2011-08-11
最好 在虚拟机调
真实机跑飞了 就不得了了
注意tls
Posted in WinDbg
by
compiler
on 2010-05-26
b9e095d7 0f8563150000 jne NDIS!NdisFreeMemory+0x18 (b9e0ab40)
后面还有
loc_12B40: ; CODE XREF: NdisFreeMemory(x,x,x)+9�j
.text:00012B40 test byte ptr [ebp+arg_8], 2
.text:00012B44 jz short loc_12B57
.text:00012B46 push [ebp+NumberOfBytes] ; ...
Posted in Windows驱动开发
by
compiler
on 2010-05-06
更奇怪的是过了大概两个小时后又恢复正常了。后来查了一下系统中所有的模块,才知道0xf703db85是NDIS!ndisWorkerThread。
Posted in Windows内核调试
by
compiler
on 2010-04-18
Context Switch Count 2453799 LargeStack
UserTime 00:34:16.031
KernelTime 00:00:10.125
Win32 Start Address 0x1001ccff
Start Address 0x7c810669
Stack Init a90c3000 Current a90c2d34 Base a90c3000 Limit a90be000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 16
ChildEBP ...
Posted in Windows内核调试
by
compiler
on 2010-04-17