char v8; // [esp+1Ah] [ebp-16h] char v9; // [esp+1Bh] [ebp-15h] char v10; // [esp+1Ch] [ebp-14h] char v11; // [esp+1Dh] [ebp-13h] char v12; // [esp+1Eh] [ebp-12h] char v13; // [esp+1Fh] [ebp-11h] char v14; // [esp+20h] [ebp-10h] char v15;...
8053e568 89ae34010000 mov dword ptr [esi+134h],ebp//设置当前的TrapFrame 8053e56e fc cld //改变DF标志位 8053e56f 8b5d60 mov ebx,dword ptr [ebp+60h] 8053e572 8b7d68 mov edi,dword ptr [ebp+68h] 8053e575 89550c mov dword ptr [ebp+0Ch],edx//edx指向用户空间的参数 8053e578 c745...
KeReleaseQueuedSpinLockFromDpcLevel (80868cfc) 8086ddac 33c0 xor eax,eax 8086ddae 8ee8 mov gs,ax 8086ddb0 8b4718 mov eax,dword ptr [edi+18h] 8086ddb3 8b6b40 mov ebp,dword ptr [ebx+40h] 8086ddb6 8b4f30 mov ecx,dword ptr [edi+30h] 8086ddb9 89451c mov dword ptr [ebp+1Ch],eax...
LPSTREAM pStm, const struct _GUID *clsidFrom, void **ppv) { HRESULT result; // eax int v6; // esi int v8; // [esp+4h] [ebp-50h] __int16 v9; // [esp+8h] [ebp-4Ch] MAPDST int v10; // [esp+Ch] [ebp-48h] const wchar_t *v11; // [esp+10h] [ebp-44h] IID *...
19 83e8d0f0 55 push ebp 20 83e8d0f1 53 push ebx 21 83e8d0f2 56 push esi 22 83e8d0f3 57 push edi 23 83e8d0f4 648b1d1c000000 mov ebx,dword ptr fs:[1Ch] 24 83e8d0fb 6a3b push 3Bh 25 83e8d0fd 8bb324010000 mov esi,dword ptr [ebx+124h] ...
23h push edx pushfd push 2 add edx,8 popfd or byte ptr [esp+1],2 push 1Bh push dword ptr ds:[0FFDF0304h] push 0 push ebp push ebx push esi push edi mov ebx,dword ptr fs:[1Ch] ; 指向 KPCR(自己) 的指针 push 3Bh mov esi,dword ptr [ebx+124h] ; 保存 CurrentThread,即当前...
6d1a4448h+2fh = v 6d1a4448h+11h = w 6d1a4448h+2dh = x 6d1a4448h+15h = y 6d1a4448h+2ch = z 6d1a4448h+1ch = enter 6d1a4448h+c8h = up 6d1a4448h+d0h = down 6d1a4448h+cbh = left 6d1a4448h+cdh = right 1. 2. ...