📄 ramdisk.cod
字号:
0007b 8b f0 mov esi, eax
; 546 : if (!NT_SUCCESS(status)) {
0007d 85 f6 test esi, esi
0007f 7d 16 jge SHORT $L14454
; 547 : DBGPRINT( DBG_COMP_PNP, DBG_LEVEL_ERROR, ("Acquire RemoveLock failed\n" ) );
; 548 : COMPLETE_REQUEST( Irp, status, 0 );
00081 83 67 1c 00 and DWORD PTR [edi+28], 0
00085 32 d2 xor dl, dl
00087 8b cf mov ecx, edi
00089 89 77 18 mov DWORD PTR [edi+24], esi
0008c ff 15 00 00 00
00 call DWORD PTR __imp_@IofCompleteRequest@8
; 549 : return status;
00092 e9 e5 00 00 00 jmp $L14667
$L14454:
; 550 : }
; 551 :
; 552 : irpStack = IoGetCurrentIrpStackLocation(Irp);
00097 8b 77 60 mov esi, DWORD PTR [edi+96]
; 553 :
; 554 : //
; 555 : // Check for invalid parameters. It is an error for the starting offset
; 556 : // + length to go past the end of the buffer, or for the length to
; 557 : // not be a proper multiple of the sector size.
; 558 : //
; 559 : // Others are possible, but we don't check them since we trust the
; 560 : // file system
; 561 : //
; 562 :
; 563 : if (RtlLargeIntegerGreaterThan(
; 564 : RtlLargeIntegerAdd(
; 565 : irpStack->Parameters.Read.ByteOffset,
; 566 : RtlConvertUlongToLargeInteger(irpStack->Parameters.Read.Length)),
; 567 : RtlConvertUlongToLargeInteger(devExt->DiskRegInfo.DiskSize)) ||
; 568 : (irpStack->Parameters.Read.Length & (devExt->DiskGeometry.BytesPerSector - 1))) {
0009a 8b 46 04 mov eax, DWORD PTR [esi+4]
0009d 03 46 0c add eax, DWORD PTR [esi+12]
000a0 8b 5b 48 mov ebx, DWORD PTR [ebx+72]
000a3 6a 00 push 0
000a5 59 pop ecx
000a6 13 4e 10 adc ecx, DWORD PTR [esi+16]
000a9 33 d2 xor edx, edx
000ab 3b ca cmp ecx, edx
000ad 89 45 f8 mov DWORD PTR $T14620[ebp], eax
000b0 89 4d fc mov DWORD PTR $T14620[ebp+4], ecx
000b3 89 5d f0 mov DWORD PTR $T14621[ebp], ebx
000b6 75 1a jne SHORT $L14460
000b8 8b 55 08 mov edx, DWORD PTR _devExt$[ebp]
000bb 8b 52 48 mov edx, DWORD PTR [edx+72]
000be 89 55 f8 mov DWORD PTR $T14623[ebp], edx
000c1 33 d2 xor edx, edx
000c3 3b 45 f8 cmp eax, DWORD PTR $T14623[ebp]
000c6 89 4d f4 mov DWORD PTR $T14622[ebp+4], ecx
000c9 89 55 fc mov DWORD PTR $T14623[ebp+4], edx
000cc 0f 87 86 00 00
00 ja $L14459
$L14460:
000d2 8b 5d 08 mov ebx, DWORD PTR _devExt$[ebp]
000d5 89 45 f0 mov DWORD PTR $T14624[ebp], eax
000d8 8b 43 48 mov eax, DWORD PTR [ebx+72]
000db 89 45 f0 mov DWORD PTR $T14625[ebp], eax
000de 33 c0 xor eax, eax
000e0 3b c8 cmp ecx, eax
000e2 7f 74 jg SHORT $L14459
000e4 8b 4b 44 mov ecx, DWORD PTR [ebx+68]
000e7 8b 46 04 mov eax, DWORD PTR [esi+4]
000ea 49 dec ecx
000eb 85 c8 test ecx, eax
000ed 75 69 jne SHORT $L14459
; 587 : }
; 588 :
; 589 : //
; 590 : // Get a system-space pointer to the user's buffer. A system
; 591 : // address must be used because we may already have left the
; 592 : // original caller's address space.
; 593 : //
; 594 :
; 595 : ASSERT ( Irp->MdlAddress != NULL );
; 596 : currentAddress = MmGetSystemAddressForMdlSafe( Irp->MdlAddress, NormalPagePriority );
000ef 8b 47 04 mov eax, DWORD PTR [edi+4]
000f2 f6 40 06 05 test BYTE PTR [eax+6], 5
000f6 74 05 je SHORT $L14626
000f8 8b 40 0c mov eax, DWORD PTR [eax+12]
000fb eb 10 jmp SHORT $L14627
$L14626:
000fd 6a 10 push 16 ; 00000010H
000ff 33 c9 xor ecx, ecx
00101 51 push ecx
00102 51 push ecx
00103 6a 01 push 1
00105 51 push ecx
00106 50 push eax
00107 ff 15 00 00 00
00 call DWORD PTR __imp__MmMapLockedPagesSpecifyCache@24
$L14627:
; 597 :
; 598 : //
; 599 : // The mapping request can fail if system is very low on resources.
; 600 : // Check for NULL and return approriate error status if the mapping failed
; 601 : //
; 602 :
; 603 : if ( currentAddress == NULL ) {
0010d 85 c0 test eax, eax
0010f 75 07 jne SHORT $L14469
; 604 : status = STATUS_INSUFFICIENT_RESOURCES;
; 605 : COMPLETE_REQUEST( Irp, status, information );
00111 b8 9a 00 00 c0 mov eax, -1073741670 ; c000009aH
00116 eb 45 jmp SHORT $L14668
$L14469:
; 606 : IoReleaseRemoveLock(&devExt->RemoveLock, Irp);
; 607 : DBGPRINT( DBG_COMP_READ, DBG_LEVEL_ERROR, ("Unable to get the system-space virtual address\n" ) );
; 608 : return status;
; 609 : }
; 610 :
; 611 : DBGPRINT( DBG_COMP_READ, DBG_LEVEL_VERBOSE,
; 612 : (
; 613 : "Irp of Request: %x\n"
; 614 : "Vmem Address of Transfer: %x - %x\n"
; 615 : "Length of Transfer: %d\n"
; 616 : "Operation: %x\n"
; 617 : "Starting ByteOffset: %x\n",
; 618 : Irp,
; 619 : currentAddress,
; 620 : ((PUCHAR)currentAddress) + irpStack->Parameters.Read.Length,
; 621 : irpStack->Parameters.Read.Length,
; 622 : irpStack->MajorFunction,
; 623 : irpStack->Parameters.Read.ByteOffset.LowPart
; 624 : ));
; 625 :
; 626 : information = irpStack->Parameters.Read.Length;
; 627 :
; 628 : switch (irpStack->MajorFunction) {
00118 0f b6 16 movzx edx, BYTE PTR [esi]
0011b 83 ea 03 sub edx, 3
0011e 8b 4e 04 mov ecx, DWORD PTR [esi+4]
00121 89 4d 08 mov DWORD PTR _information$[ebp], ecx
00124 74 13 je SHORT $L14481
00126 4a dec edx
00127 74 06 je SHORT $L14482
; 642 :
; 643 : default:
; 644 : information = 0;
00129 83 65 08 00 and DWORD PTR _information$[ebp], 0
; 645 : break;
0012d eb 1c jmp SHORT $L14478
$L14482:
; 635 : break;
; 636 :
; 637 : case IRP_MJ_WRITE:
; 638 : RtlMoveMemory(
; 639 : devExt->DiskImage + irpStack->Parameters.Read.ByteOffset.LowPart,
; 640 : currentAddress, irpStack->Parameters.Read.Length);
0012f 51 push ecx
00130 50 push eax
00131 8b 43 2c mov eax, DWORD PTR [ebx+44]
00134 03 46 0c add eax, DWORD PTR [esi+12]
; 641 : break;
00137 eb 08 jmp SHORT $L14669
$L14481:
; 629 :
; 630 : case IRP_MJ_READ:
; 631 : RtlMoveMemory(
; 632 : currentAddress,
; 633 : devExt->DiskImage + irpStack->Parameters.Read.ByteOffset.LowPart,
; 634 : irpStack->Parameters.Read.Length);
00139 51 push ecx
0013a 8b 4b 2c mov ecx, DWORD PTR [ebx+44]
0013d 03 4e 0c add ecx, DWORD PTR [esi+12]
00140 51 push ecx
$L14669:
00141 50 push eax
00142 ff 15 00 00 00
00 call DWORD PTR __imp__memmove
00148 83 c4 0c add esp, 12 ; 0000000cH
$L14478:
; 646 : }
; 647 :
; 648 : status = STATUS_SUCCESS;
; 649 : COMPLETE_REQUEST( Irp, status, information );
0014b 8b 45 08 mov eax, DWORD PTR _information$[ebp]
0014e 33 f6 xor esi, esi
00150 89 77 18 mov DWORD PTR [edi+24], esi
00153 89 47 1c mov DWORD PTR [edi+28], eax
00156 eb 0e jmp SHORT $L14664
$L14459:
; 569 : //
; 570 : // Do not give an I/O boost for parameter errors.
; 571 : //
; 572 : DBGPRINT( DBG_COMP_READ, DBG_LEVEL_ERROR,
; 573 : (
; 574 : "Error invalid parameter\n"
; 575 : "ByteOffset: %x\n"
; 576 : "Length: %d\n"
; 577 : "Operation: %x\n",
; 578 : irpStack->Parameters.Read.ByteOffset,
; 579 : irpStack->Parameters.Read.Length,
; 580 : irpStack->MajorFunction
; 581 : ));
; 582 :
; 583 : status = STATUS_INVALID_PARAMETER;
; 584 : COMPLETE_REQUEST( Irp, status, information );
00158 b8 0d 00 00 c0 mov eax, -1073741811 ; c000000dH
$L14668:
0015d 83 67 1c 00 and DWORD PTR [edi+28], 0
00161 89 47 18 mov DWORD PTR [edi+24], eax
00164 8b f0 mov esi, eax
$L14664:
00166 32 d2 xor dl, dl
00168 8b cf mov ecx, edi
0016a ff 15 00 00 00
00 call DWORD PTR __imp_@IofCompleteRequest@8
; 585 : IoReleaseRemoveLock(&devExt->RemoveLock, Irp);
00170 6a 18 push 24 ; 00000018H
00172 57 push edi
00173 ff 75 0c push DWORD PTR tv267[ebp]
00176 ff 15 00 00 00
00 call DWORD PTR __imp__IoReleaseRemoveLockEx@12
$L14667:
0017c 5f pop edi
; 586 : return status;
0017d 8b c6 mov eax, esi
0017f 5e pop esi
00180 5b pop ebx
; 650 : IoReleaseRemoveLock(&devExt->RemoveLock, Irp);
; 651 :
; 652 : DBGPRINT( DBG_COMP_READ, DBG_LEVEL_VERBOSE, ("ReadWrite - OUT \n" ) );
; 653 : return status;
; 654 : } // End of RamDiskReadWrite()
00181 c9 leave
00182 c2 08 00 ret 8
_RamDiskReadWrite@8 ENDP
_TEXT ENDS
PUBLIC _RamDiskQueryDiskRegParameters@8
EXTRN __imp__RtlQueryRegistryValues@20:NEAR
EXTRN __imp__RtlInitUnicodeString@8:NEAR
EXTRN __imp__RtlCopyUnicodeString@8:NEAR
; COMDAT _RamDiskQueryDiskRegParameters@8
PAGE SEGMENT
$SG14499 DB 'B', 00H, ':', 00H, 00H, 00H
ORG $+2
$SG14500 DB 'P', 00H, 'a', 00H, 'r', 00H, 'a', 00H, 'm', 00H, 'e', 00H
DB 't', 00H, 'e', 00H, 'r', 00H, 's', 00H, 00H, 00H
ORG $+2
$SG14507 DB 'D', 00H, 'i', 00H, 's', 00H, 'k', 00H, 'S', 00H, 'i', 00H
DB 'z', 00H, 'e', 00H, 00H, 00H
ORG $+2
$SG14509 DB 'R', 00H, 'o', 00H, 'o', 00H, 't', 00H, 'D', 00H, 'i', 00H
DB 'r', 00H, 'E', 00H, 'n', 00H, 't', 00H, 'r', 00H, 'i', 00H, 'e'
DB 00H, 's', 00H, 00H, 00H
ORG $+2
$SG14511 DB 'S', 00H, 'e', 00H, 'c', 00H, 't', 00H, 'o', 00H, 'r', 00H
DB 's', 00H, 'P', 00H, 'e', 00H, 'r', 00H, 'C', 00H, 'l', 00H, 'u'
DB 00H, 's', 00H, 't', 00H, 'e', 00H, 'r', 00H, 00H, 00H
$SG14513 DB 'D', 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'L', 00H
DB 'e', 00H, 't', 00H, 't', 00H, 'e', 00H, 'r', 00H, 00H, 00H
; Function compile flags: /Ogsy
_rtlQueryRegTbl$ = -76
_defDiskRegInfo$ = 92
_RegistryPath$ = 120
tv226 = 124
_DiskRegInfo$ = 124
_RamDiskQueryDiskRegParameters@8 PROC NEAR ; COMDAT
; 779 : {
00090 55 push ebp
00091 8d 6c 24 90 lea ebp, DWORD PTR [esp-112]
00095 81 ec bc 00 00
00 sub esp, 188 ; 000000bcH
0009b 53 push ebx
0009c 56 push esi
0009d 57 push edi
; 780 :
; 781 : RTL_QUERY_REGISTRY_TABLE rtlQueryRegTbl[ 5 + 1 ]; // Need 1 for NULL
; 782 : NTSTATUS status;
; 783 : DISK_INFO defDiskRegInfo;
; 784 :
; 785 : PAGED_CODE();
; 786 :
; 787 : DBGPRINT( DBG_COMP_INIT, DBG_LEVEL_VERBOSE, ("QueryDiskRegParameters \n" ) );
; 788 : ASSERT( RegistryPath->Buffer != NULL );
; 789 :
; 790 : // Set the default values
; 791 :
; 792 : defDiskRegInfo.DiskSize = DEFAULT_DISK_SIZE;
; 793 : defDiskRegInfo.RootDirEntries = DEFAULT_ROOT_DIR_ENTRIES;
; 794 : defDiskRegInfo.SectorsPerCluster = DEFAULT_SECTORS_PER_CLUSTER;
; 795 :
; 796 : RtlInitUnicodeString( &defDiskRegInfo.DriveLetter, DEFAULT_DRIVE_LETTER );
0009e 68 00 00 00 00 push OFFSET FLAT:$SG14499
000a3 8d 45 68 lea eax, DWORD PTR _defDiskRegInfo$[ebp+12]
000a6 50 push eax
000a7 c7 45 5c 00 00
10 00 mov DWORD PTR _defDiskRegInfo$[ebp], 1048576 ; 00100000H
000ae c7 45 60 00 02
00 00 mov DWORD PTR _defDiskRegInfo$[ebp+4], 512 ; 00000200H
000b5 c7 45 64 02 00
00 00 mov DWORD PTR _defDiskRegInfo$[ebp+8], 2
000bc ff 15 00 00 00
00 call DWORD PTR __imp__RtlInitUnicodeString@8
; 797 :
; 798 : RtlZeroMemory( rtlQueryRegTbl, sizeof(rtlQueryRegTbl) );
; 799 :
; 800 : //
; 801 : // Setup the query table
; 802 : //
; 803 :
; 804 : rtlQueryRegTbl[0].Flags = RTL_QUERY_REGISTRY_SUBKEY;
; 805 : rtlQueryRegTbl[0].Name = L"Parameters";
; 806 : rtlQueryRegTbl[0].EntryContext = NULL;
; 807 : rtlQueryRegTbl[0].DefaultType = (ULONG)NULL;
; 808 : rtlQueryRegTbl[0].DefaultData = NULL;
; 809 : rtlQueryRegTbl[0].DefaultLength = (ULONG)NULL;
; 810 :
; 811 : //
; 812 : // Disk paramters
; 813 : //
; 814 :
; 815 : rtlQueryRegTbl[1].Flags = RTL_QUERY_REGISTRY_DIRECT;
; 816 : rtlQueryRegTbl[1].Name = L"DiskSize";
; 817 : rtlQueryRegTbl[1].EntryContext = &DiskRegInfo->DiskSize;
000c2 8b 75 7c mov esi, DWORD PTR _DiskRegInfo$[ebp]
000c5 6a 2a push 42 ; 0000002aH
000c7 59 pop ecx
000c8 33 c0 xor eax, eax
000ca 6a 20 push 32 ; 00000020H
000cc 8d 7d b4 lea edi, DWORD PTR _rtlQueryRegTbl$[ebp]
000cf f3 ab rep stosd
000d1 59 pop ecx
; 818 : rtlQueryRegTbl[1].DefaultType = REG_DWORD;
000d2 6a 04 push 4
000d4 89 45 c0 mov DWORD PTR _rtlQueryRegTbl$[ebp+12], eax
000d7 89 45 c4 mov DWORD PTR _rtlQueryRegTbl$[ebp+16], eax
000da 89 45 c8 mov DWORD PTR _rtlQueryRegTbl$[ebp+20], eax
000dd 89 45 cc mov DWORD PTR _rtlQueryRegTbl$[ebp+24], eax
000e0 58 pop eax
000e1 89 45 e0 mov DWORD PTR _rtlQueryRegTbl$[ebp+44], eax
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -