📄 vxdmon.lst
字号:
BeginProc VXDMHLP_Device_Exit
00000427 1 ?prolog_VXDMHLP_Device_Exit label near
00000427 00000427 1 VXDMHLP_Device_Exit proc near
; clear error condition
00000427 C7 05 00000124 R mov FixRetErr, 0
00000000
; iterate until no more services are hooked
00000431 unhookall_loop:
00000431 8B 3D 0000018C R mov edi, [HookUsed]
; check for end of list
00000437 83 FF 00 cmp edi, 0
0000043A 74 2B je unhookall_done
; unhook the service
0000043C 8B 07 mov eax, [edi].SS_Ordinal
0000043E E8 FFFFFEFF call internal_unhookservice
00000443 73 EC jnc unhookall_loop
00000445 83 3D 00000128 R cmp IoctlError, VXDMHLP_ERROR_UNHOOK
06
0000044C 75 0A jne unhookdel
; major error - can't unload
0000044E C7 05 00000124 R mov FixRetErr, 1
00000001
00000458 unhookdel:
; It wasn't found on the list. Just delete it and move on.
00000458 A1 0000018C R mov eax, [HookUsed]
0000045D 8B 47 04 mov eax, [edi].SS_Next
00000460 A3 0000018C R mov [HookUsed], eax
00000465 EB CA jmp unhookall_loop
00000467 unhookall_done:
; Locate all VxD calls that haven't yet returned, and change their
; stack so they return to their original callers instead of MonExit.
00000467 8D 3D 000001A9 R lea edi, ReturnTable
0000046D B9 00000190 mov ecx, MaxReturn
00000472 fixret_loop:
; iterate over return structures
00000472 8B 47 0D mov eax, [edi].RetTemplateSP ; fetch stack pointer
00000475 0B C0 or eax, eax ; check if in use
00000477 74 3C jz fixret_continue
; ensure stack is still in use (heuristic approach)
00000479 C1 E8 0C shr eax, 12
0000047C 51 push ecx
VMMcall _PageCheckLinRange, <eax, 1, 0>
0000047D 6A 00 6 push 0
0000047F 6A 01 6 push 1
00000481 50 6 push eax
00000482 CD 20 2 int Dyna_Link_Int
00000484 00010067 3 dd @@_PageCheckLinRange+0
00000488 83 C4 0C 3 add esp,??_argc * 4
0000048B 59 pop ecx
0000048C 0B C0 or eax, eax
0000048E 74 25 jz fixret_continue
00000490 FA cli
00000491 8B 47 0D mov eax, [edi].RetTemplateSP ; fetch stack pointer
; make sure it points at a return template
00000494 8B 10 mov edx, [eax] ; get return address
00000496 81 EA 000001A9 R sub edx, offset32 ReturnTable
0000049C 81 FA 00002EE0 cmp edx, RetTableSize ; within return table?
000004A2 72 0C jb fixret_okay
000004A4 C7 05 00000124 R mov FixRetErr, 1
00000001
000004AE EB 05 jmp fixret_continue
000004B0 fixret_okay:
; patch return address
000004B0 8B 57 09 mov edx, [edi].RetTemplateOrigAddr ; fetch original return addr
000004B3 89 10 mov [eax], edx ; restore original return addr
000004B5 fixret_continue:
000004B5 FB sti
000004B6 81 C7 00000019 add edi, RetTemplateLen
000004BC E2 B4 loop fixret_loop
; Free the memory we were using if no errors
000004BE F9 stc
000004BF 83 3D 00000124 R cmp FixRetErr, 1 ; clears carry???
01
000004C6 74 12 je nofree
VMMcall _PageFree, <[HookTable], 0>
000004C8 6A 00 6 push 0
000004CA FF 35 00000184 R 6 push [HookTable]
000004D0 CD 20 2 int Dyna_Link_Int
000004D2 00010055 3 dd @@_PageFree+0
000004D6 83 C4 08 3 add esp,??_argc * 4
000004D9 F8 clc
000004DA nofree:
000004DA C3 ret
EndProc VXDMHLP_Device_Exit
000004DB 1 VXDMHLP_Device_Exit endp
000004DB
VXD_LOCKED_CODE_ENDS
000004DB 04DB 1 _LTEXT ENDS
;============================================================================
; D E V I C E I N I T I A L I Z A T I O N C O D E
;============================================================================
VXD_ICODE_SEG
00000000 1 _ITEXT SEGMENT
;============================================================================
;
; VXDMHLP_Device_Init - VXDMHLP Initialization
;
;
; Entry: ebx -> System VM handle (not used)
; edx -> Reference data from real mode init portion
;
; Exit: If successful then
; Carry flag is clear
; else
; Carry flag is set to indicate an error -- Device not initialized
;
;============================================================================
00000000 56 78 44 20 4D VXDMHLPCaption db "VxD Monitor",0
6F 6E 69 74 6F
72 00
0000000C 20 20 20 20 20 VXDMHLPMessage db " Loading...",0
20 20 20 20 20
20 20 20 20 20
20 20 20 20 20
20 20 20 20 20
20 20 20 20 20
20 20 20 4C 6F
61 64 69 6E 67
2E 2E 2E 00
00000038
BeginProc VXDMHLP_Device_Init
00000038 1 ?prolog_VXDMHLP_Device_Init label near
00000038 00000038 1 VXDMHLP_Device_Init proc near
if 0
endif
; determine if we have cpuid instruction
00000038 FA cli ; disable interrupts
00000039 9C pushfd ; push flags
0000003A 58 pop eax ; pop flags
0000003B 8B D0 mov edx, eax ; save original flags
0000003D 35 00200000 xor eax, 200000h ; toggle bit 21
00000042 50 push eax ; push toggled flags
00000043 9D popfd ; load toggled flags
00000044 9C pushfd ; push toggled flags
00000045 58 pop eax ; pop toggled flags
00000046 52 push edx ; push orig flags
00000047 9D popfd ; restore orig flags
00000048 FB sti ; enable interrupts
00000049 3B C2 cmp eax, edx ; did bit 21 change
0000004B 74 0E je nonpentium ; can't change means no cpuid instr
; we have cpuid
0000004D B8 00000001 mov eax, 1 ; request family id
00000052 0F A2 db 0Fh, 0A2h ; CPUID
00000054 3D 00000500 cmp eax, 500h ; test for pentium family
00000059 73 19 jae pentium ; if so, we're OK
; otherwise blot out the rdtsc instructions
; have to zero all rdtsc instructions
0000005B nonpentium:
0000005B B8 C033D233 mov eax, 0C033D233h ; xor eax, eax ; xor edx, edx
00000060 A3 00000039 R mov dword ptr rdts1, eax
00000065 A3 0000005C R mov dword ptr rdts2, eax
0000006A A3 0000039C R mov dword ptr rdts3, eax
0000006F A3 000003AF R mov dword ptr rdts4, eax
00000074 pentium:
; Initialize
00000074 E8 00000117 R call InitHookTable
00000079 E8 00000178 R call InitReturnTable
; Ready to go
0000007E F8 clc
0000007F C3 ret
EndProc VXDMHLP_Device_Init
00000080 1 VXDMHLP_Device_Init endp
00000080
VXD_ICODE_ENDS
00000080 0080 1 _ITEXT ENDS
end
Microsoft (R) Macro Assembler Version 6.11d 04/29/01 18:30:51
VXDMHLP - VXDMHLP VxD Symbols 2 - 1
Macros:
N a m e Type
?ASYNC_SERVICE_BeginProc . . . . Proc
?CCALL_BeginProc . . . . . . . . Proc
?ESP_BeginProc . . . . . . . . . Proc
?FASTCALL_BeginProc . . . . . . Proc
?HIGH_FREQ_BeginProc . . . . . . Proc
?HOOK_PROC_BeginProc . . . . . . Proc
?ICALL_BeginProc . . . . . . . . Proc
?LOCAL_BeginProc . . . . . . . . Proc
?NEVER_REENTER_BeginProc . . . . Proc
?NOT_SWAPPING_BeginProc . . . . Proc
?NO_LOG_BeginProc . . . . . . . Proc
?NO_PROFILE_BeginProc . . . . . Proc
?NO_PROLOG_BeginProc . . . . . . Proc
?NO_TEST_CLD_BeginProc . . . . . Proc
?PCALL_BeginProc . . . . . . . . Proc
?PUBLIC_BeginProc . . . . . . . Proc
?SCALL_BeginProc . . . . . . . . Proc
?SERVICE_BeginProc . . . . . . . Proc
?TEST_BLOCK_BeginProc . . . . . Proc
?TEST_REENTER_BeginProc . . . . Proc
?W32SVC_BeginProc . . . . . . . Proc
?_BeginProc_Debug_Prologue . . . Proc
?_BeginProc . . . . . . . . . . Proc
?argvar . . . . . . . . . . . . Proc
?arg . . . . . . . . . . . . . . Proc
?merge . . . . . . . . . . . . . Proc
?setname . . . . . . . . . . . . Proc
?toupper . . . . . . . . . . . . Proc
ArgVar . . . . . . . . . . . . . Proc
BST2 . . . . . . . . . . . . . . Proc
BeginDoc . . . . . . . . . . . . Proc
BeginMsg . . . . . . . . . . . . Proc
BeginProc . . . . . . . . . . . Proc
Begin_Service_Table . . . . . . Proc
Begin_Win32_Services . . . . . . Proc
ClearCParams . . . . . . . . . . Proc
CodeLockFlags . . . . . . . . . Proc
Declare_Win32_Service . . . . . Proc
DefLockableCodeBegin . . . . . . Proc
DefLockableCodeEnd . . . . . . . Proc
DefineVxDName . . . . . . . . . Proc
Dword_Align . . . . . . . . . . Proc
EndDoc . . . . . . . . . . . . . Proc
EndMsg . . . . . . . . . . . . . Proc
EndProc . . . . . . . . . . . . Proc
End_Service_Table . . . . . . . Proc
End_Win32_Services . . . . . . . Proc
EnterProc . . . . . . . . . . . Proc
Fatal_Error . . . . . . . . . . Proc
GetVxDServiceAddress . . . . . . Proc
GetVxDServiceOrdinal . . . . . . Proc
IO_Delay . . . . . . . . . . . . Proc
IncProfileCount . . . . . . . . Proc
LeaveProc . . . . . . . . . . . Proc
LocalVar . . . . . . . . . . . . Proc
MakeCodeSeg . . . . . . . . . . Proc
MarkCodeLocked . . . . . . . . . Proc
MarkCodeUnlocked . . . . . . . . Proc
PushCParams . . . . . . . . . . Proc
Return . . . . . . . . . . . . . Proc
VMM_FastCall_Service . . . . . . Proc
VMM_Service . . . . . . . . . . Proc
VMM_StdCall_Service . . . . . . Proc
VxD_DOSVM_CODE_ENDS . . . . . . Proc
VxD_DOSVM_CODE_SEG . . . . . . . Proc
VxD_INT21_CODE_ENDS . . . . . . Proc
VxD_INT21_CODE_SEG . . . . . . . Proc
VxD_L0CKABLE_BEGIN_CODE_ENDS . . Proc
VxD_L0CKABLE_BEGIN_CODE_SEG . . Proc
VxD_LOCKABLE_CODE_ENDS . . . . . Proc
VxD_LOCKABLE_CODE_SEG . . . . . Proc
VxD_LOCKABLE_END_CODE_ENDS . . . Proc
VxD_LOCKABLE_END_CODE_SEG . . . Proc
VxD_PNP_CODE_ENDS . . . . . . . Proc
VxD_PNP_CODE_SEG . . . . . . . . Proc
VxD_RARE_CODE_ENDS . . . . . . . Proc
VxD_RARE_CODE_SEG . . . . . . . Proc
VxD_SYSEXIT_CODE_ENDS . . . . . Proc
VxD_SYSEXIT_CODE_SEG . . . . . . Proc
VxD_THCREATE_CODE_ENDS . . . . . Proc
VxD_THCREATE_CODE_SEG . . . . . Proc
VxD_THDESTROY_CODE_ENDS . . . . Proc
VxD_THDESTROY_CODE_SEG . . . . . Proc
VxD_VMCREATE_CODE_ENDS . . . . . Proc
VxD_VMCREATE_CODE_SEG . . . . . Proc
VxD_VMDESTROY_CODE_ENDS . . . . Proc
VxD_VMDESTROY_CODE_SEG . . . . . Proc
VxD_VMRESUME_CODE_ENDS . . . . . Proc
VxD_VMRESUME_CODE_SEG . . . . . Proc
VxD_VMSUSPEND_CODE_ENDS . . . . Proc
VxD_VMSUSPEND_CODE_SEG . . . . . Proc
VxD_W16_CODE_ENDS . . . . . . . Proc
VxD_W16_CODE_SEG . . . . . . . . Proc
VxD_W32_CODE_ENDS . . . . . . . Proc
VxD_W32_CODE_SEG . . . . . . . . Proc
Win32call . . . . . . . . . . . Proc
Structures and Unions:
N a m e Size
Offset Type
DemandInfoStruc . . . . . . . . 0040
DILin_Total_Count . . . . . . 0000 DWord
DIPhys_Count . . . . . . . . . 0004 DWord
DIFree_Count . . . . . . . . . 0008 DWord
DIUnlock_Count . . . . . . . . 000C DWord
DILinear_Base_Addr . . . . . . 0010 DWord
DILin_Total_Free . . . . . . . 0014 DWord
DIPage_Faults . . . . . . . . 0018 DWord
DIPage_Ins . . . . . . . . . . 001C DWord
DIPage_Outs . . . . . . . . . 0020 DWord
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -