📄 softice.h
字号:
//////////////////////////////////////////////////////////////////////////////
// pIRQ2INT
//////////////////////////////////////////////////////////////////////////////
#define OFS_IRQ2INT 0
#define TYPE_IRQ2INT (VOID(__stdcall*)(VOID))
UCHAR PAT_IRQ2INT[] =
{
0x80, 0x3D, _XX_, _XX_, _XX_, _XX_, 0x00, // cmp fAPIC, 0
0x74, _XX_, // jz short loc_3177D
0x83, 0xF8, 0x10, // cmp eax, 10h
0x73, _XX_, // jnb short loc_3175B
0x0F, 0xB6, 0x80, _XX_, _XX_, _XX_, _XX_, // movzx eax, byte ptr unk_AEAAF[eax]
0xC3, // retn
//loc_3175B:
0x53, // push ebx
0x51, // push ecx
0x8B, 0x0D, _XX_, _XX_, _XX_, _XX_, // mov ecx, dword_AEABF
0x33, 0xDB // xor ebx, ebx
};
//////////////////////////////////////////////////////////////////////////////
// __chkstk
//////////////////////////////////////////////////////////////////////////////
#define OFS__chkstk 10
/*
* SoftICE has a bug in __chkstk implementation that leads to BSOD if KDE
* calls this function. Fix bug, so that my MP3 decoder can work correctly
*/
UCHAR PAT__chkstk[] =
{
0x8B, 0x0C, 0x24, // mov ecx, [esp+0]
0x8B, 0xD4, // mov edx, esp
0x83, 0xC2, 0x04, // add edx, 4
0x2B, 0xD0, // sub edx, eax
0x8B, 0xE0, // mov esp, eax ; BUG!! should be 'mov esp, EDX'
0x51, // push ecx
0xC3 // retn
};
//////////////////////////////////////////////////////////////////////////////
// IceIsActive
//////////////////////////////////////////////////////////////////////////////
#define OFS_IceIsActive 23
UCHAR PAT_IceIsActive[] =
{
0x2E, 0x80, 0x3D, _XX_, _XX_, _XX_, _XX_, 0x01, // cmp cs:VidDrv_IsInactive, 1
0x74, _XX_, // jz short locret_2EF15
//pIRQ_0C:
0x2E, 0x80, 0x3D, _XX_, _XX_, _XX_, _XX_, 0x01, // cmp cs:fVER_TOUCH, 1
0x74, _XX_, // jz short locret_2EF15
0x2E, 0x80, 0x3D, _XX_, _XX_, _XX_, _XX_, 0x00, // cmp cs:IceIsActive, 0
0x75, _XX_, // jnz short loc_2EF16
0x2E, 0x80, 0x3D, _XX_, _XX_, _XX_, _XX_, 0x00 // cmp cs:byte_AC5A3, 0
};
//////////////////////////////////////////////////////////////////////////////
// SendSpecificEOI
//////////////////////////////////////////////////////////////////////////////
#define OFS_SendSpecificEOI 0
#define TYPE_SendSpecificEOI (VOID(__stdcall*)(VOID))
UCHAR PAT_SendSpecificEOI[] =
{
0x50, // push eax
0x2E, 0x80, 0x3D, _XX_, _XX_, _XX_, _XX_, 0x00, // cmp cs:fAPIC, 0
0x74, _XX_, // jz short loc_317FD
0xA1, _XX_, _XX_, _XX_, _XX_, // mov eax, localAPICregisters
0x05, 0xB0, 0x00, 0x00, 0x00, // add eax, 0B0h
0xC7, 0x00, 0x00, 0x00, 0x00, 0x00, // mov dword ptr [eax], 0
0xEB, _XX_, // jmp short loc_31802
//loc_317FD:
0xE8, _XX_, _XX_, _XX_, _XX_, // call pSendSpecificEOI_
//loc_31802:
0x58, // pop eax
0xC3 // retn
};
//////////////////////////////////////////////////////////////////////////////
// pINT_0E
//////////////////////////////////////////////////////////////////////////////
#define OFS_INT_0E 0
#define TYPE_INT_0E (VOID(__stdcall*)(VOID))
UCHAR PAT_INT_0E[] =
{
0x6A, 0x0E, // push 0Eh
0xE8, _XX_, _XX_, _XX_, _XX_, // call pGeneralProtectionFault
0x8D, 0x64, 0x24, 0x04, // lea esp, [esp+4]
0x81, 0x64, 0x24, 0x0C, 0xFF, 0xFF, 0xFE, 0xFF // and dword ptr [esp+12], 0FFFEFFFFh
};
//////////////////////////////////////////////////////////////////////////////
// pBangFuncsArray
// dKDEFuncNum
//////////////////////////////////////////////////////////////////////////////
#define OFS_BangFuncsArray 3
#define OFS_KDEFuncNum 30
#define TYPE_BangFuncsArray (PUCHAR)
UCHAR PAT_BangFuncsArray[] =
{
0x6A, 0x30, // push 48
0xBF, _XX_, _XX_, _XX_, _XX_, // mov edi, offset bang_funcs_array
0x5E, // pop esi
//print_bang_funcs:
0xFF, 0x77, 0xFC, // push dword ptr [edi-4]
0x57, // push edi
0x68, _XX_, _XX_, _XX_, _XX_, // push offset a20s08x_10 ; "%-20s %08x"
0xE8, _XX_, _XX_, _XX_, _XX_, // call pPrintErrorMessage2
0x83, 0xC4, 0x0C, // add esp, 0Ch
0x43, // inc ebx
0x03, 0xFE, // add edi, esi
0x3B, 0x1D, _XX_, _XX_, _XX_, _XX_ // cmp ebx, KDEFuncNum
};
#define OFS_BangFuncsArray_DS32 7
#define OFS_KDEFuncNum_DS32 38
UCHAR PAT_BangFuncsArray_DS32[] =
{
0x0F, 0x86, _XX_, _XX_, _XX_, _XX_, // jbe loc_9C692
0xBF, _XX_, _XX_, _XX_, _XX_, // mov edi, offset bang_funcs_array
0xBE, _XX_, _XX_, _XX_, _XX_, // mov esi, 10Ch
//loc_9C390:
0xFF, _XX_, _XX_, // push dword ptr [edi-4]
0x57, // push edi
0x68, _XX_, _XX_, _XX_, _XX_, // push offset asc_9C148 ; "%-20s %08x"
0xE8, _XX_, _XX_, _XX_, _XX_, // call pPrintErrorMessage2
0x83, _XX_, _XX_, // add esp, 0Ch
0x43, // inc ebx
0x03, 0xFE, // add edi, esi
0x3B, 0x1D, _XX_, _XX_, _XX_, _XX_ // cmp ebx, KDEFuncNum
};
//////////////////////////////////////////////////////////////////////////////
// pProcessIF
//////////////////////////////////////////////////////////////////////////////
#define TYPE_ProcessIF (ULONG (__stdcall*)(PCHAR))
#define OFS_ProcessIF 15
UCHAR PAT_ProcessIF[] =
{
0x66, 0x0D, 0x20, 0x20, // or ax, 2020h
0x66, 0x3D, 0x69, 0x66, // cmp ax, 'fi'
0x75, _XX_, // jnz short loc_A3289
//parse_BP_condition:
0x8D, 0x46, 0x02, // lea eax, [esi+2]
0x50, // push eax
0xE8, _XX_, _XX_, _XX_,_XX_, // call pProcessIFstatement
0x85, 0xC0, // test eax, eax
0x74, _XX_ // jz short loc_A32C1
};
//////////////////////////////////////////////////////////////////////////////
// pClearCompiledIF
//////////////////////////////////////////////////////////////////////////////
#define TYPE_ClearCompiledIF (VOID (__stdcall*)(ULONG))
#define OFS_ClearCompiledIF 24
UCHAR PAT_ClearCompiledIF[] =
{
0xB8, _XX_, _XX_, _XX_, _XX_, // mov eax, offset aSyntaxError ; "Syntax error"
0x8B, 0xF0, // mov esi, eax
0xE8, _XX_, _XX_, _XX_, _XX_, // call sub_3CADA
//
//loc_43BCD:
0x8B, 0x83, _XX_, _XX_, _XX_, _XX_, // mov eax, dword ptr ds:byte_D87F7[ebx]
0x0B, 0xC0, // or eax, eax
0x74, 0x06, // jz short loc_43BDD
0x50, // push eax
0xE8, _XX_, _XX_, _XX_, _XX_ // call pClearCompiledIF
//loc_43BDD:
};
#define OFS_ClearCompiledIF_DS32 21
UCHAR PAT_ClearCompiledIF_DS32[] =
{
0xB8, _XX_, _XX_, _XX_, _XX_, // mov eax, offset aSyntaxError ; "Syntax error"
0x8B, 0xF0, // mov esi, eax
0xE8, _XX_, _XX_, _XX_, _XX_, // call pPrintErrorMessage
//
//loc_A6F05::
0x8B, 0x43, 0x37, // mov eax, [ebx+37h]
0x0B, 0xC0, // or eax, eax
0x74, 0x06, // jz short loc_A6F12
0x50, // push eax
0xE8, _XX_, _XX_, _XX_, _XX_ // call pClearCompiledIF
//loc_A6F12:
};
//////////////////////////////////////////////////////////////////////////////
// pCheckCondition
//////////////////////////////////////////////////////////////////////////////
#define TYPE_CheckCondition (BOOLEAN (__stdcall*)(ULONG))
#define OFS_CheckCondition 1
UCHAR PAT_CheckCondition[] =
{
0xE8, _XX_, _XX_, _XX_, _XX_, // call pCheckCondition
0x72, _XX_, // jb short condition_not_met
0xC7, 0x83, _XX_, _XX_, _XX_, _XX_, 0x00, 0x00, 0x00, 0x00, // mov dBP_StatusCode[ebx], 0
0x85, 0xC0, // test eax, eax
0x75, _XX_, // jnz short condition_met
//condition_not_met:
0xFF, 0x83, _XX_, _XX_, _XX_, _XX_, // inc dBP_TotalMissesCount[ebx]
0xFF, 0x83, _XX_, _XX_, _XX_, _XX_ // inc dBP_CurrentMissesCount[ebx]
};
UCHAR PAT_CheckCondition_DS32[] =
{
0xE8, _XX_, _XX_, _XX_, _XX_, // call pCheckCondition
0x72, 0x0B, // jb short loc_A56D5
0xC7, 0x43, _XX_, 0x00, 0x00, 0x00, 0x00, // mov dword ptr [ebx+5Fh], 0
0x85, 0xC0, // test eax, eax
0x75, _XX_, // jnz short loc_A56EE
//loc_A56D5:
0xFF, 0x43, _XX_, // inc dword ptr [ebx+57h]
0xFF, 0x43, _XX_ // inc dword ptr [ebx+5Bh]
//loc_A56D5:
};
//////////////////////////////////////////////////////////////////////////////
// pQueueMacroExec
//////////////////////////////////////////////////////////////////////////////
#define OFS_QueueMacroExec 15
#define OFS_fMacroQueued 25
UCHAR PAT_QueueMacro[] =
{
0x89, 0x91, _XX_, _XX_, _XX_, _XX_, // mov ds:param_No[ecx], edx
0x75, 0x19, // jnz short loc_626EF
0xE8, _XX_, _XX_, _XX_, _XX_, // call pSomeErrIDhandling
0xC7, 0x05, _XX_, _XX_, _XX_, _XX_, _XX_, _XX_, _XX_, _XX_, // mov ds:oExecuteMacro, offset pExecuteMacro_
0xC7, 0x05, _XX_, _XX_, _XX_, _XX_, 0x01, 0x00, 0x00, 0x00, // mov ds:fExecuteMacro?, 1
0x33, 0xC0 // xor eax, eax
};
//////////////////////////////////////////////////////////////////////////////
// pPatchDE
//////////////////////////////////////////////////////////////////////////////
#define OFS_PatchDE_JZ 9
UCHAR PAT_PatchDE[] =
{
0xE2, _XX_, // loop loc_A2228
0xF6, 0x05, _XX_, _XX_, _XX_, _XX_, 0x02, // test dw_cr4_flags?, 2
0x74, 0x09, // jz short loc_A2276
0x0F, 0x20, 0xE0, // mov eax, cr4
0x83, 0xC8, 0x08, // or eax, 8
0x0F, 0x22, 0xE0 // mov cr4, ea⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -