📄 softice分析cih的结果.txt
字号:
Registers Used EAX, ECX, Flags.
WriteFile
This function is called to write to a file previously opened by OpenCreateFile.
The handle must be one returned from the OpenCreateFile service described above,
it cannot be a handle opened by issuing an int 21h. If the R0_WRITEFILE_IN_CONT
EXT function c
[EAX]
R0_WRITEFILE or R0_WRITEFILE_IN_CONTEXT
[EBX]
File handle.
[ECX]
Count of bytes to be written. This can be a full 32-bit transfer count.
[EDX]
Position in file the write operation needs to start at.
[ESI]
Flat pointer to the buffer that contains the data to be written.
?Carry flag clear, no error.
[ECX] Number of bytes actually written.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used EAX, ECX, Flags.
CloseFile
This function is called to close a file previously opened by OpenCreateFile. The
handle must be one returned from the OpenCreateFile service described above, it
cannot be a handle opened by issuing an int 21h.
[EAX]
R0_CLOSEFILE
[EBX]
File handle
?Carry flag clear, no error.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used EAX, Flags.
GetFileSize
This function is called to get the size of a file previously opened by OpenCreat
eFile. The handle must be one returned from the OpenCreateFile service described
above, it cannot be a handle opened by issuing an int 21h.
[EAX]
R0_GETFILESIZE
[EBX]
File handle
?Carry flag clear, no error.
[EAX] Size of the file in bytes.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used EAX, Flags.
FindFirstFile
This function is called to performa FindFirst operation. This function provides
the same functionalit as the FindFirst int 21h function 714Eh and supports long
filenames.
[EAX]
R0_FINDFIRSTFILE
[CX]
Must match attributes to be used for the find operation.
[ESI]
Flat pointr to pathname the find operation is to be done on.
[EDX]
Flat pointer to buffer to contain the results of the find operation. This buffer
should be in the
_WIN32_FIND_DATA structure format.
?Carry flag clear, no error.
[EAX] Find context handle to be used for a subsequent FindNextFile operation.
The find data buffer is filled in appropriately.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used EAX, Flags.
FindNextFile
This function is called to performa FindNext operation. The handle used for this
call must be one obtained by calling the FindFirstFile service described above,
it cannot be a handle obtained by issuing an int 21h call.
[EAX]
R0_FINDFIRSTFILE
[EBX]
Find context handle obtained by calling FindFirstFile.
[EDX]
Flat pointer to buffer to contain the results of the find operation. This buffer
should be in the
_WIN32_FIND_DATA structure format.
?Carry flag clear, no error.
The find data buffer is filled in appropriately.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used EAX, Flags.
FindCloseFile
This function is called to terminate a Find operation. The handle used for this
call must be one obtained by calling the FindFirstFile service described above,
it cannot be a handle obtained by issuing an int 21h call.
[EAX]
R0_FINDCLOSEFILE
[EBX]
Find context handle obtained by calling FindFirstFile.
?Carry flag clear, no error.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used EAX, Flags.
FileAttributes
This function is called to get or set the current attributes of a file. It provi
des the same functionality as the int 21h function 7143h.
[AH]
R0_FILEATTRIBUTES
[AL]
GET_ATTRIBUTES to get the attributes of a file.
SET_ATTRIBUTES to set the attributes of a file.
[CX]
Attributes of the file, valid only for the SET_ATTRIBUTES operation.
[ESI]
Flat pointer to a pathname for the file whose attributes need to be returned.
?Carry flag clear, no error.
[CX] Attributes of the file returned only on the GET_ATTRIBUTES operation.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used
EAX, ECX, Flags.
RenameFile
This function is called to rename a file. This provides the same functionality a
s the int 21h function 7156h.
[EAX]
R0_RENAMEFILE
[ESI]
Flat pointer to source pathname of filename that is to be renamed.
[EDX]
Flat pointer to destinaton pathname to which the filename is to be renamed.
?Carry flag clear, no error.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used
Flags.
DeleteFile
This function is called to delete a file. This provides the same functionality a
s the int 21h function 7141h.
[EAX]
R0_DELETEFILE
[CX]
Attributes for the delete operation. This has the search attribute and the must-
match attribute just like the int 21h, function 7141h. Refer to the documentatio
n of the int 21h function for details about the attributes.
[ESI]
Flat pointer to pathname of file(s) to be deleted. Wildcards are allowed.
?Carry flag clear, no error.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used
Flags.
LockFile
This function is called to perform record locking operations on files. This prov
ides the same functionality as the int 21h function 5Ch. The handle passed in sh
ould be obtained by calling the OpenCreateFile function described above, it cann
ot be a handle
[AH]
R0_FILELOCKS
[AL]
LOCK_REGION to take a record lock.
UNLOCK_REGION to release a record lock.
[EBX]
Handle to file.
[ECX]
Process id of the process on whose behalf the locking operation is to be issued.
[EDX]
Offset of the region that is to be locked.
[ESI]
Length of the region that is to be locked.
?Carry flag clear, no error.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used
Flags.
GetDiskFreeSpace
This function returns the current disk free space statistics. It provides the sa
me functionality as int 21h function 36h.
[EAX]
R0_GETDISKFREESPACE
[DL]
1-based driveletter whose disk freespace is desired (0 = default drive, 1= A, 2
= B,...)
?Carry flag clear, no error.
[AX] Number of sectors per cluster.
[BX] Number of available clusters on disk.
[CX] Number of bytes per sector.
[DX] Total number of clusters on disk.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used AX, BX, CX, DX, Flags.
ReadAbsoluteDisk
This function is called to read absolute sectors from the disk. It provides the
same functionality as the int 25h interface.
[AH]
R0_ABSDISKREAD
[AL]
0-based driveletter the operation is to be done on (0 = A, 1 = B,...).
[ECX]
Number of sectors to read.
[EDX]
Starting sector number for the read.
[ESI]
Flat pointer to buffer the read is to be done into.
?Carry flag clear, no error.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used
Flags.
WriteAbsoluteDisk
This function is called to write absolute sectors to the disk. It provides the s
ame functionality as the int 26h interface.
[AH]
R0_ABSDISKWRITE
[AL]
0-based driveletter the operation is to be done on (0 = A, 1 = B,...).
[ECX
Number of sectors to write.
[EDX]
Starting sector number for the write.
[ESI]
Flat pointer to buffer containing the data to be written.
?Carry flag clear, no error.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used
Flags.
IoctlHandle
This function is called to do a handle-based ioctl. It is currently used by cert
ain system components and should not be used by other VxDs. Other than the regis
ters documented here, the rest of the ioctl parameters depend on the specific io
ctl being used
[AH]
R0_IOCTLHANDLE
[AL]
Ioctl sub-function code.
[EBX]
File or device handle.
?Carry flag clear, no error.
Carry flag set, an error occurred. [AX] contains the errorcode.
Registers Used EAX, Flags.
--
※ 来源: 中国科大BBS站 [bbs.ustc.edu.cn]
--
天生我才,就做一篇锦绣文章。
风起云涌,就挽一回狂澜巨浪。
成也堂堂!
败也堂堂!
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -