📄 ntldr其他相关函数分析.mht
字号:
<LI><A=20
=
href=3D"http://blog.zndev.com/blog.php?do=3Dlist&uid=3D356&m=3D6&=
amp;y=3D2008">2008=C4=EA6=D4=C2</A>=20
<LI><A=20
=
href=3D"http://blog.zndev.com/blog.php?do=3Dlist&uid=3D356&m=3D7&=
amp;y=3D2008">2008=C4=EA7=D4=C2</A>=20
<LI><A=20
=
href=3D"http://blog.zndev.com/blog.php?do=3Dlist&uid=3D356&m=3D8&=
amp;y=3D2008">2008=C4=EA8=D4=C2</A>=20
<LI><A=20
=
href=3D"http://blog.zndev.com/blog.php?do=3Dlist&uid=3D356&m=3D9&=
amp;y=3D2008">2008=C4=EA9=D4=C2</A>=20
<LI><A=20
=
href=3D"http://blog.zndev.com/blog.php?do=3Dlist&uid=3D356&m=3D10=
&y=3D2008">2008=C4=EA10=D4=C2</A>=20
<LI><A=20
=
href=3D"http://blog.zndev.com/blog.php?do=3Dlist&uid=3D356&m=3D11=
&y=3D2008">2008=C4=EA11=D4=C2</A>=20
<LI><A=20
=
href=3D"http://blog.zndev.com/blog.php?do=3Dlist&uid=3D356&m=3D12=
&y=3D2008">2008=C4=EA12=D4=C2</A>=20
<LI><A=20
=
href=3D"http://blog.zndev.com/blog.php?do=3Dlist&uid=3D356&m=3D1&=
amp;y=3D2009">2009=C4=EA1=D4=C2</A>=20
<LI><A=20
=
href=3D"http://blog.zndev.com/blog.php?do=3Dlist&uid=3D356&m=3D2&=
amp;y=3D2009">2009=C4=EA2=D4=C2</A>=20
</LI></UL></DIV><!--end archive--><!--begin search-->
<DIV class=3Dbox>
<H2>=CE=C4=D5=C2=CB=D1=CB=F7</H2>
<FORM action=3Dsearch.php?action=3Ddosearch& method=3Dpost =
target=3D_blank><INPUT=20
type=3Dhidden value=3D356 name=3Dschuid> <INPUT type=3Dhidden =
value=3Dblog name=3Dtypes>=20
<DIV class=3Dtext><LABEL><INPUT class=3Dip size=3D15 name=3Dkeyword> =
<INPUT class=3Dbt type=3Dsubmit value=3D" Go " name=3Dsubmit>=20
</LABEL></DIV></FORM></DIV><!--end search--></DIV>
<SCRIPT language=3DJavaScript>
function upleft(id){
var obj =3D GE('bloglist');
var objs =3D obj.getElementsByTagName('li');
for (var i=3D0;i<objs.length;i++) {
if (objs[i].lastChild.tagName =3D=3D 'UL') {
if (objs[i].id=3D=3Did) {
if (objs[i].lastChild.style.display !=3D 'none') {
objs[i].lastChild.style.display =3D 'none';
} else {
objs[i].lastChild.style.display =3D '';
}
} else {
objs[i].lastChild.style.display =3D 'none';
}
}
}
}
function cgpic(aid){
var obj =3D GE('photo_img');
var obja =3D obj.getElementsByTagName('a');
var objimg =3D obja[0].getElementsByTagName('img');
var newaid =3D GE(aid).src;
if (GE(aid).src) {
newaid =3D newaid.replace(/\_thumb/ig,'');
if (objimg[0].src=3D=3D'' || objimg[0].src !=3D newaid) {
objimg[0].src =3D newaid;
}
=09
if (obja[0].href !=3D objimg[0].src) {
obja[0].href =3D objimg[0].src;
}
}
return;
}
function externallinks() {
if (!document.getElementsByTagName) {
return;
}
var obja =3D document.getElementsByTagName("a");
for (var i=3D0; i<obja.length; i++) {
var obj =3D obja[i];
if (obj.getAttribute("href") && obj.getAttribute("rel") =3D=3D =
"external") {
obj.target =3D "_blank";
}
}
}
</SCRIPT>
<!--begin main-->
<DIV class=3Dright id=3Dmain>
<DIV class=3Dbox>
<H2>=C8=D5=D6=BE=CE=C4=D5=C2</H2><!--begin-->
<DIV class=3Dtext>
<DIV class=3Dgray>2006-07-26</DIV>
<H3>ntldr=C6=E4=CB=FB=CF=E0=B9=D8=BA=AF=CA=FD=B7=D6=CE=F6 </H3>
<TABLE class=3Dblog-content>
<TBODY>
<TR>
<TD>
<P>EXPORT_ENTRY_MACRO=BA=EA=BA=AF=CA=FD=B7=D6=CE=F6=A3=BA<SPAN =
style=3D"DISPLAY: none"> =1F=3DgO=0EL=07]=13-=20
</SPAN> <BR>;++<SPAN style=3D"DISPLAY: none"> =
=05G=08l=06=3D8|`@=20
</SPAN> <BR>; =
=B8=C3=BA=EA=BA=AF=CA=FD=B8=BA=D4=F0=D4=DA=B4=D3 32bit=C7=D0=BB=BB=BB=D8 =
16bit=A3=A8Su =
module=A3=A9=C7=B0=D7=F6=D2=BB=D0=A9=D7=BC=B1=B8=B9=A4=D7=F7<SPAN=20
style=3D"DISPLAY: none"> @Z=0E=18=181Au16 </SPAN> <BR>;=20
EXPORT_ENTRY_MACRO<SPAN style=3D"DISPLAY: none"> l3HEX=0E8}O=20
</SPAN> <BR>;<SPAN style=3D"DISPLAY: none"> =
G=1Ec=18=13=1C|2:~=20
</SPAN> <BR>; Output:<SPAN style=3D"DISPLAY: none"> =
7V=05s?=17 >~u=20
</SPAN> <BR>;<SPAN style=3D"DISPLAY: none"> `=1Et=16qS)HpU=20
</SPAN> <BR>; (ebx) =3D pointer to stack frame =
(and top=20
of 32bit stack).<SPAN style=3D"DISPLAY: none"> ,im|GdPf=1C-=20
</SPAN> <BR>;<SPAN style=3D"DISPLAY: none"> =053 =
=06=04vN=13?&=20
</SPAN> <BR><SPAN style=3D"DISPLAY: none">=07=1F!@ =1B=1ER=03 =
</SPAN> <BR>EXPORT_ENTRY_MACRO macro entryname<SPAN=20
style=3D"DISPLAY: none"> DUQIGc=1C=02j </SPAN> <BR> =
LOCAL=20
exp1<SPAN style=3D"DISPLAY: none"> =1B?g*Lt=06T=18#=20
</SPAN> <BR>_TEXT32 segment para use32 public 'CODE'<SPAN=20
style=3D"DISPLAY: none"> f:nb@73=17J+ </SPAN> <BR> =
ASSUME=20
CS:_TEXT32<SPAN style=3D"DISPLAY: none"> I=13tbLP=15=11Ca =
</SPAN> <BR>ALIGN=20
4<SPAN style=3D"DISPLAY: none"> =01=16~~$=11?Xxd =
</SPAN> <BR>Public=20
EntryName<SPAN style=3D"DISPLAY: none"> T-=19B=07=1EQI2W=20
</SPAN> <BR>EntryName LABEL near<SPAN style=3D"DISPLAY: =
none">=20
=12h7mAm<3%8 </SPAN> <BR>;<SPAN style=3D"DISPLAY: none"> =
[e5K{ =17,=17j=20
</SPAN> <BR>; =CE=D2=C3=C7=BD=AB 32bit CS:EIP =
=C7=D0=BB=BB=CE=AA 16bit CS:IP<SPAN=20
style=3D"DISPLAY: none"> 4CJ 1F=134=16Z </SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">L j+Q} D~/ </SPAN> <BR> =
push=20
dword ptr SuCodeSelector =
;=B4=FA=C2=EB=B6=CE=D1=A1=D4=F1=C6=F7=D1=B9=D5=BB<SPAN style=3D"DISPLAY: =
none">=20
=1Bj[V=3Do=04 fc </SPAN> <BR> push dword =
ptr (offset=20
exp1) ;=C6=AB=D2=C6=B5=D8=D6=B7=D1=B9=D5=BB<SPAN =
style=3D"DISPLAY: none"> Rm?=03(jR=1AEO=20
</SPAN> <BR><SPAN style=3D"DISPLAY: none">"|=06z9=11%U1=07=20
</SPAN> <BR> retf =
;=CC=F8=D7=AA=A3=AC=D5=E2=D1=F9=BF=C9=D2=D4=D4=DA CS:IP =
=B5=C4=C4=A3=CA=BD=CF=C2=D6=B4=D0=D0=CF=C2=C3=E6=B5=C4=B4=FA=C2=EB<SPAN=20
style=3D"DISPLAY: none"> dj=04g=02=1A6; U </SPAN> <BR>_TEXT32 =
ends<SPAN=20
style=3D"DISPLAY: none"> =08)^[=1CF=0Fp=102 =
</SPAN> <BR> ASSUME=20
CS:_TEXT<SPAN style=3D"DISPLAY: none"> NW=1B=13fpN=05_ =
</SPAN> <BR>ALIGN=20
4<SPAN style=3D"DISPLAY: none"> <y=1E(=15#.5*=1A =
</SPAN> <BR>exp1:<SPAN=20
style=3D"DISPLAY: none"> #xr=1B37J"kP </SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> y=05I'z1ru=08: </SPAN> <BR>;=20
=
=B1=A3=B4=E6=B8=F7=B8=F6=BC=C4=B4=E6=C6=F7=A3=AC=CC=D8=B1=F0=CA=C7ebp=A1=A2=
esp=BC=C4=B4=E6=C6=F7<SPAN style=3D"DISPLAY: none"> ei ;Y-=11n=16o=20
</SPAN> <BR>;<SPAN style=3D"DISPLAY: none"> \=0EZi3c'vqa=20
</SPAN> <BR><SPAN style=3D"DISPLAY: none">n9TPF%8Y#=05=20
</SPAN> <BR> push ebp<SPAN =
style=3D"DISPLAY: none">=20
=07/T +=16w>m </SPAN> <BR> push =
ebx<SPAN=20
style=3D"DISPLAY: none"> uo/w^3*/;` </SPAN> <BR> =
push=20
esi<SPAN style=3D"DISPLAY: none"> =0EA.iG*2 Ui =
</SPAN> <BR> =20
push edi<SPAN style=3D"DISPLAY: none"> =
f=01jMQr=04iNL=20
</SPAN> <BR> mov ebx,esp<SPAN=20
style=3D"DISPLAY: none"> h`=01l6@sOp </SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> =1EJwW"o;^lz </SPAN> <BR>; =
=BC=D3=D4=D8=CB=F9=D3=D0=B5=C4=B6=CE=BC=C4=B4=E6=C6=F7=A3=AC=B2=A2=BD=AB=C6=
=E4=B8=C4=B1=E4=CE=AA=20
16bit =B5=C4=B6=CE=D1=A1=D4=F1=C6=F7<SPAN style=3D"DISPLAY: none"> =
&/_hA# =01N=20
</SPAN> <BR>;<SPAN style=3D"DISPLAY: none"> Og=3D5yOg <=20
</SPAN> <BR> mov ax,SuDataSelector =
=20
;16bit =B5=C4=B4=FA=C2=EB=B6=CE=D1=A1=D4=F1=C6=F7<SPAN =
style=3D"DISPLAY: none"> c=12zK=05bV=1Di;=20
</SPAN> <BR> mov ds,ax<SPAN=20
style=3D"DISPLAY: none"> \^=155ZlbU G </SPAN> <BR> =
mov=20
ss,ax<SPAN style=3D"DISPLAY: none"> 4|2D=0E->s~[=20
</SPAN> <BR><SPAN style=3D"DISPLAY: none">u=13=1BJ+)kA=18F =
</SPAN> <BR>;=20
=C9=E8=D6=C3=B6=D1=D5=BB=BC=C4=B4=E6=C6=F7 <SPAN style=3D"DISPLAY: =
none">?xwEmJ/pv1 </SPAN> <BR> =20
mov sp,EXPORT_STACK ; =
EXPORT_STACK=20
equ 07ffeh<SPAN =
style=3D"DISPLAY: none">=20
:>=01=12?u>A =14 </SPAN> <BR> push =
ebx =20
; save the caller's esp<SPAN=20
style=3D"DISPLAY: none"> >s=3Dc\ %M>R =
</SPAN> <BR> =20
endm<SPAN style=3D"DISPLAY: none"> W=1BXgzK2B]S =
</SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> =15\=11a=05\z|m=0F </SPAN> <BR>; =
EXPORT_ENTRY_MACRO=20
end<SPAN style=3D"DISPLAY: none"> 8R&PM=1E[[=15& =
</SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">=17a8r +rY}=0F=20
=
</SPAN> <BR>EXPORT_EXIT_MACRO=BA=EA=BA=AF=CA=FD=B7=D6=CE=F6=A3=BA<SP=
AN style=3D"DISPLAY: none">=20
=128=14=04T;=02=02=10N </SPAN> <BR>; =
=B8=C3=BA=EA=BA=AF=CA=FD=B8=BA=D4=F0=D4=DA=B4=D3 16bit=A3=A8Su =
module=A3=A9=C7=D0=BB=BB=B5=BD=20
=
32bit=C7=B0=D7=F6=D2=BB=D0=A9=D7=BC=B1=B8=B9=A4=D7=F7=A3=AC=BF=C9=D2=D4=CB=
=B5=CB=FB=CA=C7 <SPAN style=3D"DISPLAY: none">IXT6=07.]=05_.=20
</SPAN> <BR>; EXPORT_ENTRY_MACRO =
=BA=EA=BA=AF=CA=FD=B5=C4=B7=B4=CF=F2=B2=D9=D7=F7<SPAN style=3D"DISPLAY: =
none">=20
*g=13k->Kle- </SPAN> <BR>EXPORT_EXIT_MACRO macro<SPAN=20
style=3D"DISPLAY: none"> MQU1=07=052}up </SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> lN|l{s&p @ </SPAN> <BR>; Next =
get caller's=20
esp that we saved upon entry on the 16bit stack<SPAN=20
style=3D"DISPLAY: none"> D$:JPGtV y </SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> 55,aqn=0EPX=03 </SPAN> <BR> =
pop=20
ebx ; get =
caller's=20
esp<SPAN style=3D"DISPLAY: none"> {_CC4Y=13L/ =
</SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> ELE(=03X=14!=17, </SPAN> <BR>; =
Restore flat=20
selectors in segment registers.<SPAN style=3D"DISPLAY: none"> =
qG=11&9rc=08XD=20
</SPAN> <BR>;<SPAN style=3D"DISPLAY: none"> =1E-=12[I,XqZK=20
</SPAN> <BR> mov =
dx,KeDataSelector<SPAN=20
style=3D"DISPLAY: none"> l=10y3 =04G t </SPAN> <BR> =
mov =20
ds,dx<SPAN style=3D"DISPLAY: none"> =07=1B.=0EOu=18=0E +=20
</SPAN> <BR> mov ss,dx<SPAN=20
style=3D"DISPLAY: none"> =3D`=11=3D+P=19lH </SPAN> <BR> =
mov =20
es,dx<SPAN style=3D"DISPLAY: none"> }=05;=1A4=14NF=1A]=20
</SPAN> <BR> mov esp,ebx<SPAN=20
style=3D"DISPLAY: none"> A?E=15=0F=3D+I+I </SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">2uZ\2LjjD </SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">CJcW(G39{: </SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> W=12X$nI=17=0FDF </SPAN> <BR>; =
Restore callers' ebp=20
that we saved on the 32bit stack<SPAN style=3D"DISPLAY: none">=20
<|"<if/E=19e </SPAN> <BR>;<SPAN style=3D"DISPLAY: =
none"> S=20
=03:c['2< </SPAN> <BR> pop =
edi<SPAN=20
style=3D"DISPLAY: none"> a=076#y]}eMB </SPAN> <BR> =
pop=20
esi<SPAN style=3D"DISPLAY: none"> }A(fXReGsO=20
</SPAN> <BR> pop ebx<SPAN=20
style=3D"DISPLAY: none"> =08#plVw@`*K </SPAN> <BR> =
pop=20
ebp ; (ebp) =3D caller's ebp<SPAN=20
style=3D"DISPLAY: none"> %p<IwFh N[ </SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">#@=17#=04>B=0F2y =
</SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> %bl_T 5tuD </SPAN> <BR>; Pull =
callers flat=20
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -