📄 ntldr其他相关函数分析.mht
字号:
return address off stack and push the<SPAN style=3D"DISPLAY: =
none">=20
=184<J*q)*(U </SPAN> <BR>; flat code selector followed by =
the return=20
offset, then<SPAN style=3D"DISPLAY: none"> V7ea=13q4Qz=1C =
</SPAN> <BR>;=20
execute a far return and we'll be back in the OS loaders code =
space.<SPAN=20
style=3D"DISPLAY: none"> =1E?=3DUQm.!=01Z </SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> yRV-T)rcsu </SPAN> <BR> =
pop=20
edx ; (edx) =3D caller's return =
address<SPAN=20
style=3D"DISPLAY: none"> ghr V=05v3=12E </SPAN> <BR> =
push=20
dword ptr KeCodeSelector<SPAN style=3D"DISPLAY: none"> =
sw6crNpi=0E=20
</SPAN> <BR> push edx<SPAN =
style=3D"DISPLAY: none">=20
_*{kb#r.z=02 </SPAN> <BR> db OVERRIDE<SPAN=20
style=3D"DISPLAY: none"> =19da7b=11 =19 </SPAN> <BR> =
retf<SPAN=20
style=3D"DISPLAY: none"> r0=032=05=16I=17jz =
</SPAN> <BR> endm<SPAN=20
style=3D"DISPLAY: none"> kLR]{>@v8e </SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">SU*mt`a}=3D3=20
=
</SPAN> <BR>MAKE_STACK_FRAME_MACRO=BA=EA=BA=AF=CA=FD=B7=D6=CE=F6=A3=BA=
<SPAN style=3D"DISPLAY: none">=20
L|=1B PG=13Al[=20
=
</SPAN> <BR>=CE=D2=D6=AA=B5=C0=D5=E2=B8=F6=BA=AF=CA=FD=B5=C4=D2=E2=CB=
=BC=A3=AC=BF=C9=CA=C7=B6=D4=D3=DA=B8=C3=BA=EA=BA=AF=CA=FD=B4=FA=C2=EB=B5=C4=
=C0=ED=BD=E2=BF=C9=C4=DC=B2=BB=D5=FD=C8=B7=A3=AC=D2=D4=C7=B0=B4=D3=C0=B4=C3=
=BB=D3=D0=D3=F6=B5=BD=B9=FD=D5=E2=D1=F9=B5=C4=BC=BC=C7=C9=A3=AC=CE=AA=C1=CB=
=B1=E3=D3=DA=C0=ED=BD=E2=A3=AC=CE=D2=BB=AD=B3=F6=C1=CB=B6=D1=D5=BB=CD=BC=A3=
=AC=C8=E7=B9=FB=C4=E3=C8=CF=CE=AA=CE=D2=B5=C4=C0=ED=BD=E2=CA=C7=B4=ED=CE=F3=
=B5=C4=A3=AC=C7=EB=B8=F8=D3=E8=D6=B8=D5=FD=A3=A8<A=20
=
href=3D"mailto:zl21_spawn@163.com">zl21_spawn@163.com</A>=A3=A9=A1=A3<SPA=
N=20
style=3D"DISPLAY: none"> aY=0E=17=15&S\rC=20
=
</SPAN> <BR>=C8=E7=B9=FB=C4=E3=C4=DC=CD=EA=C8=AB=C0=ED=BD=E2EXPORT_E=
NTRY_MACRO=BA=EA=BA=AF=CA=FD=A3=AC=C4=C7=C3=B4=C0=ED=BD=E2=B8=C3=BA=EA=BA=
=AF=CA=FD=D2=B2=BE=CD=B2=BB=BB=E1=CC=AB=C0=A7=C4=D1=A1=A3<SPAN=20
style=3D"DISPLAY: none"> `h~hxp=1DS&!=20
=
</SPAN> <BR>=CF=C8=C0=B4=BF=B4=BF=B4=B6=D1=D5=BB=CD=BC=A3=AC=D2=D4=D4=
=DAGetSector=A3=A8=A3=A9=D6=D0=B5=F7=D3=C3=B8=C3=BA=EA=BA=AF=CA=FD=CE=AA=C0=
=FD=A3=AC=D4=DA=B5=F7=D3=C3EXPORT_ENTRY_MACRO=BA=EA=BA=AF=CA=FD=BA=F3=B5=F7=
=D3=C3=B8=C3=BA=EA=BA=AF=CA=FD=A3=AC=B6=D1=D5=BB=CD=BC=C8=E7=CF=C2=A3=BA<=
SPAN=20
style=3D"DISPLAY: none"> s9/l=17=0F =12 </SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">[1gE=0143=04=10 =
</SPAN> <BR>BufferPointer<SPAN=20
style=3D"DISPLAY: none"> =01v=02=15,fELy=12 =
</SPAN> <BR>NumberOfSector<SPAN=20
style=3D"DISPLAY: none"> ^PA $=074=1A+) =
</SPAN> <BR>SectorNumber<SPAN=20
style=3D"DISPLAY: none"> =07=1FFAp=04O<=1D> =
</SPAN> <BR>TrackNumber<SPAN=20
style=3D"DISPLAY: none"> R=1DBy,'=1A*ER =
</SPAN> <BR>HeadNumber<SPAN=20
style=3D"DISPLAY: none"> V(d[ant@=083 =
</SPAN> <BR>DriverNumber<SPAN=20
style=3D"DISPLAY: none"> =1C=01$=03 |=1CB=01+ =
</SPAN> <BR>FunctionNumber<SPAN=20
style=3D"DISPLAY: none"> $V)ij=1APpp </SPAN> <BR>ebp<SPAN=20
style=3D"DISPLAY: none"> =02EM%b+S=08=1BS =
</SPAN> <BR>ebx<SPAN=20
style=3D"DISPLAY: none"> I=1A0C#2D=1C-' </SPAN> <BR>esi<SPAN=20
style=3D"DISPLAY: none"> vYsh=1Aod|mt </SPAN> <BR>edi<SPAN=20
style=3D"DISPLAY: none"> >ag+l=01 c=1C =
</SPAN> <BR>ebx<SPAN=20
style=3D"DISPLAY: none"> ]<_:*=02{M=05C </SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">V;VT=0ExAlT =
</SPAN> <BR>=CF=C2=C3=E6=CE=D2=B8=F9=BE=DD=C9=CF=C3=E6=B5=C4=B6=D1=D5=
=BB=CD=BC=C0=B4=BF=B4=BE=DF=CC=E5=B5=C4=B4=FA=C2=EB=A3=BA<SPAN=20
style=3D"DISPLAY: none"> ,=15je if7on =
</SPAN> <BR>=B4=FA=C2=EB=CE=BB=D6=C3=A3=BAmacro.inc<SPAN=20
style=3D"DISPLAY: none"> j}60=07rMsg' </SPAN> <BR>;++<SPAN=20
style=3D"DISPLAY: none"> *4Qa<8=12Lqx </SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> =08=1CoB[[d 5z </SPAN> <BR>;=20
MAKE_STACK_FRAME_MACRO<SPAN style=3D"DISPLAY: none"> c5 q2C3=3D's=20
</SPAN> <BR>;<SPAN style=3D"DISPLAY: none"> =
@@a=1B>z(=03=05A=20
</SPAN> <BR>; =B2=CE=CA=FD:<SPAN style=3D"DISPLAY: none"> =
q\[vh=3D~=15G%=20
</SPAN> <BR>;<SPAN style=3D"DISPLAY: none"> #~>[%X=1A.m=20
</SPAN> <BR>; _FrameName_ =
=B6=A8=D2=E5=D4=DA=B6=D1=D5=BB=E8=E5=B2=E3=B5=C4=BD=E1=B9=B9=B5=C4=C3=FB=B3=
=C6 <SPAN=20
style=3D"DISPLAY: none">MP.=08n=11EU=03v </SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> @0<60=13=0E=1B6 </SPAN> <BR>; =
=20
_PointerRegister_ - =
=B8=C3=BC=C4=B4=E6=C6=F7=B0=FC=BA=AC=C1=CB=D6=B8=CF=F2=B6=D1=D5=BB=E8=E5=B6=
=A5=B5=C4=D6=B8=D5=EB<SPAN style=3D"DISPLAY: none">=20
;3f=12,*Lm@B </SPAN> <BR>; =BB=B7=BE=B3:<SPAN =
style=3D"DISPLAY: none"> =16\MHnlzp\=19=20
</SPAN> <BR>; ProtectMode ONLY<SPAN style=3D"DISPLAY: none"> =
]- o-V=06OJ;=20
</SPAN> <BR>;<SPAN style=3D"DISPLAY: none"> 6>=067]g+=1F,\ =
</SPAN> <BR>;--<SPAN style=3D"DISPLAY: none"> =1F%=06E*=15 =
N=03?=20
</SPAN> <BR><SPAN style=3D"DISPLAY: none">6"=03f2$=04o=18=13=20
</SPAN> <BR>MAKE_STACK_FRAME_MACRO macro _FrameName_ ,=20
_PointerRegister_<SPAN style=3D"DISPLAY: none"> =
kx=04=19k2=04=08=0FG=20
</SPAN> <BR>Local msf1<SPAN style=3D"DISPLAY: none"> =
R=03*=101Qq1Ii=20
</SPAN> <BR> mov ecx, (size =
_FrameName_)/2=20
//=B6=D1=D5=BB=E8=E5=B5=C4=B4=F3=D0=A1<SPAN style=3D"DISPLAY: =
none"> |pt=18gD=1D}H=1D </SPAN> <BR> =20
mov esi,_PointerRegister_ ; (esi) =3D =
=B2=CE=CA=FD=E8=E5=B5=C4=C6=AB=D2=C6=A3=AC=D6=B8=CF=F2=C1=CBebx=20
=D4=DA=B6=D1=D5=BB=D6=D0=B5=C4=CE=BB=D6=C3=A3=AC=D5=E2<SPAN =
style=3D"DISPLAY: none"> s=078oAf=08r3p </SPAN> <BR>; =
=C0=EF=A3=ACebx=20
=
=BC=C4=B4=E6=C6=F7=D6=D0=B5=C4=C4=DA=C8=DD=C3=BB=D3=D0=C8=CE=BA=CE=B5=C4=CC=
=D8=CA=E2=D2=E2=D2=E5=A3=AC=CB=FC=BE=CD=CF=F3=CE=D2<SPAN =
style=3D"DISPLAY: none"> / =05<=0EraCRQ=20
</SPAN> <BR>; =
=D4=DA=B6=D1=D5=BB=CD=BC=D6=D0=BB=AD=B5=C4=D2=BB=D1=F9=A3=AC=C6=F0=B5=BD=D2=
=BB=B8=F6=B1=EA=BC=C7=B5=C4=D7=F7=D3=C3<SPAN style=3D"DISPLAY: none"> =
!p=3Do=20
J=19T=07=04 </SPAN> <BR>add esi,20 =
=20
; =
=D5=E2=CC=F5=D6=B8=C1=EE=B5=C4=D7=F7=D3=C3=CF=D4=B6=F8=D2=D7=BC=FB=A3=AC=CA=
=B9esi=D6=B8=CF=F2 FunctionNumber<SPAN=20
style=3D"DISPLAY: none"> lVC{r*w=18FN </SPAN> <BR> =
push=20
KeDataSelector ; (ax) =3D Flat 32bit =
=B6=CE=D1=A1=D4=F1=C6=F7<SPAN=20
style=3D"DISPLAY: none"> =06 _cz|=0Fh=0E=16 =
</SPAN> <BR> pop=20
ds ;(ds:esi) =
=D6=B8=CF=F2=C1=CB=B2=CE=CA=FD=E8=E5=D6=D0=CE=BB=D3=DA=20
FunctionNumber=B5=C4=CE=BB=D6=C3<SPAN style=3D"DISPLAY: none"> =
)G=1E H=1A3"=20
=
</SPAN> <BR>;=BB=F2=D5=DF=CB=B5=CA=C7=D6=B8=CF=F2=C1=CB=B4=AB=C8=EBG=
etSector=A3=A8=A3=A9=BA=AF=CA=FD=B5=C4FunctionNumbe=B2=CE=CA=FD<SPAN=20
style=3D"DISPLAY: none"> _G=1C=10+[ <=13l =
</SPAN> <BR> push=20
ss ;<SPAN=20
style=3D"DISPLAY: none"> {=13K(JQZQB </SPAN> <BR> =
pop =20
es ; (es) =3D =
16bit=20
=B6=D1=D5=BB=D1=A1=D4=F1=C6=F7<SPAN style=3D"DISPLAY: none"> =
!l@-=01=08C=1A-^ </SPAN> <BR>sub =20
sp, size _FrameName_ =
;=D7=A2=CA=CD=D6=D0=BD=E2=CA=CD=CE=AA=A1=B0=CE=AA=B2=CE=CA=FD=BD=A8=C1=A2=
=BF=D5=BC=E4=A1=B1=A3=AC =
=D0=E8=D2=AA=D7=A2=D2=E2=B5=C4=CA=C7=CF=D6=D4=DA sp<SPAN=20
style=3D"DISPLAY: none"> =0E\$h=1D u3=07U =
</SPAN> <BR>;=BC=C4=B4=E6=C6=F7=B5=C4=CE=BB=D6=C3=A3=ACsp=3D07ffeh<S=
PAN=20
style=3D"DISPLAY: none"> _=07fl =3D=1B,?=1A =
</SPAN> <BR> xor=20
edi,edi <SPAN=20
style=3D"DISPLAY: none">=04 =01&@kWO=11m =
</SPAN> <BR> mov=20
di,sp ; =
=C0=FB=D3=C3(es:edi)=20
=
=B4=FA=CC=E6(ss:sp)=A3=AC=D5=E2=D1=F9=BF=C9=D2=D4=BD=F8=D0=D0=B6=D1=D5=BB=
=B5=C4=B8=B4=D6=C6<SPAN style=3D"DISPLAY: none"> :s"'?W<=12 8=20
</SPAN> <BR><SPAN style=3D"DISPLAY: none">}H'NCUX~~\=20
</SPAN> <BR>msf1: =
=20
=
=20
; =
=BF=AA=CA=BC=B8=B4=D6=C6=B6=D1=D5=BB=D6=D0=B5=C4=B2=CE=CA=FD=A3=AC=D5=E2=D1=
=F9=D2=BB=C0=B4=A3=AC=D4=AD=C0=B4 32bit =CF=C2=B6=D1=D5=BB<SPAN=20
style=3D"DISPLAY: none"> !e5a"&{-?[ </SPAN> <BR>; =
=D6=D0=B5=C4=B2=CE=CA=FD=C3=BB=D3=D0=B8=C4=B1=E4=A3=AC=D4=DA=20
ss:07ffeh =B4=A6=BD=A8=C1=A2=C1=CB=D2=BB=B8=F6=D4=DA <SPAN =
style=3D"DISPLAY: none">Z=12v=0E3/mN=19k=20
</SPAN> <BR>; 16bit =
=CA=B5=C4=A3=CA=BD=D6=D0=CA=B9=D3=C3=B5=C4=B2=CE=CA=FD=E8=E5<SPAN =
style=3D"DISPLAY: none"> U8UU/.zsL6=20
</SPAN> <BR> mov ax,[esi]<SPAN=20
style=3D"DISPLAY: none"> =0F@E<=19 d=0EYZ =
</SPAN> <BR> mov=20
es:[edi],ax<SPAN style=3D"DISPLAY: none"> O55|l=1E=1F=15qI=20
</SPAN> <BR> add esi,2<SPAN=20
style=3D"DISPLAY: none"> =14$=01=01_f=01*=07i =
</SPAN> <BR> add=20
edi,2<SPAN style=3D"DISPLAY: none"> C,eK.=05Z!Ep=20
</SPAN> <BR> loop msf1<SPAN=20
style=3D"DISPLAY: none"> =18q|G,=027l=06: </SPAN> <BR> =
push=20
es ;<SPAN=20
style=3D"DISPLAY: none"> =188=050G =17 9 </SPAN> <BR> =
pop =20
ds ; put 16bit =
selector=20
back into ds<SPAN style=3D"DISPLAY: none"> }j=1F<=17=036N t=20
</SPAN> <BR> endm<SPAN style=3D"DISPLAY: none">=20
';&&Q=03T>}=14 </SPAN> <BR>; =
=D6=C1=D3=DA=D4=DA=C6=E4=CB=FB=BA=AF=CA=FD=D6=D0=B5=F7=D3=C3 =
MAKE_STACK_FRAME_MACRO=20
=
=BA=EA=BA=AF=CA=FD=A3=AC=C4=E3=CD=EA=C8=AB=BF=C9=D2=D4=D5=D5=C9=CF=C3=E6=B5=
=C4=C0=FD=D7=D3=CC=D7=D3=C3=A3=AC=D6=BB=D0=E8=D2=AA=CC=E6=BB=BB<SPAN =
style=3D"DISPLAY: none"> v?=0E P3=10Zuu=20
</SPAN> <BR>; =C6=E4=D6=D0=B5=C4_FrameName_<SPAN =
style=3D"DISPLAY: none"> =14=19S=03TQt` '=20
</SPAN> <BR><SPAN style=3D"DISPLAY: none">b \z%7$V70=20
=
</SPAN> <BR>REMOVE_STACK_FRAME_MACRO=BA=EA=BA=AF=CA=FD=B7=D6=CE=F6=A3=
=BA<SPAN=20
style=3D"DISPLAY: none"> g =18M[v=18c=0FC=20
</SPAN> <BR>REMOVE_STACK_FRAME_MACRO macro _FrameName_<SPAN=20
style=3D"DISPLAY: none"> 6+=1Eo*>nB=19=06 =
</SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">eoPrQM=3D?=12z </SPAN> <BR> =
add =20
sp, size _FrameName_ ;=CE=D2=C3=C7=B2=BB=D4=D9=D0=E8=D2=AA 16bit =
=B5=C4=B6=D1=D5=BB=C1=CB<SPAN style=3D"DISPLAY: none">=20
=08`l<=1E0=1Fr=01 </SPAN> <BR> endm<SPAN=20
style=3D"DISPLAY: none"> ? `=06=3D=19BJ; </SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">=06%=15uX=1A~9Sl=20
=
</SPAN> <BR>ENTER_REALMODE_MACRO=BA=EA=BA=AF=CA=FD=B7=D6=CE=F6=A3=BA=
<SPAN style=3D"DISPLAY: none">=20
=112n=3D!IGoB; =
</SPAN> <BR>=C7=D0=BB=BB=B5=BD=CA=B5=C4=A3=CA=BD=A3=AC=B8=C3=BA=EA=BA=
=AF=CA=FD=D6=BB=CA=C7 _RealMode=BA=AF=CA=FD=B5=C4=BD=D3=BF=DA<SPAN=20
style=3D"DISPLAY: none"> =1BJ=04/=0F%=1CatN =
</SPAN> <BR>ENTER_REALMODE_MACRO=20
macro<SPAN style=3D"DISPLAY: none"> R=1E=19s Q<v~A =
</SPAN> <BR>extrn=20
_RealMode:near<SPAN style=3D"DISPLAY: none"> %(=03=1D{L7=17lP=20
</SPAN> <BR> call _RealMode<SPAN=20
style=3D"DISPLAY: none"> U=07Ucue{ lT </SPAN> <BR> =
endm<SPAN=20
style=3D"DISPLAY: none"> =06%q\BFE}=15Z </SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">=04.[p#~=04P=20
=
</SPAN> <BR>RE_ENABLE_PAGING_MACRO=BA=EA=BA=AF=CA=FD=B7=D6=CE=F6=A3=BA=
<SPAN style=3D"DISPLAY: none">=20
|u\mR!rN=06T=20
=
</SPAN> <BR>=C7=D0=BB=BB=B5=BD=B1=A3=BB=A4=C4=A3=CA=BD=B2=A2=D4=CA=D0=
=ED=B7=D6=D2=B3=A3=AC=B8=C3=BA=EA=BA=AF=CA=FD=D6=BB=CA=C7_EnableProtectPa=
ging=BA=AF=CA=FD=B5=C4=BD=D3=BF=DA<SPAN=20
style=3D"DISPLAY: none"> u=3D4L=1A LSX=1D =
</SPAN> <BR>RE_ENABLE_PAGING_MACRO=20
macro<SPAN style=3D"DISPLAY: none"> !c<`N-=1E=132=11 =
</SPAN> <BR>extrn=20
_EnableProtectPaging:near<SPAN style=3D"DISPLAY: none"> r1e =
=18oz=1A[h=20
</SPAN> <BR> push RE_ENABLING<SPAN=20
style=3D"DISPLAY: none"> wh8Qh=04=1C=12w </SPAN> <BR> =
call=20
_EnableProtectPaging<SPAN style=3D"DISPLAY: none"> =
z7c)kM%=05#|=20
</SPAN> <BR> add sp,2<SPAN=20
style=3D"DISPLAY: none"> *9/#*{lt.d </SPAN> <BR> =
endm<SPAN=20
style=3D"DISPLAY: none"> H *=03Ew,*yT </SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">=1Aq=05<b?p=0E=12i =
</SPAN> <BR>_RealMode=BA=AF=CA=FD=B7=D6=CE=F6=A3=BA<SPAN=20
style=3D"DISPLAY: none"> =056=19^=1E;8c_0 </SPAN> <BR>public =
_RealMode<SPAN=20
style=3D"DISPLAY: none"> =18sa.%rP=19Pa </SPAN> <BR>_RealMode =
proc=20
near<SPAN style=3D"DISPLAY: none"> g=17=05Q*=15=14N Z =
</SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">B`=1C=1Cr=176~5N </SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> ] o=07&=0E.j </SPAN> <BR>; =
=C7=D0=BB=BB=B5=BD=CA=B5=C4=A3=CA=BD<SPAN=20
style=3D"DISPLAY: none"> k%w=1E+NW=0Fe/ </SPAN> <BR>;<SPAN=20
style=3D"DISPLAY: none"> =1F=10x$=02<=01vIW =
</SPAN> <BR><SPAN=20
style=3D"DISPLAY: none">I9cxG=19d7y. </SPAN> <BR> =
sgdt=20
fword ptr [_GDTregister] ; =B1=A3=B4=E6GDT<SPAN =
style=3D"DISPLAY: none">=20
/=1C2=08M!5@1=19 </SPAN> <BR> sidt fword =
ptr=20
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -