📄 [翻译]windows internals---processes,threads,jobs.mht
字号:
method=3Dpost><INPUT=20
type=3Dhidden value=3D96 name=3Dfid> <INPUT type=3Dhidden value=3D31594 =
name=3Dtid>=20
<DIV class=3Dt style=3D"BORDER-BOTTOM-WIDTH: 0px; MARGIN-BOTTOM: 0px">
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D"100%">
<TBODY>
<TR>
<TH class=3Dh><B>=B1=BE=D2=B3=D6=F7=CC=E2:</B> [=B7=AD=D2=EB]Windows =
Internals---Processes,Threads,Jobs</TH>
<TD class=3Dh style=3D"TEXT-ALIGN: right"><SPAN><A class=3Dfn=20
=
href=3D"https://forum.eviloctal.com/simple/index.php?t31594.html">=B4=F2=D3=
=A1</A> |=20
<A class=3Dfn style=3D"CURSOR: pointer"=20
=
onclick=3D"Addtoie('https://forum.eviloctal.com/read.php?fid=3D96&tid=
=3D31594','=D0=B0=B6=F1=B0=CB=BD=F8=D6=C6=D0=C5=CF=A2=B0=B2=C8=AB=CD=C5=B6=
=D3=B9=D9=B7=BD=CC=D6=C2=DB=D7=E9--[=B7=AD=D2=EB]Windows =
Internals---Processes,Threads,Jobs');">=BC=D3=CE=AAIE=CA=D5=B2=D8</A>=20
| <A class=3Dfn=20
=
href=3D"https://forum.eviloctal.com/profile-htm-action-favor-job-add-tid-=
31594.html">=CA=D5=B2=D8=D6=F7=CC=E2</A>=20
| <A class=3Dfn=20
=
href=3D"https://forum.eviloctal.com/job-htm-rd_previous-1-fid-96-tid-3159=
4-fpage-0-goto-previous.html">=C9=CF=D2=BB=D6=F7=CC=E2</A>=20
| <A class=3Dfn=20
=
href=3D"https://forum.eviloctal.com/job-htm-rd_previous-1-fid-96-tid-3159=
4-fpage-0-goto-next.html">=CF=C2=D2=BB=D6=F7=CC=E2</A></SPAN>=20
</TD></TR>
<TR>
<TD></TD></TR>
<TR class=3Dtr2>
<TD class=3Dtar colSpan=3D2><BR></TD></TR>
<TR>
<TD></TD></TR></TBODY></TABLE></DIV><A name=3Da></A><A =
name=3Dtpc></A>
<DIV class=3D"t t2" style=3D"BORDER-TOP-WIDTH: 0px">
<TABLE style=3D"BORDER-TOP-WIDTH: 0px; TABLE-LAYOUT: fixed" =
cellSpacing=3D0=20
cellPadding=3D0 width=3D"100%">
<TBODY>
<TR class=3Dtr1>
<TH class=3Dr_two style=3D"WIDTH: 20%" rowSpan=3D2><B>sudami</B>=20
<DIV=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: =
10px; PADDING-TOP: 10px">
<TABLE=20
style=3D"BORDER-TOP-WIDTH: 0px; BORDER-LEFT-WIDTH: 0px; =
BORDER-BOTTOM-WIDTH: 0px; BORDER-RIGHT-WIDTH: 0px"=20
cellSpacing=3D0 cellPadding=3D0 width=3D"98%">
<TBODY>
<TR>
<TD class=3Dtac=20
style=3D"BORDER-TOP-WIDTH: 0px; BORDER-LEFT-WIDTH: 0px; =
BORDER-BOTTOM-WIDTH: 0px; OVERFLOW: hidden; BORDER-RIGHT-WIDTH: =
0px"><IMG=20
=
src=3D"https://forum.eviloctal.com/attachment/upload/69539.gif"=20
border=3D0></TD></TR></TBODY></TABLE></DIV><BR><IMG=20
src=3D"https://forum.eviloctal.com/image/wind/level/30.gif"> <IMG=20
alt=3D=B8=C3=D3=C3=BB=A7=C4=BF=C7=B0=B2=BB=D4=DA=CF=DF=20
src=3D"https://forum.eviloctal.com/image/wind/read/offline.gif"> =
<BR>=BC=B6=B1=F0:=20
<FONT =
color=3D#555555>=C8=D9=D3=FE=BB=E1=D4=B1</FONT><BR>=BE=AB=BB=AA: <SPAN =
class=3Ds4>0</SPAN> <BR>=B7=A2=CC=FB:=20
<SPAN class=3D"s1 f9">69</SPAN><BR>=CD=FE=CD=FB: <SPAN class=3D"s2 =
f9">1200=20
=B5=E3</SPAN><BR>=BD=F0=C7=AE: <SPAN class=3D"s3 f9">11400 =
=B5=E3</SPAN><BR>=B9=B1=CF=D7: <SPAN=20
class=3D"s1 f9">0 =B5=E3</SPAN><BR>=D7=CA=C0=FA: <SPAN class=3D"s2 =
f9">-1=20
=
=B5=E3</SPAN><BR>=D4=DA=CF=DF=CA=B1=BC=E4:714(=D0=A1=CA=B1)<BR>=D7=A2=B2=E1=
=CA=B1=BC=E4:2007-01-10<BR>=D7=EE=BA=F3=B5=C7=C2=BC:2007-12-09 </TH>
<TH class=3Dr_one=20
style=3D"BORDER-TOP-WIDTH: 0px; PADDING-RIGHT: 15px; PADDING-LEFT: =
15px; BORDER-LEFT-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: =
0px; OVERFLOW: hidden; WIDTH: 80%; PADDING-TOP: 5px; BORDER-RIGHT-WIDTH: =
0px"=20
vAlign=3Dtop height=3D"100%">
<DIV class=3Dtiptop><A=20
=
href=3D"https://forum.eviloctal.com/profile-htm-action-show-uid-69539.htm=
l"><IMG=20
alt=3D=B2=E9=BF=B4=D7=F7=D5=DF=D7=CA=C1=CF =
src=3D"https://forum.eviloctal.com/image/wind/read/profile.gif"=20
align=3DabsMiddle></A> <A=20
=
href=3D"https://forum.eviloctal.com/message-htm-action-write-touid-69539.=
html"><IMG=20
alt=3D=B7=A2=CB=CD=B6=CC=CF=FB=CF=A2 =
src=3D"https://forum.eviloctal.com/image/wind/read/message.gif"=20
align=3DabsMiddle></A> <A=20
=
href=3D"https://forum.eviloctal.com/post-htm-action-quote-fid-96-tid-3159=
4-pid-tpc-article-0.html"><IMG=20
alt=3D=D2=FD=D3=C3=BB=D8=B8=B4=D5=E2=B8=F6=CC=FB=D7=D3 =
src=3D"https://forum.eviloctal.com/image/wind/read/quote.gif"=20
align=3DabsMiddle></A> <A=20
=
href=3D"https://forum.eviloctal.com/sendemail-htm-action-tofriend-tid-315=
94.html"><IMG=20
alt=3D=CD=C6=BC=F6=B4=CB=CC=FB =
src=3D"https://forum.eviloctal.com/image/wind/read/emailto.gif"=20
align=3DabsMiddle></A> <A=20
=
href=3D"https://forum.eviloctal.com/post-htm-action-modify-fid-96-tid-315=
94-pid-tpc-article-0.html"><IMG=20
src=3D"https://forum.eviloctal.com/image/wind/read/edit.gif"=20
align=3DabsMiddle></A> <A=20
=
href=3D"https://forum.eviloctal.com/job-htm-action-report-tid-31594-pid-t=
pc.html"=20
target=3D_blank><IMG=20
src=3D"https://forum.eviloctal.com/image/wind/read/report.gif"=20
align=3DabsMiddle></A> </DIV>
<H4>[=B7=AD=D2=EB]Windows Internals---Processes,Threads,Jobs</H4>
<DIV =
class=3Dtpc_content>=D2=EB=CE=C4=D7=F7=D5=DF=A3=BAsudami<BR>=D0=C5=CF=A2=C0=
=B4=D4=B4=A3=BA=D0=B0=B6=F1=B0=CB=BD=F8=D6=C6=D0=C5=CF=A2=B0=B2=C8=AB=CD=C5=
=B6=D3=A3=A8<A=20
href=3D"http://www.eviloctal.com/"=20
=
target=3D_blank>http://www.eviloctal.com/</A>=A3=A9<BR>=CE=C4=D5=C2=B1=B8=
=D7=A2=A3=BA=B4=CB=CE=C4=B2=BB=BD=F6=BD=F6=CA=C7=B7=AD=D2=EB,=C6=E4=D6=D0=
=D3=D0=B2=BF=B7=D6=CE=AA=D2=EB=D5=DF=D7=D4=BC=BA=B5=C4=D7=DC=BD=E1,=D0=B4=
=B5=C4=BA=DC=C0=C3,=B9=B2=C3=E3=D6=AE<BR><BR>++++++++++++++++++++++++++++=
+<BR>+ =20
sudami [<A=20
href=3D"mailto:xiao_rui_119@163.com">xiao_rui_119@163.com</A>] =
+<BR>+ =20
2007.12.07 =
=20
=
+<BR>+ =20
=D3=A2=CE=C4=B7=AD=D2=EB&=D1=A7=CF=B0=B1=CA=BC=C7 =
=20
=
+<BR>+++++++++++++++++++++++++++++<BR><BR>=D5=E2=CA=C7Windows=20
=
Internals=B5=DA6=D5=C2=B5=C4=C4=DA=C8=DD=A1=A3=B7=A2=CF=D6=C3=E8=CA=F6=B5=
=C4=BB=B9=CB=E3=CF=EA=CF=B8=A1=A3=B6=C1=C1=CB=D7=DC=B1=C8=B2=BB=B6=C1=C7=BF=
=A1=A3=D3=DA=CA=C7=BC=CD=C2=BC=D6=AE=A3=AC=C0=CF=C4=F1=C6=AE=B9=FD<IMG=20
=
src=3D"https://forum.eviloctal.com/image/post/smile/yangcong/60.gif">----=
<BR><BR> =20
=
=20
=
=20
=
<=D2=BB> =20
=
=BD=F8=B3=CC=CF=E0=B9=D8<BR>EPROCESS=CB=E3=CA=C7=BD=F8=B3=CC=B5=C4=B4=FA=B1=
=ED=A3=AC=CB=FC=BB=B9=B1=A3=C1=F4=D7=C5=D3=EB=D6=AE=CF=E0=B9=D8=B5=C4=C6=E4=
=CB=FB=D0=C5=CF=A2=A1=A3=BD=F8=B3=CC=CA=C7=CB=C0=B5=C4=A3=AC=C6=E4=D6=D0=B5=
=C4=CF=DF=B3=CC=B2=C5=CA=C7=BB=EE=B5=C4=A1=A3=BD=F8=B3=CC=BE=CD=BA=C3=B1=C8=
=D2=BB=B8=F6=C8=DD=C6=F7=A3=AC=D7=B0=D7=C5=BA=DC=B6=E0=BB=EE=D4=BE=B5=C4=CF=
=DF=B3=CC=B6=F8=D2=D1[=C3=BB=D3=D0=CF=DF=B3=CC=B5=C4=BD=F8=B3=CC=D7=A2=B6=
=A8=D2=AA=CB=C0=CD=F6=A3=AC=D2=F2=CE=AA=CB=FC=C3=BB=D3=D0=BB=EE=C1=A6]=A1=
=A3=B6=D4=C1=CB=A3=AC=BB=B9=D3=D0PEB=A1=A2TEB[=D5=E22=B8=F6=BD=E1=B9=B9=B4=
=E6=D4=DA=D3=DA=D3=C3=BB=A7=BD=F8=B3=CC=BF=D5=BC=E4=D6=D0=A3=AC=C6=E4=CB=FB=
=B5=C4=B6=BC=D4=DA=CF=B5=CD=B3=B5=C4=B8=DF2GB=B5=D8=D6=B7=B7=B6=CE=A7=C0=EF=
]=20
=A1=A3=BC=FB=CD=BC=A3=BA<BR><B></B><BR><IMG=20
onclick=3D"if(this.width>=3D800) =
window.open('https://forum.eviloctal.com/attachment/Mon_0712/96_69539_ef7=
39f0cf8d9b17.gif');"=20
=
src=3D"https://forum.eviloctal.com/attachment/Mon_0712/96_69539_ef739f0cf=
8d9b17.gif"=20
=
onload=3D"if(this.width>'800')this.width=3D'800';if(this.height>'800')thi=
s.height=3D'800';"=20
border=3D0> <BR><BR>=A2=D9 =
=C3=F7=C8=B7KPCR=A1=A2KPRCB=A1=A2ETHREAD=A1=A2KTHREAD=A1=A2EPROCESS=A1=A2=
KPROCESS=A1=A2TEB=A1=A2PEB=20
----<BR><BR><B>KPCR</B>=A3=A8Kernel's Processor Control=20
=
Region,<B>=C4=DA=BA=CB=BD=F8=B3=CC=BF=D8=D6=C6=C7=F8=D3=F2</B>=A3=A9=CA=C7=
=D2=BB=B8=F6=B2=BB=BB=E1=CB=E6WINDOWS=B0=E6=B1=BE=B1=E4=B6=AF=B6=F8=B8=C4=
=B1=E4=B5=C4=B9=CC=B6=A8=BD=E1=B9=B9=CC=E5=A3=AC=D4=DA=CB=FC=B5=C4=C4=A9=CE=
=B2[=C6=AB=D2=C6<B>0x120</B>]=D6=B8=CF=F2<B>KPRCB</B>=BD=E1=B9=B9=A1=A3<B=
R>nt!_KPCR<BR> =20
+0x000 NtTib : =
_NT_TIB<BR> =20
+0x01c SelfPcr : Ptr32 =
_KPCR<BR> =20
+0x020 Prcb : Ptr32=20
_KPRCB<BR> +0x024 Irql =
:=20
UChar<BR> +0x028 IRR =
=20
: Uint4B<BR> +0x02c IrrActive :=20
Uint4B<BR> +0x030 IDR =
=20
: Uint4B<BR> +0x034 KdVersionBlock : Ptr32=20
Void<BR> +0x038 IDT =
=20
: Ptr32 _KIDTENTRY<BR> +0x03c GDT =
=20
: Ptr32 _KGDTENTRY<BR> +0x040 TSS =
=20
: Ptr32 _KTSS<BR> ...// =
=CA=A1=C2=D4<BR><SPAN=20
style=3D"COLOR: #ff0000"> +0x120 PrcbData =
:=20
_KPRCB</SPAN><BR><SPAN=20
style=3D"COLOR: =
#ff0000"></SPAN><BR><BR><B>KPRCB</B>=CD=AC=D1=F9=CA=C7=D2=BB=B8=F6=B2=BB=BB=
=E1=CB=E6WINDOWS=B0=E6=B1=BE=B1=E4=B6=AF=B6=F8=B8=C4=B1=E4=B5=C4=B9=CC=B6=
=A8=BD=E1=B9=B9=CC=E5=A1=A3=CB=FC=B0=FC=BA=AC=D3=D0=D6=B8=CF=F2=B5=B1=C7=B0=
<B>KTHREAD</B>=B5=C4=D6=B8=D5=EB=A3=AC=C6=AB=D2=C6=D6=B5<B>0x004</B>=A1=A3=
=C6=E4=CA=B5=D2=B2=BE=CD=CA=C7=D6=AA=B5=C0=C1=CB=B5=B1=C7=B0=B5=C4<B>ETHR=
EAD</B>=BB=F9=B5=D8=D6=B7=A1=A3[=D2=F2=CE=AAETHREAD=B5=C4=B5=DA=D2=BB=CF=EE=
=B1=E3=CA=C7KTHREAD=A3=ACETHREAD=D4=DA=BA=F3=C3=E6=CC=D6=C2=DB=A3=AC=CF=D6=
=D4=DA=CC=D6=C2=DB=BD=F8=B3=CC=CF=E0=B9=D8]=20
[=CD=A8=B9=FD <B>KeGetCurrentPrcb()</B> =
=BA=AF=CA=FD=BC=B4=BF=C9=B5=C3=B5=BDPKPRCB=A3=AC=BE=DF=CC=E5=B2=CE=BC=FBW=
RK]<BR><B></B><BR><IMG=20
onclick=3D"if(this.width>=3D800) =
window.open('https://forum.eviloctal.com/attachment/Mon_0712/96_69539_2db=
d3b7f128ed09.gif');"=20
=
src=3D"https://forum.eviloctal.com/attachment/Mon_0712/96_69539_2dbd3b7f1=
28ed09.gif"=20
=
onload=3D"if(this.width>'800')this.width=3D'800';if(this.height>'800')thi=
s.height=3D'800';"=20
border=3D0>=20
=
<BR><BR>=D5=B9=BF=AAKTHREAD=A3=AC=C6=E4=D6=D0=B5=C4_KAPC_STATE=BD=E1=B9=B9=
=D6=D0=B0=FC=BA=AC=B5=B1=C7=B0KPROCESS=B5=C4=B5=D8=D6=B7<BR>nt!_KTHREAD<B=
R> =20
+0x000 Header :=20
_DISPATCHER_HEADER<BR> ...<BR> <BR><SPAN=20
style=3D"COLOR: #ff0000">+0x034 ApcState =
:=20
_KAPC_STATE</SPAN><BR>+0x034 ApcState : =
struct=20
_KAPC_STATE, 5 elements, 0x18 bytes<BR> +0x000 =
ApcListHead : [2] struct _LIST_ENTRY, 2 =
elements, 0x8=20
bytes<BR> <BR><SPAN style=3D"COLOR: =
#ff0000">+0x010=20
Process</SPAN><BR> : Ptr32 to =
struct=20
<BR><SPAN style=3D"COLOR: #ff0000">_KPROCESS</SPAN><BR>, 29 =
elements, 0x6c=20
bytes<BR> +0x014 KernelApcInProgress : =
UChar<BR> =20
+0x015 KernelApcPending : UChar<BR> =
=20
+0x016 UserApcPending :=20
=
UChar<BR><BR>=B6=F8EPROCESS=B5=C4=B5=DA=D2=BB=CF=EE=D5=FD=CA=C7KPROCESS=A1=
=A3=C1=AA=CF=EB=CE=D2=C3=C7=CA=EC=CF=A4=B5=C4=B6=CFEPROCESS=C1=B4=B1=ED=D2=
=FE=B2=D8=BD=F8=B3=CC=B5=C4=CA=D6=B7=A8=A1=A3=CD=A8=B9=FD<B>PsGetCurrentP=
rocess</B>=B5=C3=B5=BD=B5=C4=C6=E4=CA=B5=CA=C7=B5=B1=C7=B0KPROCESS=B5=C4=B5=
=D8=D6=B7=A3=AC=B6=F8KPROCESS=BE=CD=CA=C7EPROCESS=BD=E1=B9=B9=CC=E5=B5=C4=
=B5=DA=D2=BB=CF=EE=A3=AC=D5=E2=D1=F9=BE=CD=B5=C3=B5=BD=C1=CB=B5=B1=C7=B0=B5=
=C4EPROCESS=A1=A3=C8=BB=BA=F3=B1=E9=C0=FA=D5=FB=B8=F6=C1=B4=B1=ED=A1=A3=A1=
=A3=A1=A3<BR><BR>---->>=B4=F3=D6=C2=C1=F7=B3=CC=A3=BA<BR><SPAN=20
style=3D"COLOR: =
#0000ff"><B>PsGetCurrentProcess()=BA=AF=CA=FD---->_PsGetCurrentProcess=
()=BA=EA----->KeGetCurrentThread()=BA=AF=CA=FD</B></SPAN><BR>---->&=
gt;=BE=DF=CC=E5=CF=B8=BD=DA=A3=BA<BR>#define=20
_PsGetCurrentProcess()=20
=
(CONTAINING_RECORD(((KeGetCurrentThread())->ApcState.Process),EPROCESS=
,Pcb))<BR><SPAN=20
style=3D"COLOR: #0000ff">//=20
=
=BA=DC=C3=F7=CF=D4=A3=ACKeGetCurrentThread()=B5=C3=B5=BDKTHREAD=BD=E1=B9=B9=
=CC=E5=A3=ACKTHREAD=C6=AB=D2=C60x034=B4=A6=B5=C4<BR>//=20
=
ApcState=D6=D0process=BC=B4=CE=AAEPROCESS=B5=C4=B5=DA=D2=BB=CF=EEKPROCESS=
=B5=C4=B5=D8=D6=B7=A1=A3CONTAINING_RECORD=BA=EA<BR>//=20
=
=BD=AB=B4=CB=B5=D8=D6=B7=BC=F5=C8=A5=CB=FC=D4=DAEPROCESS=D6=D0=B5=C4=C6=AB=
=D2=C6=D6=B5=A3=AC=B5=C3=B5=BD=B5=B1=C7=B0EPROCESS=B5=C4=CA=B5=BC=CA=B5=D8=
=D6=B7</SPAN><BR>FORCEINLINE<BR>struct=20
_KTHREAD *<BR>NTAPI KeGetCurrentThread (VOID)<BR>{<BR>#if =
(_MSC_FULL_VER=20
>=3D 13012035)<BR> return (struct _KTHREAD *) =
(ULONG_PTR)=20
__readfsdword (FIELD_OFFSET (KPCR,=20
PrcbData.CurrentThread));<BR>#else<BR> __asm { mov =
eax,=20
fs:[0] KPCR.PrcbData.CurrentThread }<BR>#endif<BR>}<BR><SPAN=20
style=3D"COLOR: #0000ff">//=20
=
fs=D4=DA=D3=C3=BB=A7=C4=A3=CA=BD=CF=C2=D6=B8=CF=F2TEB=BD=E1=B9=B9=A3=AC=D4=
=DA=C4=DA=BA=CB=C4=A3=CA=BD=CF=C2=D6=B8=CF=F2KPCR[=C7=B0=C3=E6=B5=DA=D2=BB=
=B8=F6=C3=E8=CA=F6=B5=C4=BD=E1=B9=B9=CC=E5]</SPAN><BR><SPAN=20
style=3D"COLOR: =
#0000ff"></SPAN><BR><BR>=BA=C7=BA=C7=A3=AC=C5=BC=BB=AD=B8=F6=CD=BC=B8=FC=D6=
=B1=B9=DB=D0=A9=A3=AC=D2=B2=B8=FC=B7=BD=B1=E3=BC=C7=D2=E4<BR><B></B><BR><=
IMG=20
onclick=3D"if(this.width>=3D800) =
window.open('https://forum.eviloctal.com/attachment/Mon_0712/96_69539_7a9=
3c336d2b03d2.gif');"=20
=
src=3D"https://forum.eviloctal.com/attachment/Mon_0712/96_69539_7a93c336d=
2b03d2.gif"=20
=
onload=3D"if(this.width>'800')this.width=3D'800';if(this.height>'800')thi=
s.height=3D'800';"=20
border=3D0>=20
=
<BR><BR>=B9=D8=D3=DA<B>KPROCESS</B>=A1=A3=C0=EF=C3=E6=B1=A3=B4=E6=C1=CB=D2=
=BB=D0=A9=D3=D0=D3=C3=B5=C4=D0=C5=CF=A2=A3=AC=CE=D2=C3=C7=C0=B4=BC=F2=B5=A5=
=B5=C4=B3=F2=CF=C2=A1=A3<BR>nt!_KPROCESS<BR> =20
+0x000 Header :=20
_DISPATCHER_HEADER<BR> +0x010 ProfileListHead :=20
_LIST_ENTRY<BR> +0x018 <BR><SPAN=20
style=3D"COLOR: #ff0000">DirectoryTableBase</SPAN><BR>: [2] =
Uint4B =20
<BR><SPAN style=3D"COLOR: #ff0000">// =
=BD=F8=B3=CC=B5=C4=D2=B3=C4=BF=C2=BCPDT=20
=
[=C9=E6=BC=B0=C4=DA=B4=E6=B9=DC=C0=ED=D6=AA=CA=B6]<BR></SPAN><BR> =
+0x020 <BR><SPAN=20
style=3D"COLOR: #ff0000">LdtDescriptor</SPAN><BR> :=20
_KGDTENTRY <BR><SPAN style=3D"COLOR: #ff0000">//=20
GDT=B5=C4=C8=EB=BF=DA<BR></SPAN><BR> +0x028 <BR><SPAN=20
style=3D"COLOR: #ff0000">Int21Descriptor</SPAN><BR>: =
_KIDTENTRY =20
<BR><SPAN style=3D"COLOR: #ff0000">// =
IDT=B5=C4=C8=EB=BF=DA</SPAN><BR> +0x030=20
IopmOffset : Uint2B<BR> +0x032 =
Iopl =20
: UChar<BR> +0x033 Unused =
=20
: UChar<BR> +0x034 ActiveProcessors :=20
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -