|
|
|
|
|
[招聘]百度移动安全部高级安全研究员
再回来吧 :) |
|
[招聘]百度移动安全部高级安全研究员
自己顶一下 |
|
[求助]拆解安装包的软件有没有?
universalextractor http://legroom.net/software/uniextract |
|
[求助]HalExamineMBR的问题
谢谢,你说的很清楚,这个函数就是用来检查你这个盘是不是EZDrive的类型的, 只是WDK上说的是可以用 HalExamineMBR 这个函数获得MBR的内容,这正是我想要的: The HalExamineMBR routine reads the master boot record (MBR) of a disk and returns data from the MBR if the MBR is of the type specified by the caller. 获得的方式是: *Buffer = readBuffer; 但是该函数的代码是把MBR读取到readBuffer,再获取第一个分区表的PartitionType项(我的机器上是0x7),如果是0x55 才会 *Buffer = readBuffer; 在我的机器上我这么调用: int *p = NULL; HalExamineMBR(pDO, 512, 0x7, (PVOID *)&p); 因为比较的是PartitionType(0x7),所以在我的机器上永远不能成功,这个才是我不明白的地方,难道是MS故意做的限制? 其实在调试的时候发现MBR已经读出来了,在readBuffer里面,只是没有赋给Buffer(我传进去的参数) ------------------------------- VOID HalExamineMBR( IN PDEVICE_OBJECT DeviceObject, IN ULONG SectorSize, IN ULONG MBRTypeIdentifier, OUT PVOID * Buffer, ); Parameters DeviceObject Pointer to the device object for the device being examined. SectorSize Specifies the minimum number of bytes that an I/O operation can fetch from the device being examined. If this value is less than 512, HalExamineMBR reads 512 bytes to ensure that it reads an entire partition table. MBRTypeIdentifier Specifies the type of MBR that may be on the disk. Buffer Pointer to a buffer that returns data from the MBR. The layout of the buffer depends on the MBRTypeIdentifier. The caller must deallocate this buffer as soon as possible with ExFreePool. This routine returns NULL in Buffer if the MBRTypeIdentifier of the disk does not match that specified by the caller or if there is an error. |
|
[求助]HalExamineMBR的问题
感谢关注,问题是我的物理机器Win7和虚拟机上的MBR这个位置都是0x7,所以调用此函数会失败 |
|
[求助]HalExamineMBR的问题
在 WRK 里面找到了 HalExamineMBR 的代码,看起来必须是 0x54/0x55 才行,我的机器是 0x7,就会一直失败。 求解惑 partitionTableEntry = (PPARTITION_DESCRIPTOR) &(((PUSHORT) readBuffer)[PARTITION_TABLE_OFFSET]); if (partitionTableEntry->PartitionType != MBRTypeIdentifier) { // // The partition type isn't what the caller cares about. // ExFreePool(readBuffer); } else { if (partitionTableEntry->PartitionType == 0x54) { // // Rather than allocate a new piece of memory to return // the data - just use the memory allocated for the buffer. // We can assume the caller will delete this shortly. // ((PULONG)readBuffer)[0] = 63; *Buffer = readBuffer; } else if (partitionTableEntry->PartitionType == 0x55) { // // EzDrive Partition. Simply return the pointer to non-null // There is no skewing here. // *Buffer = readBuffer; } else { ASSERT(partitionTableEntry->PartitionType == 0x55); } |
|
[原创]CeleASM - ARM 汇编助理,查询ARM指令的好帮手
[QUOTE=Yonsm;595540]看图,仅用于某些特殊用户计算 ARM 汇编指令的目标代码值。 更多信息请参看: http://www.yonsm.net/read.php?364 索要源代码请来信: Yonsm@msn.com[/QUOTE] 可以加上THUMB的选项不 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值