-
-
[讨论]函数末尾判断
-
发表于:
2010-4-1 10:48
2878
-
写了个判断函数末尾的小片代码,还请大伙帮忙看看,有没有误判的情况
红色部分不太满意,ddk有没有提供验证一片内核空间虚拟内存地址有效性的函数?
PUCHAR Temp; ULONG Flag = 0;
while (!Flag && [COLOR="Red"]MmIsAddressValid(Temp) && MmIsAddressValid (Temp + 1)
&& MmIsAddressValid(Temp + 2) && MmIsAddressValid (Temp + 3)&& MmIsAddressValid (Temp + 4))[/COLOR]
{
switch (*Temp)
{
case 0xc3:
case 0xcf:
case 0xcb:
if ( (*(Temp+1) == 0xcc) || (*(PULONG)(Temp+1) == 0) || (*(Temp+1) == 0x8b && *(Temp+1) == 0xFF))
{
Flag = 1;
}
break;
case 0xc2:
case 0xca:
if ( (*(Temp+3) == 0xcc) || (*(PULONG)(Temp+3) == 0) || (*(Temp+3) == 0x8b && *(Temp+4) == 0xFF))
{
Flag = 1;
}
break;
default:
break;
}
if (!Flag)
{
if (*((PULONG)Temp) == 0 && *(Temp + 4) == 0)
return 0;
}
Temp ++;
i++;
}
[课程]Linux pwn 探索篇!
