nt!NtQueryDirectoryFile:
8057ae64 eab017c2890800 jmp 0008:89C217B0 这个地址是干啥的?是HOOK吗?
8057ae6b 90 nop
8057ae6c 90 nop
8057ae6d 8d4528 lea eax,[ebp+28h]
8057ae70 50 push eax
8057ae71 8d4524 lea eax,[ebp+24h]
8057ae74 50 push eax
8057ae75 8d4520 lea eax,[ebp+20h]
8057ae78 50 push eax
8057ae79 8d4530 lea eax,[ebp+30h]
8057ae7c 50 push eax
8057ae7d 6a01 push 1
8057ae7f ff7530 push dword ptr [ebp+30h]
8057ae82 ff752c push dword ptr [ebp+2Ch]
8057ae85 ff7528 push dword ptr [ebp+28h]
8057ae88 ff7524 push dword ptr [ebp+24h]
8057ae8b ff7520 push dword ptr [ebp+20h]
8057ae8e ff751c push dword ptr [ebp+1Ch]
8057ae91 ff7518 push dword ptr [ebp+18h]
8057ae94 ff7514 push dword ptr [ebp+14h]
8057ae97 ff7510 push dword ptr [ebp+10h]
8057ae9a ff750c push dword ptr [ebp+0Ch]
8057ae9d ff7508 push dword ptr [ebp+8]
8057aea0 e817fbffff call nt!BuildQueryDirectoryIrp (8057a9bc)
8057aea5 85c0 test eax,eax
8057aea7 7518 jne nt!NtQueryDirectoryFile+0x5d (8057aec1)
8057aea9 6a02 push 2
8057aeab ff7530 push dword ptr [ebp+30h]
8057aeae ff752c push dword ptr [ebp+2Ch]
8057aeb1 6a01 push 1
8057aeb3 ff7528 push dword ptr [ebp+28h]
8057aeb6 ff7524 push dword ptr [ebp+24h]
8057aeb9 ff7520 push dword ptr [ebp+20h]
8057aebc e8515a0000 call nt!IopSynchronousServiceTail (80580912)
8057aec1 5d pop ebp
8057aec2 c22c00 ret 2Ch
89C217B0 里的内容
89c217b0 ?? ???
89c217b1 ?? ???
89c217b2 ?? ???
89c217b3 ?? ???
89c217b4 ?? ???
89c217b5 ?? ???
89c217b6 ?? ???
89c217b7 ?? ???
89c217b8 ?? ???
89c217b9 ?? ???
89c217ba ?? ???
89c217bb ?? ???
89c217bc ?? ???
89c217bd ?? ???
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
