-
-
[模仿]对双机调试的学习
-
发表于:
2015-8-13 14:05
9745
-
KeUpdateSystemTimeAssist
nt!KeUpdateSystemTimeAssist:
83eb9e00 64ff05c4050000 inc dword ptr fs:[5C4h]
83eb9e07 ff3424 push dword ptr [esp]
83eb9e0a 8bcd mov ecx,ebp
83eb9e0c 8bd0 mov edx,eax
83eb9e0e e8da010000 call nt!KeUpdateSystemTime (83eb9fed)
83eb9e13 fa cli
KeUpdateSystemTime 83eb9fed
83eba410 803d4c4afa8300 cmp byte ptr [nt!KdDebuggerEnabled (83fa4a4c)],0
83eba417 7464 je nt!KeUpdateSystemTime+0x48a (83eba47d)
83eba607 8b4c241c mov ecx,dword ptr [esp+1Ch]
83eba60b e80e000000 call nt!KeUpdateRunTime (83eba61e)
83eba610 5f pop edi
KeUpdateRunTime
83eba767 803d4c4afa8300 cmp byte ptr [nt!KdDebuggerEnabled (83fa4a4c)],0
83eba76e 7412 je nt!KeUpdateRunTime+0x164 (83eba782)
83eba77b 7505 jne nt!KeUpdateRunTime+0x164 (83eba782)
83eba77d e80c000000 call nt!KdCheckForDebugBreak (83eba78e)
83eba782 5f pop edi
nt!KdCheckForDebugBreak:
83eba78e 803d278df68300 cmp byte ptr [nt!KdPitchDebugger (83f68d27)],0
83eba795 7519 jne nt!KdCheckForDebugBreak+0x22 (83eba7b0)
83eba797 803d4c4afa8300 cmp byte ptr [nt!KdDebuggerEnabled (83fa4a4c)],0
83eba79e 7410 je nt!KdCheckForDebugBreak+0x22 (83eba7b0)
83eba7a0 e822000000 call nt!KdPollBreakIn (83eba7c7)
83eba7a5 84c0 test al,al
83eba7a7 7407 je nt!KdCheckForDebugBreak+0x22 (83eba7b0)
83eba7a9 6a01 push 1
83eba7ab e804000000 call nt!DbgBreakPointWithStatus (83eba7b4)
nt!KdPollBreakIn:
83eba7ce 33db xor ebx,ebx
83eba7d0 381d278df683 cmp byte ptr [nt!KdPitchDebugger (83f68d27)],bl
83eba7d6 7407 je nt!KdPollBreakIn+0x18 (83eba7df)
83eba7d8 32c0 xor al,al
83eba7da e9d2000000 jmp nt!KdPollBreakIn+0xea (83eba8b1)
83eba7df 885dff mov byte ptr [ebp-1],bl
83eba7e2 381d4c4afa83 cmp byte ptr [nt!KdDebuggerEnabled (83fa4a4c)],bl
83eba7e8 0f84c0000000 je nt!KdPollBreakIn+0xe7 (83eba8ae)
[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!
