|
|
|
|
#1
04-29-2004, 12:08
|
|||
|
|||
About Reserver
I have seen the article about ntdll!RtlFillMemoryUlong Reserver,Follow article:
Use IDA Pro Reserver En XP SP1 ntdll!RtlFillMemoryUlong: ; __stdcall RtlFillMemoryUlong(x,x,x) public _RtlFillMemoryUlong@12 _RtlFillMemoryUlong@12 proc near dest= dword ptr 8 bytecount= dword ptr 0Ch value= dword ptr 10h push edi mov edi, [esp+dest] mov ecx, [esp+bytecount] mov eax, [esp+value] shr ecx, 2 ; bytecount / 4 rep stosd pop edi retn 0Ch _RtlFillMemoryUlong@12 endp -------------------------------------------------------------------------- Below is C: -------------------------------------------------------------------------- VOID NTAPI RtlFillMemoryUlong ( PULONG dest, //EBP+0x008] DWORD bytecount, // EBP+0x00C] ULONG value // EBP+0x010] ) { bytecount /= 4; while ( bytecount-- ) { *dest++ = value; } /* end of while */ return; } /* end of RtlFillMemoryUlong */ -------------------------------------------------------------------------- Becasue it is easy,I can understand that,But it will not give the Analyse How do that and why do that ,someone can give me articles like that ??? I need the analyse!!Please Help Me! 
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
