Kommentar
Åtkomst till den här sidan kräver auktorisering. Du kan prova att logga in eller ändra kataloger.
Åtkomst till den här sidan kräver auktorisering. Du kan prova att ändra kataloger.
?????? ?? ?????:
The question is really simple: could we use RtlCaptureContext on X86? The MSDN (https://msdn.microsoft.com/en-us/library/ms680659(v=VS.85).aspx) says it’s only for 64 but the bug is for X86 and I see some kernel code are using it on x86.
?????? ?? ????? ???? ????? ?????: ????? ?? ?? ???????????? ??????? RtlCaptureContext ?? x86? MSDN ???????, ??? ??? ??????? ?????? ??? 64-? ??? ?? ???-?????? (??????? ????? ???-??????, ????? ?????????? ? ??????) ??????????????? ??? x86 ? ? ????, ??? ??? ? ???? ?????????? ??? ??????? ?? x86.
?????: ?????. ?????????????, ?????????? ???????? MSDN ??????????, ???:
The following functions are used only on 64-bit Windows.
????????? ??????? ???????????? ?????? ? 64-? ????????? ??????? Windows.
??????, ????????, ??????????? ???? ??????? RtlCaptureContext() ????????? Windows XP ? Windows Server 2003 ? ???????? ??????????? ?????? ??????? ? ???????. ???????? ? ???????? RtlAddFunctionTable(), ????????????? ?? ????????????? ?? x86. ??????????? ?????? ??????? ? ??????? ??? ??? - Windows XP Professional x64 Edition ? 64-bit editions of Windows Server 2003 ??????????????.
?????? ?????? ?????????????? ? ???? – ????????? ??????? ???????? NTDLL. ???? ????? ??????, ???????, ?? ???? ??????? ?????????? ? ???, ??????????????? ??????? (????? ??????? – ?????????????? ?? ???????? ????????????? ??? ???) ??? ???.
C:\>link /dump /exports c:\Windows\SysWOW64\ntdll.dll | findstr RtlCaptureContext
667 28D 00046B2B RtlCaptureContext
C:\>link /dump /exports c:\Windows\SysWOW64\ntdll.dll | findstr RtlAddFunctionTable
C:\>
Cross-posted from blog.not-a-kernel-guy.com.