-
-
[求助]读一份驱动代码,有2处不明白,请大侠救助
-
发表于: 2008-4-3 19:19
-
★代码如下:
mov eax,CR0
and eax,not 0x10000 //eax的第29位清零,该位是无意义的,正常就应该为零
mov CR0,eax
该代码目的是什么?
★代码有如下宏定义,宏定义中的“##”符号是什么意思
#define MemCheckAndHandle(nr,type,varsize,value) if ( /*it's faster to do this in a seperate code segment for each type, but lets try this first (less code)*/ \
((CurrentScan.Scantype==ST_Exact_value) && (*(##type)mempointer==value)) ||\
((CurrentScan.Scantype==ST_SmallerThan) && (*(##type)mempointer<value)) ||\
((CurrentScan.Scantype==ST_BiggerThan) && (*(##type)mempointer>value))\
)\
{\
/*found one*/ \
DbgPrint("Found one!!!\n");\
AddressList[found]=(ULONG)mempointer;\
ValueList##nr[found]=*(##type)mempointer;\
found++;\
if (found==AddressListSize)\
{\
DbgPrint("Writing tempfile\n");\
\
/*write the addresses and values to disk*/ \
CETC_Write(addressfile,AddressList,found*4,&iosb);\
CETC_Write(valuefile,ValueList##nr,found*varsize,&iosb);\
\
foundsaved+=found;\
found=0;\
}\
}
mov eax,CR0
and eax,not 0x10000 //eax的第29位清零,该位是无意义的,正常就应该为零
mov CR0,eax
该代码目的是什么?
★代码有如下宏定义,宏定义中的“##”符号是什么意思
#define MemCheckAndHandle(nr,type,varsize,value) if ( /*it's faster to do this in a seperate code segment for each type, but lets try this first (less code)*/ \
((CurrentScan.Scantype==ST_Exact_value) && (*(##type)mempointer==value)) ||\
((CurrentScan.Scantype==ST_SmallerThan) && (*(##type)mempointer<value)) ||\
((CurrentScan.Scantype==ST_BiggerThan) && (*(##type)mempointer>value))\
)\
{\
/*found one*/ \
DbgPrint("Found one!!!\n");\
AddressList[found]=(ULONG)mempointer;\
ValueList##nr[found]=*(##type)mempointer;\
found++;\
if (found==AddressListSize)\
{\
DbgPrint("Writing tempfile\n");\
\
/*write the addresses and values to disk*/ \
CETC_Write(addressfile,AddressList,found*4,&iosb);\
CETC_Write(valuefile,ValueList##nr,found*varsize,&iosb);\
\
foundsaved+=found;\
found=0;\
}\
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
