IoGetDriverObjectExtension反汇编码及伪码

nt!IoGetDriverObjectExtension:
8083e231 8bff            mov     edi,edi
8083e233 55              push    ebp
8083e234 8bec            mov     ebp,esp
8083e236 56              push    esi
8083e237 ff1594068080    call    dword ptr [nt!_imp__KeRaiseIrqlToDpcLevel (80800694)]
8083e23d 8b4d08          mov     ecx,dword ptr [ebp+8]
8083e240 8b4918          mov     ecx,dword ptr [ecx+18h]
8083e243 8b7114          mov     esi,dword ptr [ecx+14h]
8083e246 85f6            test    esi,esi
8083e248 740c            je      nt!IoGetDriverObjectExtension+0x25 (8083e256)
8083e24a 8b4e04          mov     ecx,dword ptr [esi+4]
8083e24d 3b4d0c          cmp     ecx,dword ptr [ebp+0Ch]
8083e250 0f853ca5ffff    jne     nt!IoGetDriverObjectExtension+0x1f (80838792)
8083e256 8ac8            mov     cl,al
8083e258 ff159c068080    call    dword ptr [nt!_imp_KfLowerIrql (8080069c)]
8083e25e 85f6            test    esi,esi
8083e260 0f8433a5ffff    je      nt!IoGetDriverObjectExtension+0x31 (80838799)
8083e266 8d4608          lea     eax,[esi+8]
8083e269 5e              pop     esi
8083e26a 5d              pop     ebp
8083e26b c20800          ret     8

80838792 8b36            mov     esi,dword ptr [esi]
80838794 e9ad5a0000      jmp     nt!IoGetDriverObjectExtension+0x21 (8083e246)
80838799 33c0            xor     eax,eax
8083879b e9c95a0000      jmp     nt!IoGetDriverObjectExtension+0x38 (8083e269)

PVOID
IoGetDriverObjectExtension(
         IN PDRIVER_OBJECT  DriverObject,
         IN PVOID  ClientIdentificationAddress
         )
{
 PIO_CLIENT_EXTENSION pIoClientExtension;
 KIRQL irql;

 irql = KeRaiseIrqlToDpcLevel();
 pIoClientExtension = pDriverObject->DriverExtension->ClientDriverExtension;
 
 while (pIoClientExtension != NULL)
 {
  if (pIoClientExtension->ClientIdentificationAddress == ClientIdentificationAddress)
    break;

  pIoClientExtension = pIoClientExtension->NextExtension;
 }
 
 KfLowerIrql(irql);
 return pIoClientExtension == NULL? NULL: pIoClientExtension + 1;
}