内核态fs寄存器指向结构KPCR，方便反汇编

最新推荐文章于 2023-01-28 00:52:06 发布

下资源要分

最新推荐文章于 2023-01-28 00:52:06 发布

阅读量1.5k

点赞数

文章标签： struct access c 汇编 io

本文链接：https://blog.csdn.net/whispermemory/article/details/6743074

版权

typedef struct _KPCR {

KPCR_TIB Tib; /* 00 */

struct _KPCR *Self; /* 1C */

struct _KPRCB *Prcb; /* 20 */

KIRQL Irql; /* 24 */

ULONG IRR; /* 28 */

ULONG IrrActive; /* 2C */

ULONG IDR; /* 30 */

PVOID KdVersionBlock; /* 34 */

PUSHORT IDT; /* 38 */

PUSHORT GDT; /* 3C */

struct _KTSS *TSS; /* 40 */

USHORT MajorVersion; /* 44 */

USHORT MinorVersion; /* 46 */

KAFFINITY SetMember; /* 48 */

ULONG StallScaleFactor; /* 4C */

UCHAR DebugActive; /* 50 */

UCHAR ProcessorNumber; /* 51 */

UCHAR Reserved; /* 52 */

UCHAR L2CacheAssociativity; /* 53 */

ULONG VdmAlert; /* 54 */

ULONG KernelReserved[14]; /* 58 */

ULONG L2CacheSize; /* 90 */

ULONG HalReserved[16]; /* 94 */

ULONG InterruptMode; /* D4 */

UCHAR KernelReserved2[0x48]; /* D8 */

KPRCB PrcbData; /* 120 */

} KPCR, *PKPCR;

typedef struct _KTSS {

USHORT Backlink;

USHORT Reserved0;

ULONG Esp0;

USHORT Ss0;

USHORT Reserved1;

ULONG NotUsed1[4];

ULONG CR3;

ULONG Eip;

ULONG EFlags;

ULONG Eax;

ULONG Ecx;

ULONG Edx;

ULONG Ebx;

ULONG Esp;

ULONG Ebp;

ULONG Esi;

ULONG Edi;

USHORT Es;

USHORT Reserved2;

USHORT Cs;

USHORT Reserved3;

USHORT Ss;

USHORT Reserved4;

USHORT Ds;

USHORT Reserved5;

USHORT Fs;

USHORT Reserved6;

USHORT Gs;

USHORT Reserved7;

USHORT LDT;

USHORT Reserved8;

USHORT Flags;

USHORT IoMapBase;

KIIO_ACCESS_MAP IoMaps[IOPM_COUNT];

//

// This is the Software interrupt direction bitmap associated with

// IO_ACCESS_MAP_NONE

//

KINT_DIRECTION_MAP IntDirectionMap;

} KTSS, *PKTSS;

nt!_KTSS
   +0x000 Backlink         : Uint2B
   +0x002 Reserved0        : Uint2B
   +0x004 Esp0             : Uint4B
   +0x008 Ss0              : Uint2B
   +0x00a Reserved1        : Uint2B
   +0x00c NotUsed1         : [4] Uint4B
   +0x01c CR3              : Uint4B
   +0x020 Eip              : Uint4B
   +0x024 EFlags           : Uint4B
   +0x028 Eax              : Uint4B
   +0x02c Ecx              : Uint4B
   +0x030 Edx              : Uint4B
   +0x034 Ebx              : Uint4B
   +0x038 Esp              : Uint4B
   +0x03c Ebp              : Uint4B
   +0x040 Esi              : Uint4B
   +0x044 Edi              : Uint4B
   +0x048 Es               : Uint2B
   +0x04a Reserved2        : Uint2B
   +0x04c Cs               : Uint2B
   +0x04e Reserved3        : Uint2B
   +0x050 Ss               : Uint2B
   +0x052 Reserved4        : Uint2B
   +0x054 Ds               : Uint2B
   +0x056 Reserved5        : Uint2B
   +0x058 Fs               : Uint2B
   +0x05a Reserved6        : Uint2B
   +0x05c Gs               : Uint2B
   +0x05e Reserved7        : Uint2B
   +0x060 LDT              : Uint2B
   +0x062 Reserved8        : Uint2B
   +0x064 Flags            : Uint2B
   +0x066 IoMapBase        : Uint2B
   +0x068 IoMaps           : [1] _KiIoAccessMap
   +0x208c IntDirectionMap : [32] UChar