首页
论坛
专栏
课程

[系统底层] [求助]_KiNumberFreeSelectors$S10229是哪个文件中的内核变量

2007-10-11 12:58 3981

[系统底层] [求助]_KiNumberFreeSelectors$S10229是哪个文件中的内核变量

2007-10-11 12:58
3981
我在用DriverStudioV3.2逆向checked版xp sp2 pro中的ntoskrnl.exe时,将hal和kernel的符号加载上,但仍然只有函数的名称,而没有内核变量的名称在汇编代码中出现。例如《Undocumented Windows NT》中函数_KeI386AllocateGdtSelectors有名叫_KiNumberFreeSelectors$S10229的变量,但我这里只显示地址!

2020安全开发者峰会(2020 SDC)议题征集 中国.北京 7月!

最新回复 (6)
godisagirl 2007-10-11 13:41
2
0
把你的check版丢一个出来吧
wdsm 2007-10-11 14:30
3
0
二楼的,看看我在这里发的自制xp sp2 pro checked盘的帖子吧,我用的就是我自己制作的,没钱买msdn。除此之外,你还可以按照msdn上介绍的方法在Free版系统上安装checked版内核文件。我试过,均能成功。^_^,我不会象驱动开发网的某些所谓的牛人那样吝啬自己的一张checked盘。
zhzhtst 11 2007-10-11 16:52
4
0
现在微软发布的公用调试符号中并没有这一变量
softworm 30 2007-10-11 18:14
5
0
似乎直接下载的符号包少好些东西,用WinDbg连网下的好得多
foxabu 13 2007-10-11 20:42
6
0
//
// The reason of having these variables defined in here is to isolate
// ABIOS from current system.
//

//
// KiNumberFreeSelectors defines the number of available selectors for
// ABIOS specific drivers.  This number should be the same across all
// the processors.
//

static USHORT KiNumberFreeSelectors = 0;

感觉就在ntoskrnl.exe中。

//
// i386 misc routines
//
NTSTATUS
NTAPI
KeI386AllocateGdtSelectors(
    OUT PUSHORT SelectorArray,
    IN USHORT NumberOfSelectors
    );

NTSTATUS
KeI386AllocateGdtSelectors(
    OUT PUSHORT SelectorArray,
    IN USHORT NumberOfSelectors
    )

/*++

Routine Description:

    This function allocates a set of GDT selectors for a device driver to use.
    Usually this allocation is performed at device driver initialization time
    to reserve the selectors for later use.

Arguments:

    SelectorArray - Supplies a pointer to an array of USHORT to be filled
                    in with the GDT selectors allocated.

    NumberOfSelectors - Specifies the number of selectors to be allocated.

Return Value:

    STATUS_SUCCESS - If the requested selectors are allocated.

    STATUS_ABIOS_SELECTOR_NOT_AVAILABLE - if system can not allocate the number
                               of selectors requested.

--*/

{
    PKFREE_GDT_ENTRY GdtEntry;
    KIRQL OldIrql;

    if (KiNumberFreeSelectors >= NumberOfSelectors) {
        ExAcquireSpinLock(&KiAbiosGdtLock, &OldIrql);

        //
        // The Free Gdt link list is maintained on Processor 0's GDT ONLY.
        // Because the 'selector' is an offset to the beginning of GDT and
        // it should be the same across all the processors.
        //

        KiNumberFreeSelectors = KiNumberFreeSelectors - NumberOfSelectors;
        GdtEntry = KiFreeGdtListHead;
        while (NumberOfSelectors != 0) {
            *SelectorArray++ = (USHORT)((ULONG)GdtEntry - KiAbiosGdt[0]);
            GdtEntry = GdtEntry->Flink;
            NumberOfSelectors--;
        }
        KiFreeGdtListHead = GdtEntry;
        ExReleaseSpinLock(&KiAbiosGdtLock, OldIrql);
        return STATUS_SUCCESS;
    } else {
        return STATUS_ABIOS_SELECTOR_NOT_AVAILABLE;
    }
}
wdsm 2007-10-12 16:08
7
0
6楼的,你的WRK之哪个版本的?
游客
登录 | 注册 方可回帖
返回