7

24-May-2010: PEEKs and POKEs in Windows x64?

 3 years ago
source link: https://yurichev.com/blog/46/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
PEEKs and POKEs in Windows x64?

24-May-2010: PEEKs and POKEs in Windows x64?

This kernel/driver-level Windows NT code:

void huh()
{
	LARGE_INTEGER a;
	KeQueryTickCount(&a);
	DbgPrint ("%d", a.QuadPart);
};

... is now translated in Windows 2003 DDK x64 environment into:

                 mov     rdx, 0FFFFF78000000320h
                 lea     rcx, Format     ; "%d"
                 mov     rdx, [rdx]
                 call    DbgPrint_0

Wow, some variable's address (KeTickCount) is now hardcoded just into driver's code during compilation.

Is not it just return to the PEEKs and POKEs?

http://en.wikipedia.org/wiki/PEEK_and_POKE

Is Microsoft promise to fix this variable to this address forever?

→ [list of blog posts]


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK