Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   About Reserver (https://forum.exetools.com/showthread.php?t=4150)

dengkeng 04-29-2004 12:08
About Reserver
 
I have seen the article about ntdll!RtlFillMemoryUlong Reserver,Follow article:

Use IDA Pro Reserver En XP SP1 ntdll!RtlFillMemoryUlong:

; __stdcall RtlFillMemoryUlong(x,x,x)
public _RtlFillMemoryUlong@12
_RtlFillMemoryUlong@12 proc near

dest= dword ptr 8
bytecount= dword ptr 0Ch
value= dword ptr 10h

push edi
mov edi, [esp+dest]
mov ecx, [esp+bytecount]
mov eax, [esp+value]
shr ecx, 2 ; bytecount / 4
rep stosd
pop edi
retn 0Ch
_RtlFillMemoryUlong@12 endp
--------------------------------------------------------------------------

Below is C:

--------------------------------------------------------------------------
VOID NTAPI RtlFillMemoryUlong
(
PULONG dest, //EBP+0x008]
DWORD bytecount, // EBP+0x00C]
ULONG value // EBP+0x010]
)
{

bytecount /= 4;
while ( bytecount-- )
{
*dest++ = value;
} /* end of while */
return;
} /* end of RtlFillMemoryUlong */
--------------------------------------------------------------------------

Becasue it is easy,I can understand that,But it will not give the Analyse How do that and why do that ,someone can give me articles like that ???

I need the analyse!!Please Help Me!


All times are GMT +8. The time now is 13:32.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX