ntdll!RtlFillMemoryUlong()

RtlpInsertFreeBlock()调用过RtlFillMemoryUlong()。注意该函数与memset()的区别。

用IDA Pro逆向英文版XP SP1的ntdll!RtlFillMemoryUlong:

; __stdcall RtlFillMemoryUlong(x,x,x) public _RtlFillMemoryUlong@12 _RtlFillMemoryUlong@12 proc near

dest= dword ptr 8 bytecount= dword ptr 0Ch value= dword ptr 10h

push edi
mov edi, [esp+dest]
mov ecx, [esp+bytecount]
mov eax, [esp+value]
shr ecx, 2                          ; bytecount / 4
rep stosd
pop edi
retn 0Ch

_RtlFillMemoryUlong@12 endp

下面是C风格的伪代码:

VOID NTAPI RtlFillMemoryUlong ( PULONG dest, // 第01形参，[EBP+0x008] DWORD bytecount, // 第02形参，[EBP+0x00C]，以字节为单位 ULONG value // 第03形参，[EBP+0x010] ) { /* * 假设ULONG占4字节 / bytecount /= 4; while ( bytecount-- ) { dest++ = value; } /* end of while / return; } / end of RtlFillMemoryUlong */

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

200312151414.txt.md

200312151414.txt.md

_RtlFillMemoryUlong@12 endp

Files

200312151414.txt.md

Latest commit

History

200312151414.txt.md

File metadata and controls

_RtlFillMemoryUlong@12 endp