- 注册时间
- 2011-3-10
- 最后登录
- 1970-1-1
该用户从未签到
|
NTSTATUS __stdcall DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
INIT:00011685 public DriverEntry
INIT:00011685 DriverEntry proc near
INIT:00011685 mov eax, dword_11600
INIT:0001168A test eax, eax
INIT:0001168C mov ecx, 0BB40E64Eh
INIT:00011691 jz short loc_11697
INIT:00011693 cmp eax, ecx
INIT:00011695 jnz short loc_116B0
INIT:00011697
INIT:00011697 loc_11697: ; CODE XREF: DriverEntry+Cj
INIT:00011697 mov eax, ds:KeTickCount
INIT:0001169C mov eax, [eax]
INIT:0001169E xor eax, offset dword_11600
INIT:000116A3 mov dword_11600, eax
INIT:000116A8 jnz short loc_116B0
INIT:000116AA mov dword_11600, ecx
INIT:000116B0
INIT:000116B0 loc_116B0: ; CODE XREF: DriverEntry+10j
INIT:000116B0 ; DriverEntry+23j
INIT:000116B0 jmp sub_10DC2
INIT:000116B0 DriverEntry endp
看了几个驱动的开头,都是这个东西,请问下这最开始的东西是干什么的啊?好像没什么用啊! |
|