; ; +-------------------------------------------------------------------------+ ; ¦ This file is generated by The Interactive Disassembler (IDA) ¦ ; ¦ Copyright (c) 2006 by DataRescue sa/nv, <ida@datarescue.com> ¦ ; ¦ Licensed to: Ivanlef0u - (1-user Advanced 03/2006) ¦ ; +-------------------------------------------------------------------------+ ; PAGE:005710B9 PAGE:005710B9 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ PAGE:005710B9 PAGE:005710B9 ; Attributes: bp-based frame PAGE:005710B9 PAGE:005710B9 ; NTSTATUS __stdcall NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode,PVOID InputBuffer,ULONG InputBufferLength,PVOID OutputBuffer,ULONG OutputBufferLength,PULONG ReturnLength) PAGE:005710B9 _NtSystemDebugControl@24 proc near ; DATA XREF: .text:0040BAA4o PAGE:005710B9 PAGE:005710B9 var_60 = dword ptr -60h PAGE:005710B9 var_5C = dword ptr -5Ch PAGE:005710B9 var_58 = dword ptr -58h PAGE:005710B9 var_54 = dword ptr -54h PAGE:005710B9 var_50 = dword ptr -50h PAGE:005710B9 var_4C = dword ptr -4Ch PAGE:005710B9 var_48 = dword ptr -48h PAGE:005710B9 var_44 = dword ptr -44h PAGE:005710B9 var_40 = dword ptr -40h PAGE:005710B9 var_3C = dword ptr -3Ch PAGE:005710B9 var_38 = dword ptr -38h PAGE:005710B9 var_34 = dword ptr -34h PAGE:005710B9 var_30 = dword ptr -30h PAGE:005710B9 PreviousMode = byte ptr -2Ch PAGE:005710B9 P = dword ptr -28h PAGE:005710B9 var_24 = dword ptr -24h PAGE:005710B9 var_20 = dword ptr -20h PAGE:005710B9 var_1C = dword ptr -1Ch PAGE:005710B9 ms_exc = CPPEH_RECORD ptr -18h PAGE:005710B9 arg_0 = dword ptr 8 PAGE:005710B9 arg_4 = dword ptr 0Ch PAGE:005710B9 arg_8 = dword ptr 10h PAGE:005710B9 Address = dword ptr 14h PAGE:005710B9 Length = dword ptr 18h PAGE:005710B9 arg_14 = dword ptr 1Ch PAGE:005710B9 PAGE:005710B9 push 50h PAGE:005710BB push offset dword_452E28 PAGE:005710C0 call __SEH_prolog PAGE:005710C5 xor esi, esi PAGE:005710C7 mov [ebp+var_1C], esi PAGE:005710CA mov [ebp+var_20], esi PAGE:005710CD mov [ebp+var_24], esi PAGE:005710D0 mov [ebp+P], esi PAGE:005710D3 mov eax, large fs:124h PAGE:005710D9 mov bl, [eax+140h] PAGE:005710DF mov [ebp+PreviousMode], bl PAGE:005710E2 mov edi, dword ptr [ebp+PreviousMode] PAGE:005710E5 push edi ; PreviousMode PAGE:005710E6 push ds:_SeDebugPrivilege.HighPart PAGE:005710EC push ds:_SeDebugPrivilege.LowPart ; PrivilegeValue PAGE:005710F2 call _SeSinglePrivilegeCheck@12 ; SeSinglePrivilegeCheck(x,x,x) PAGE:005710F7 test al, al PAGE:005710F9 jnz short loc_571105 PAGE:005710FB mov eax, 0C0000022h PAGE:00571100 jmp loc_5714BE PAGE:00571105 ; --------------------------------------------------------------------------- PAGE:00571105 PAGE:00571105 loc_571105: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+40j PAGE:00571105 mov [ebp+ms_exc.disabled], esi PAGE:00571108 mov esi, [ebp+arg_8] PAGE:0057110B test bl, bl PAGE:0057110D mov ebx, [ebp+arg_4] PAGE:00571110 jz short loc_571161 PAGE:00571112 test esi, esi PAGE:00571114 jz short loc_571134 PAGE:00571116 test bl, 3 PAGE:00571119 jz short loc_571120 PAGE:0057111B call _ExRaiseDatatypeMisalignment@0 ; ExRaiseDatatypeMisalignment() PAGE:00571120 PAGE:00571120 loc_571120: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+60j PAGE:00571120 lea eax, [esi+ebx] PAGE:00571123 cmp eax, ebx PAGE:00571125 jb short loc_57112F PAGE:00571127 cmp eax, _MmUserProbeAddress PAGE:0057112D jbe short loc_571134 PAGE:0057112F PAGE:0057112F loc_57112F: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+6Cj PAGE:0057112F call _ExRaiseAccessViolation@0 ; ExRaiseAccessViolation() PAGE:00571134 PAGE:00571134 loc_571134: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+5Bj PAGE:00571134 ; NtSystemDebugControl(x,x,x,x,x,x)+74j PAGE:00571134 cmp [ebp+Length], 0 PAGE:00571138 jz short loc_571147 PAGE:0057113A push 4 ; Alignment PAGE:0057113C push [ebp+Length] ; Length PAGE:0057113F push [ebp+Address] ; Address PAGE:00571142 call _ProbeForWrite@12 ; ProbeForWrite(x,x,x) PAGE:00571147 PAGE:00571147 loc_571147: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+7Fj PAGE:00571147 mov ecx, [ebp+arg_14] PAGE:0057114A test ecx, ecx PAGE:0057114C jz short loc_571161 PAGE:0057114E mov eax, _MmUserProbeAddress PAGE:00571153 cmp ecx, eax PAGE:00571155 jb short loc_57115D PAGE:00571157 mov dword ptr [eax], 0 PAGE:0057115D PAGE:0057115D loc_57115D: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+9Cj PAGE:0057115D mov eax, [ecx] PAGE:0057115F mov [ecx], eax PAGE:00571161 PAGE:00571161 loc_571161: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+57j PAGE:00571161 ; NtSystemDebugControl(x,x,x,x,x,x)+93j PAGE:00571161 mov eax, [ebp+arg_0] PAGE:00571164 dec eax PAGE:00571165 cmp eax, 13h ; switch 20 cases PAGE:00571168 ja loc_571473 ; default PAGE:0057116E jmp ds:off_5714C6[eax*4] ; switch jump PAGE:00571175 PAGE:00571175 loc_571175: ; DATA XREF: PAGE:off_5714C6o PAGE:00571175 lea eax, [ebp+var_20] ; case 0x0 PAGE:00571178 push eax PAGE:00571179 push [ebp+Length] PAGE:0057117C push [ebp+Address] PAGE:0057117F call _KdGetTraceInformation@12 ; KdGetTraceInformation(x,x,x) PAGE:00571184 jmp loc_57146E PAGE:00571189 ; --------------------------------------------------------------------------- PAGE:00571189 PAGE:00571189 loc_571189: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:00571189 ; DATA XREF: PAGE:off_5714C6o PAGE:00571189 cmp esi, 38h ; case 0x1 PAGE:0057118C jnz loc_57143F PAGE:00571192 push ebx PAGE:00571193 call _KdSetInternalBreakpoint@4 ; KdSetInternalBreakpoint(x) PAGE:00571198 jmp loc_57147A PAGE:0057119D ; --------------------------------------------------------------------------- PAGE:0057119D PAGE:0057119D loc_57119D: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:0057119D ; DATA XREF: PAGE:off_5714C6o PAGE:0057119D cmp esi, 4 ; case 0x2 PAGE:005711A0 jnz loc_57143F PAGE:005711A6 push 0 PAGE:005711A8 push ebx PAGE:005711A9 call _KdSetSpecialCall@8 ; KdSetSpecialCall(x,x) PAGE:005711AE jmp loc_57147A PAGE:005711B3 ; --------------------------------------------------------------------------- PAGE:005711B3 PAGE:005711B3 loc_5711B3: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:005711B3 ; DATA XREF: PAGE:off_5714C6o PAGE:005711B3 call _KdClearSpecialCalls@0 ; case 0x3 PAGE:005711B8 jmp loc_57147A PAGE:005711BD ; --------------------------------------------------------------------------- PAGE:005711BD PAGE:005711BD loc_5711BD: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:005711BD ; DATA XREF: PAGE:off_5714C6o PAGE:005711BD lea eax, [ebp+var_20] ; case 0x4 PAGE:005711C0 push eax PAGE:005711C1 push [ebp+Length] PAGE:005711C4 push [ebp+Address] PAGE:005711C7 call _KdQuerySpecialCalls@12 ; KdQuerySpecialCalls(x,x,x) PAGE:005711CC jmp loc_57146E PAGE:005711D1 ; --------------------------------------------------------------------------- PAGE:005711D1 PAGE:005711D1 loc_5711D1: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:005711D1 ; DATA XREF: PAGE:off_5714C6o PAGE:005711D1 cmp _KdDebuggerEnabled, 0 ; case 0x5 PAGE:005711D8 jz short loc_5711E6 PAGE:005711DA push 6 ; Status PAGE:005711DC call _DbgBreakPointWithStatus@4 ; DbgBreakPointWithStatus(x) PAGE:005711E1 jmp loc_57147A PAGE:005711E6 ; --------------------------------------------------------------------------- PAGE:005711E6 PAGE:005711E6 loc_5711E6: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+11Fj PAGE:005711E6 mov [ebp+var_1C], 0C0000001h PAGE:005711ED jmp loc_57147A PAGE:005711F2 ; --------------------------------------------------------------------------- PAGE:005711F2 PAGE:005711F2 loc_5711F2: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:005711F2 ; DATA XREF: PAGE:off_5714C6o PAGE:005711F2 cmp [ebp+Length], 28h ; case 0x6 PAGE:005711F6 jnz loc_57143F PAGE:005711FC push [ebp+Address] PAGE:005711FF call _KdpSysGetVersion@4 ; KdpSysGetVersion(x) PAGE:00571204 and [ebp+var_1C], 0 PAGE:00571208 jmp loc_57147A PAGE:0057120D ; --------------------------------------------------------------------------- PAGE:0057120D PAGE:0057120D loc_57120D: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:0057120D ; DATA XREF: PAGE:off_5714C6o PAGE:0057120D cmp esi, 0Ch ; case 0x7 PAGE:00571210 jnz loc_57143F PAGE:00571216 mov [ebp+var_34], ebx PAGE:00571219 lea eax, [ebp+P] PAGE:0057121C push eax PAGE:0057121D lea eax, [ebp+var_24] PAGE:00571220 push eax PAGE:00571221 push edi PAGE:00571222 push dword ptr [ebx+8] PAGE:00571225 push dword ptr [ebx+4] PAGE:00571228 call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x) PAGE:0057122D mov [ebp+var_1C], eax PAGE:00571230 test eax, eax PAGE:00571232 jl loc_57147A PAGE:00571238 lea eax, [ebp+var_20] PAGE:0057123B push eax PAGE:0057123C xor eax, eax PAGE:0057123E push eax PAGE:0057123F push eax PAGE:00571240 push dword ptr [ebx+8] PAGE:00571243 push [ebp+var_24] PAGE:00571246 push eax PAGE:00571247 PAGE:00571247 loc_571247: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+1D5j PAGE:00571247 push dword ptr [ebx] PAGE:00571249 PAGE:00571249 loc_571249: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+248j PAGE:00571249 call _KdpCopyMemoryChunks@28 ; KdpCopyMemoryChunks(x,x,x,x,x,x,x) PAGE:0057124E jmp loc_57146E PAGE:00571253 ; --------------------------------------------------------------------------- PAGE:00571253 PAGE:00571253 loc_571253: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:00571253 ; DATA XREF: PAGE:off_5714C6o PAGE:00571253 cmp esi, 0Ch ; case 0x8 PAGE:00571256 jnz loc_57143F PAGE:0057125C mov [ebp+var_38], ebx PAGE:0057125F lea eax, [ebp+P] PAGE:00571262 push eax PAGE:00571263 lea eax, [ebp+var_24] PAGE:00571266 push eax PAGE:00571267 push edi PAGE:00571268 push dword ptr [ebx+8] PAGE:0057126B push dword ptr [ebx+4] PAGE:0057126E call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x) PAGE:00571273 mov [ebp+var_1C], eax PAGE:00571276 test eax, eax PAGE:00571278 jl loc_57147A PAGE:0057127E lea eax, [ebp+var_20] PAGE:00571281 push eax PAGE:00571282 push 1 PAGE:00571284 push 0 PAGE:00571286 push dword ptr [ebx+8] PAGE:00571289 push [ebp+var_24] PAGE:0057128C push 0 PAGE:0057128E jmp short loc_571247 PAGE:00571290 ; --------------------------------------------------------------------------- PAGE:00571290 PAGE:00571290 loc_571290: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:00571290 ; DATA XREF: PAGE:off_5714C6o PAGE:00571290 cmp esi, 10h ; case 0x9 PAGE:00571293 jnz loc_57143F PAGE:00571299 mov [ebp+var_3C], ebx PAGE:0057129C lea eax, [ebp+P] PAGE:0057129F push eax PAGE:005712A0 lea eax, [ebp+var_24] PAGE:005712A3 push eax PAGE:005712A4 push edi PAGE:005712A5 push dword ptr [ebx+0Ch] PAGE:005712A8 push dword ptr [ebx+8] PAGE:005712AB call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x) PAGE:005712B0 mov [ebp+var_1C], eax PAGE:005712B3 test eax, eax PAGE:005712B5 jl loc_57147A PAGE:005712BB lea eax, [ebp+var_20] PAGE:005712BE push eax PAGE:005712BF push 2 PAGE:005712C1 jmp short loc_5712F4 PAGE:005712C3 ; --------------------------------------------------------------------------- PAGE:005712C3 PAGE:005712C3 loc_5712C3: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:005712C3 ; DATA XREF: PAGE:off_5714C6o PAGE:005712C3 cmp esi, 10h ; case 0xA PAGE:005712C6 jnz loc_57143F PAGE:005712CC mov [ebp+var_40], ebx PAGE:005712CF lea eax, [ebp+P] PAGE:005712D2 push eax PAGE:005712D3 lea eax, [ebp+var_24] PAGE:005712D6 push eax PAGE:005712D7 push edi PAGE:005712D8 push dword ptr [ebx+0Ch] PAGE:005712DB push dword ptr [ebx+8] PAGE:005712DE call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x) PAGE:005712E3 mov [ebp+var_1C], eax PAGE:005712E6 test eax, eax PAGE:005712E8 jl loc_57147A PAGE:005712EE lea eax, [ebp+var_20] PAGE:005712F1 push eax PAGE:005712F2 push 3 PAGE:005712F4 PAGE:005712F4 loc_5712F4: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+208j PAGE:005712F4 push 0 PAGE:005712F6 push dword ptr [ebx+0Ch] PAGE:005712F9 push [ebp+var_24] PAGE:005712FC push dword ptr [ebx+4] PAGE:005712FF push dword ptr [ebx] PAGE:00571301 jmp loc_571249 PAGE:00571306 ; --------------------------------------------------------------------------- PAGE:00571306 PAGE:00571306 loc_571306: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:00571306 ; DATA XREF: PAGE:off_5714C6o PAGE:00571306 cmp esi, 18h ; case 0xB PAGE:00571309 jnz loc_57143F PAGE:0057130F mov [ebp+var_44], ebx PAGE:00571312 lea eax, [ebp+P] PAGE:00571315 push eax PAGE:00571316 lea eax, [ebp+var_24] PAGE:00571319 push eax PAGE:0057131A push edi PAGE:0057131B push dword ptr [ebx+0Ch] PAGE:0057131E push dword ptr [ebx+8] PAGE:00571321 call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x) PAGE:00571326 mov [ebp+var_1C], eax PAGE:00571329 test eax, eax PAGE:0057132B jl loc_57147A PAGE:00571331 lea eax, [ebp+var_20] PAGE:00571334 push eax PAGE:00571335 push dword ptr [ebx+0Ch] PAGE:00571338 push [ebp+var_24] PAGE:0057133B push dword ptr [ebx+4] PAGE:0057133E push dword ptr [ebx] PAGE:00571340 push dword ptr [ebx+10h] PAGE:00571343 call _KdpSysReadControlSpace@24 ; KdpSysReadControlSpace(x,x,x,x,x,x) PAGE:00571348 jmp loc_57146E PAGE:0057134D ; --------------------------------------------------------------------------- PAGE:0057134D PAGE:0057134D loc_57134D: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:0057134D ; DATA XREF: PAGE:off_5714C6o PAGE:0057134D cmp esi, 18h ; case 0xC PAGE:00571350 jnz loc_57143F PAGE:00571356 mov [ebp+var_48], ebx PAGE:00571359 lea eax, [ebp+P] PAGE:0057135C push eax PAGE:0057135D lea eax, [ebp+var_24] PAGE:00571360 push eax PAGE:00571361 push edi PAGE:00571362 push dword ptr [ebx+0Ch] PAGE:00571365 push dword ptr [ebx+8] PAGE:00571368 call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x) PAGE:0057136D mov [ebp+var_1C], eax PAGE:00571370 test eax, eax PAGE:00571372 jl loc_57147A PAGE:00571378 lea eax, [ebp+var_20] PAGE:0057137B push eax PAGE:0057137C push dword ptr [ebx+0Ch] PAGE:0057137F push [ebp+var_24] PAGE:00571382 push dword ptr [ebx+4] PAGE:00571385 push dword ptr [ebx] PAGE:00571387 push dword ptr [ebx+10h] PAGE:0057138A call _KdpSysWriteControlSpace@24 ; KdpSysWriteControlSpace(x,x,x,x,x,x) PAGE:0057138F jmp loc_57146E PAGE:00571394 ; --------------------------------------------------------------------------- PAGE:00571394 PAGE:00571394 loc_571394: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:00571394 ; DATA XREF: PAGE:off_5714C6o PAGE:00571394 cmp esi, 20h ; case 0xD PAGE:00571397 jnz loc_57143F PAGE:0057139D mov [ebp+var_4C], ebx PAGE:005713A0 lea eax, [ebp+var_20] PAGE:005713A3 push eax ; int PAGE:005713A4 push dword ptr [ebx+0Ch] ; int PAGE:005713A7 push dword ptr [ebx+8] ; int PAGE:005713AA push dword ptr [ebx+4] ; int PAGE:005713AD push dword ptr [ebx] ; Port PAGE:005713AF push dword ptr [ebx+18h] ; int PAGE:005713B2 push dword ptr [ebx+14h] ; int PAGE:005713B5 push dword ptr [ebx+10h] ; int PAGE:005713B8 call _KdpSysReadIoSpace@32 ; KdpSysReadIoSpace(x,x,x,x,x,x,x,x) PAGE:005713BD jmp loc_57146E PAGE:005713C2 ; --------------------------------------------------------------------------- PAGE:005713C2 PAGE:005713C2 loc_5713C2: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:005713C2 ; DATA XREF: PAGE:off_5714C6o PAGE:005713C2 cmp esi, 20h ; case 0xE PAGE:005713C5 jnz short loc_57143F PAGE:005713C7 mov [ebp+var_50], ebx PAGE:005713CA lea eax, [ebp+var_20] PAGE:005713CD push eax ; int PAGE:005713CE push dword ptr [ebx+0Ch] ; int PAGE:005713D1 push dword ptr [ebx+8] ; int PAGE:005713D4 push dword ptr [ebx+4] ; int PAGE:005713D7 push dword ptr [ebx] ; Port PAGE:005713D9 push dword ptr [ebx+18h] ; int PAGE:005713DC push dword ptr [ebx+14h] ; int PAGE:005713DF push dword ptr [ebx+10h] ; int PAGE:005713E2 call _KdpSysWriteIoSpace@32 ; KdpSysWriteIoSpace(x,x,x,x,x,x,x,x) PAGE:005713E7 jmp loc_57146E PAGE:005713EC ; --------------------------------------------------------------------------- PAGE:005713EC PAGE:005713EC loc_5713EC: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:005713EC ; DATA XREF: PAGE:off_5714C6o PAGE:005713EC cmp esi, 10h ; case 0xF PAGE:005713EF jnz short loc_57143F PAGE:005713F1 mov [ebp+var_54], ebx PAGE:005713F4 lea eax, [ebx+8] PAGE:005713F7 push eax PAGE:005713F8 push dword ptr [ebx] PAGE:005713FA call _KdpSysReadMsr@8 ; KdpSysReadMsr(x,x) PAGE:005713FF jmp short loc_57146E PAGE:00571401 ; --------------------------------------------------------------------------- PAGE:00571401 PAGE:00571401 loc_571401: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:00571401 ; DATA XREF: PAGE:off_5714C6o PAGE:00571401 cmp esi, 10h ; case 0x10 PAGE:00571404 jnz short loc_57143F PAGE:00571406 mov [ebp+var_58], ebx PAGE:00571409 lea eax, [ebx+8] PAGE:0057140C push eax PAGE:0057140D push dword ptr [ebx] PAGE:0057140F call _KdpSysWriteMsr@8 ; KdpSysWriteMsr(x,x) PAGE:00571414 jmp short loc_57146E PAGE:00571416 ; --------------------------------------------------------------------------- PAGE:00571416 PAGE:00571416 loc_571416: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:00571416 ; DATA XREF: PAGE:off_5714C6o PAGE:00571416 cmp esi, 18h ; case 0x11 PAGE:00571419 jnz short loc_57143F PAGE:0057141B mov [ebp+var_5C], ebx PAGE:0057141E lea eax, [ebp+var_20] PAGE:00571421 push eax ; int PAGE:00571422 push dword ptr [ebx+8] ; Length PAGE:00571425 push dword ptr [ebx+4] ; Buffer PAGE:00571428 push dword ptr [ebx] ; Offset PAGE:0057142A push dword ptr [ebx+14h] ; SlotNumber PAGE:0057142D push dword ptr [ebx+10h] ; BusNumber PAGE:00571430 push dword ptr [ebx+0Ch] ; BusDataType PAGE:00571433 call _KdpSysReadBusData@28 ; KdpSysReadBusData(x,x,x,x,x,x,x) PAGE:00571438 jmp short loc_57146E PAGE:0057143A ; --------------------------------------------------------------------------- PAGE:0057143A PAGE:0057143A loc_57143A: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:0057143A ; DATA XREF: PAGE:off_5714C6o PAGE:0057143A cmp esi, 18h ; case 0x12 PAGE:0057143D jz short loc_57144A PAGE:0057143F PAGE:0057143F loc_57143F: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+D3j PAGE:0057143F ; NtSystemDebugControl(x,x,x,x,x,x)+E7j ... PAGE:0057143F or [ebp+ms_exc.disabled], 0FFFFFFFFh PAGE:00571443 mov eax, 0C0000004h PAGE:00571448 jmp short loc_5714BE PAGE:0057144A ; --------------------------------------------------------------------------- PAGE:0057144A PAGE:0057144A loc_57144A: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+384j PAGE:0057144A mov [ebp+var_60], ebx PAGE:0057144D lea eax, [ebp+var_20] PAGE:00571450 push eax ; int PAGE:00571451 push dword ptr [ebx+8] ; Length PAGE:00571454 push dword ptr [ebx+4] ; Buffer PAGE:00571457 push dword ptr [ebx] ; Offset PAGE:00571459 push dword ptr [ebx+14h] ; SlotNumber PAGE:0057145C push dword ptr [ebx+10h] ; BusNumber PAGE:0057145F push dword ptr [ebx+0Ch] ; BusDataType PAGE:00571462 call _KdpSysWriteBusData@28 ; KdpSysWriteBusData(x,x,x,x,x,x,x) PAGE:00571467 jmp short loc_57146E PAGE:00571469 ; --------------------------------------------------------------------------- PAGE:00571469 PAGE:00571469 loc_571469: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j PAGE:00571469 ; DATA XREF: PAGE:off_5714C6o PAGE:00571469 call _KdpSysCheckLowMemory@0 ; case 0x13 PAGE:0057146E PAGE:0057146E loc_57146E: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+CBj PAGE:0057146E ; NtSystemDebugControl(x,x,x,x,x,x)+113j ... PAGE:0057146E mov [ebp+var_1C], eax PAGE:00571471 jmp short loc_57147A PAGE:00571473 ; --------------------------------------------------------------------------- PAGE:00571473 PAGE:00571473 loc_571473: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+AFj PAGE:00571473 mov [ebp+var_1C], 0C0000003h ; default PAGE:0057147A PAGE:0057147A loc_57147A: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+DFj PAGE:0057147A ; NtSystemDebugControl(x,x,x,x,x,x)+F5j ... PAGE:0057147A mov eax, [ebp+arg_14] PAGE:0057147D test eax, eax PAGE:0057147F jz short loc_5714A9 PAGE:00571481 mov ecx, [ebp+var_20] PAGE:00571484 mov [eax], ecx PAGE:00571486 jmp short loc_5714A9 PAGE:00571486 ; --------------------------------------------------------------------------- PAGE:00571488 dd 90909090h PAGE:0057148C db 90h PAGE:0057148D ; --------------------------------------------------------------------------- PAGE:0057148D PAGE:0057148D loc_57148D: ; DATA XREF: .text:00452E2Co PAGE:0057148D mov eax, [ebp+ms_exc.exc_ptr] PAGE:00571490 mov eax, [eax] PAGE:00571492 mov eax, [eax] PAGE:00571494 mov [ebp+var_30], eax PAGE:00571497 xor eax, eax PAGE:00571499 inc eax PAGE:0057149A retn PAGE:0057149A ; --------------------------------------------------------------------------- PAGE:0057149B align 10h PAGE:005714A0 PAGE:005714A0 loc_5714A0: ; DATA XREF: .text:00452E30o PAGE:005714A0 mov esp, [ebp+ms_exc.old_esp] PAGE:005714A3 mov eax, [ebp+var_30] PAGE:005714A6 mov [ebp+var_1C], eax PAGE:005714A9 PAGE:005714A9 loc_5714A9: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+3C6j PAGE:005714A9 ; NtSystemDebugControl(x,x,x,x,x,x)+3CDj PAGE:005714A9 or [ebp+ms_exc.disabled], 0FFFFFFFFh PAGE:005714AD cmp [ebp+var_24], 0 PAGE:005714B1 jz short loc_5714BB PAGE:005714B3 push [ebp+P] ; P PAGE:005714B6 call _ExUnlockUserBuffer@4 ; ExUnlockUserBuffer(x) PAGE:005714BB PAGE:005714BB loc_5714BB: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+3F8j PAGE:005714BB mov eax, [ebp+var_1C] PAGE:005714BE PAGE:005714BE loc_5714BE: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+47j PAGE:005714BE ; NtSystemDebugControl(x,x,x,x,x,x)+38Fj PAGE:005714BE call __SEH_epilog PAGE:005714C3 retn 18h PAGE:005714C3 _NtSystemDebugControl@24 endp PAGE:005714C3 PAGE:005714C3 ; ---------------------------------------------------------------------------