Nt_Atoms_* - Routine

666 · 发表于 2021-4-19 21:45:43

本帖最后由 666 于 2021-5-10 13:25 编辑

.版本 2
.支持库 spec
.局部变量 Unicode
.局部变量 Unicodelen
.局部变量 pUnicodelen
.局部变量 atom
.局部变量 AtomTableInformation
.局部变量 i
Unicode ＝ Nt_Heap_RtlAllocateHeap (g_heap, 位或 (#HEAP_ZERO_MEMORY, #HEAP_GENERATE_EXCEPTIONS), 6)
Unicodelen ＝ 6
Nt_RtlMoveMemory (Unicode, Asm_GetBinH ({ 6, 6, 6, 6, 6, 6 }), 6)
Nt_Atoms_ZwAddAtom (Unicode, Unicodelen, Asm_GetH (atom)) ' 传入Unicode地址加入系统原子中
Nt_Heap_RtlFreeHeap (g_heap, 0, Unicode) ' 释放掉内存
' -----------------------------------------------------------------------------------
Unicode ＝ Nt_Heap_RtlAllocateHeap (g_heap, 位或 (#HEAP_ZERO_MEMORY, #HEAP_GENERATE_EXCEPTIONS), 4) ' 申请4字节查询全局原子数量
Nt_Atoms_ZwQueryInformationAtom (0, 1, Unicode, 4, Asm_GetH (4)) ' 传入相应的值进行查询
AtomTableInformation ＝ Asm_readDword (Unicode) ' 读取数量
.如果真 (AtomTableInformation ＝ 0) ' 可能没权限
Nt_Atoms_ZwDeleteAtom (atom)
返回 ()
.如果真结束
Unicodelen ＝ AtomTableInformation × 2 ＋ 4
Unicode ＝ Nt_Heap_RtlReAllocateHeap (g_heap, 位或 (#HEAP_ZERO_MEMORY, #HEAP_GENERATE_EXCEPTIONS), Unicode, Unicodelen) ' 申请相应长度内存
Nt_Atoms_ZwQueryInformationAtom (0, 1, Unicode, Unicodelen, Asm_GetH (pUnicodelen)) ' 查询全局原子对象
i ＝ 0
.计次循环首 (AtomTableInformation, ) ' 循环读取全局对象句柄
Asm_readWord_Dword (Unicode, Asm_add (4, i)) ' 对象句柄
i ＝ i ＋ 2
.计次循环尾 ()
Nt_Heap_RtlFreeHeap (g_heap, 0, Unicode) ' 释放掉内存
Unicode ＝ Nt_Heap_RtlAllocateHeap (g_heap, 位或 (#HEAP_ZERO_MEMORY, #HEAP_GENERATE_EXCEPTIONS), 510) ' 申请相应长度内存
Nt_Atoms_ZwQueryInformationAtom (atom, 0, Unicode, Unicodelen, Asm_GetH (pUnicodelen)) ' 查询当前申请原子内容
调试输出 (指针到字节集 (Unicode, pUnicodelen)) ' 指针到字节集只是为了能够调试输出没任何用处
Nt_Atoms_ZwFindAtom (Unicode, pUnicodelen, atom) ' 通过内容查找对象句柄
输出调试文本 (atom)
Nt_Heap_RtlFreeHeap (g_heap, 0, Unicode) ' 释放掉内存
Nt_Atoms_ZwDeleteAtom (atom) ' 删除申请的原子

复制代码