Udostępnij za pośrednictwem

Можно ли использовать функцию RtlCaptureContext() из x86 кода?

  • Artykuł

?????? ?? ?????:

The question is really simple: could we use RtlCaptureContext on X86? The MSDN (https://msdn.microsoft.com/en-us/library/ms680659(v=VS.85).aspx) says it’s only for 64 but the bug is for X86 and I see some kernel code are using it on x86.

?????? ?? ????? ???? ????? ?????: ????? ?? ?? ???????????? ??????? RtlCaptureContext ?? x86? MSDN ???????, ??? ??? ??????? ?????? ??? 64-? ??? ?? ???-?????? (??????? ????? ???-??????, ????? ?????????? ? ??????) ??????????????? ??? x86 ? ? ????, ??? ??? ? ???? ?????????? ??? ??????? ?? x86.

?????: ?????. ?????????????, ?????????? ???????? MSDN ??????????, ???:

The following functions are used only on 64-bit Windows.

????????? ??????? ???????????? ?????? ? 64-? ????????? ??????? Windows.

??????, ????????, ??????????? ???? ??????? RtlCaptureContext() ????????? Windows XP ? Windows Server 2003 ? ???????? ??????????? ?????? ??????? ? ???????. ???????? ? ???????? RtlAddFunctionTable(), ????????????? ?? ????????????? ?? x86. ??????????? ?????? ??????? ? ??????? ??? ??? - Windows XP Professional x64 Edition ? 64-bit editions of Windows Server 2003 ??????????????.

?????? ?????? ?????????????? ? ???? – ????????? ??????? ???????? NTDLL. ???? ????? ??????, ???????, ?? ???? ??????? ?????????? ? ???, ??????????????? ??????? (????? ??????? – ?????????????? ?? ???????? ????????????? ??? ???) ??? ???.

 C:\>link /dump /exports c:\Windows\SysWOW64\ntdll.dll | findstr RtlCaptureContext
 667 28D 00046B2B RtlCaptureContext
 
C:\>link /dump /exports c:\Windows\SysWOW64\ntdll.dll | findstr RtlAddFunctionTable
 
C:\>

Cross-posted from blog.not-a-kernel-guy.com.