windebug查看KeServiceDescriptorTable

  kd> dd KeServiceDescriptorTable
8089f7e0  80831b20 00000000 00000128 80831fc4
8089f7f0  00000000 00000000 00000000 00000000
8089f800  8089f800 8089f800 7c9524b4 00000000
8089f810  00000000 00000000 00000000 00000000
8089f820  00000000 00000000 00000000 00000000
8089f830  00000000 00000000 00000000 00000000
8089f840  00000000 00000000 00000000 7c9524a5
8089f850  00000000 00000000 00000000 00000000
kd> dd 80831b20 + 0x27 * 4
80831bbc  808e50be 808e47d0 8093546e 809369dc
80831bcc  808acbc2 808e51c6 808d91f8 808e50f6
80831bdc  808f9d06 808f3d80 80931954 80931760
80831bec  808d88da 808f966e 808d708c 80929b1e
80831bfc  80931814 808d8ede 8091de7a 808f3da2
80831c0c  80990e98 8099101a 809919da 808d7f5c
80831c1c  8096968e 8096968e 808e4194 808acf1a
80831c2c  80919bbc 808ad090 808e527c 80949e0a
kd> u 808e50be
nt!NtCreateFile [d:\wrk\wrk\wrk\wrk\base\ntos\io\iomgr\create.c @ 92]:
808e50be 55              push    ebp
808e50bf 8bec            mov     ebp,esp
808e50c1 33c0            xor     eax,eax
808e50c3 50              push    eax
808e50c4 50              push    eax
808e50c5 50              push    eax
808e50c6 ff7530          push    dword ptr [ebp+30h]
808e50c9 ff752c          push    dword ptr [ebp+2Ch]

你可能感兴趣的:(windebug查看KeServiceDescriptorTable)