1 aS ufLinkS "<u><col fg=\"emphfg\"><link name=\"%p\" cmd=\"uf 0x%p\">"; 2 aS ufLinkE "</link></col></u>"; 3 4 r $t1 = nt!KeServiceDescriptorTable; 5 r $t2 = poi(@$t1 + 0x10); 6 r $t1 = poi(@$t1); 7 8 .printf " KeServiceDescriptorTable->KiServiceTable: %p KeServiceDescriptorTable->Count: %d ", @$t1, @$t2; 9 .printf " Ord Address fnAddr Symbols "; 10 .printf "-------------------------------- "; 11 12 .for (r $t0 = 0; @$t0 != @$t2; r $t0 = @$t0 + 1) 13 { 14 r @$t3 = (poi(@$t1 + @$t0 * 4)) & 0x00000000`FFFFFFFF; 15 $$.printf "2. %p ", @$t3; 16 17 .if ( @$t3 & 0x80000000 ) 18 { 19 r @$t3 = (@$t3 >> 4) | 0xFFFFFFFF`F0000000; 20 r @$t3 = 0 - @$t3; 21 r @$t3 = @$t1 - @$t3; 22 } 23 .else 24 { 25 r @$t3 = (@$t3 >> 4); 26 r @$t3 = (@$t1 + @$t3); 27 } 28 29 .printf /D "[%3d] ${ufLinkS}%p${ufLinkE} (%y) ", @$t0, @$t3, @$t3, @$t3, @$t3; 30 } 31 32 .printf " - end - ";
执行这个脚本之后,效果
不知道谁写的,但是效果可以