|
阅读:2722回复:1
为什么相同的标识符两次取地址 结果不同呢?
有如下声明:
#include "ntddk.h" #pragma pack(1) typedef struct ServiceDescriptorEntry { unsigned int *ServiceTableBase; unsigned int *ServiceCounterTableBase; //Used only in checked build unsigned int NumberOfServices; unsigned char *ParamTableBase; } SSDTEntry; __declspec(dllimport) SSDTEntry KeServiceDescriptorTable; #pragma pack() 然后在入口函数里两次取他的值 ULONG pointer = 0 ; __asm int 3 DbgPrint("KeServiceDescriptorTable:%x\r\n",KeServiceDescriptorTable); __asm { pushad mov eax , KeServiceDescriptorTable mov pointer,eax popad } DbgPrint("second:%x\r\n",pointer); ---------------------------------------------------------------- output: KeServiceDescriptorTable:80505450 second:8055d700 补充一下: 8055d700这个地址里面保存的是80505450这个数字 为什么? |
|
|
