Update README.md

master
_xeroxz 4 years ago
parent 764006818b
commit 28ac5b3ef0

@ -11,48 +11,7 @@ only takes four parameters, some of the required functions cannot be called sinc
```cpp
VOID KiSystemService(IN PKTHREAD Thread, IN PKTRAP_FRAME TrapFrame, IN ULONG Instruction)
{
ULONG Id, Number, ArgumentCount, i;
PKPCR Pcr;
ULONG_PTR ServiceTable, Offset;
PKSERVICE_TABLE_DESCRIPTOR DescriptorTable;
PVOID SystemCall;
PVOID* Argument;
PVOID Arguments[0x11]; // Maximum 17 arguments
KIRQL OldIrql;
ASSERT(TrapFrame->Reserved == 0xBADB0D00);
//
// Increase count of system calls
//
Pcr = KeGetPcr();
Pcr->CurrentPrcb->KeSystemCalls++;
//
// Get the system call ID
//
Id = Instruction & 0xFFFFF;
//DPRINT1("[SWI] (%x) %p (%d) \n", Id, Thread, Thread->PreviousMode);
//
// Get the descriptor table
//
ServiceTable = (ULONG_PTR)Thread->ServiceTable;
Offset = ((Id >> SERVICE_TABLE_SHIFT) & SERVICE_TABLE_MASK);
ServiceTable += Offset;
DescriptorTable = (PVOID)ServiceTable;
//
// Get the service call number and validate it
//
Number = Id & SERVICE_NUMBER_MASK;
if (Number > DescriptorTable->Limit)
{
//
// Check if this is a GUI call
//
UNIMPLEMENTED;
ASSERT(FALSE);
}
// ... etc ....
//
// Save the function responsible for handling this system call
@ -74,7 +33,7 @@ VOID KiSystemService(IN PKTHREAD Thread, IN PKTRAP_FRAME TrapFrame, IN ULONG Ins
//
// Check how many arguments this system call takes
//
ArgumentCount = DescriptorTable->Number[Number] / 4;
ArgumentCount = DescriptorTable->Number[Number] / 4; // <====== note that each syscall has its own amount of params.. NtShutdownSystem only has 4!
ASSERT(ArgumentCount <= 17);
// ... etc ...

Loading…
Cancel
Save