What I got from ntkrnlmp.exe:
Exported fn(): ExfInterlockedInsertHeadList - Ord:000Ah
:004612A8 56 push esi
:004612A9 8B742408 mov esi, dword ptr [esp+08]
:004612AD 9C pushfd
:004612AE FA cli
:004612AF F0 lock
:004612B0 0FBA2E00 bts dword ptr [esi], 00
:004612B4 721A jb 004612D0
:004612B6 8B01 mov eax, dword ptr [ecx]
:004612B8 8902 mov dword ptr [edx], eax
:004612BA 894A04 mov dword ptr [edx+04], ecx
:004612BD 8911 mov dword ptr [ecx], edx
:004612BF 895004 mov dword ptr [eax+04], edx
:004612C2 C60600 mov byte ptr [esi], 00
:004612C5 9D popfd
:004612C6 5E pop esi
:004612C7 33C1 xor eax, ecx
:004612C9 7402 je 004612CD
:004612CB 33C1 xor eax, ecx
:004612CD C20400 ret 0004
:004612D0 9D popfd
:004612D1 9C pushfd
:004612D2 F70601000000 test dword ptr [esi], 00000001
:004612D8 74D4 je 004612AE
:004612DA F3 repz
:004612DB 90 nop
:004612DC EBF4 jmp 004612D2
Any idea about repz nop?
Andrew
----- Original Message -----
From: Andrew Shafranov
To: NT Developers Interest List
Sent: Tuesday, February 27, 2001 3:50
Subject: [ntdev] RE: ExfInterlockedInsertHeadList
> Thank you, Michal
> Andrew
>
> ----- Original Message -----
> From: Vodicka, Michal
> To: NT Developers Interest List
> Sent: Tuesday, February 27, 2001 1:56
> Subject: [ntdev] RE: ExfInterlockedInsertHeadList
>
>
> > This code seems a bit different on SMP machine:
> >
> > @ExfInterlockedInsertHeadList
> > 0008:8013FBD4 PUSH ESI
> > 0008:8013FBD5 MOV ESI,[ESP+08]
> > 0008:8013FBD9 PUSHFD
> > 0008:8013FBDA CLI
> > 0008:8013FBDB LOCK BTS DWORD PTR [ESI],00
> > 0008:8013FBE0 JB 8013FBFC
> > 0008:8013FBE2 MOV EAX,[ECX]
> > 0008:8013FBE4 MOV [EDX],EAX
> > 0008:8013FBE6 MOV [EDX+04],ECX
> > 0008:8013FBE9 MOV [ECX],EDX
> > 0008:8013FBEB MOV [EAX+04],EDX
> > 0008:8013FBEE MOV BYTE PTR [ESI],00
> > 0008:8013FBF1 POPFD
> > 0008:8013FBF2 POP ESI
> > 0008:8013FBF3 XOR EAX,ECX
> > 0008:8013FBF5 JZ 8013FBF9
> > 0008:8013FBF7 XOR EAX,ECX
> > 0008:8013FBF9 RET 0004
> > 0008:8013FBFC POPFD
> > 0008:8013FBFD PUSHFD
> > 0008:8013FBFE TEST DWORD PTR [ESI],00000001
> > 0008:8013FC04 JZ 8013FBDA
> > 0008:8013FC06 JMP 8013FBFE
> >
> > No patching, different kernel is used (ntkrnlmp.exe).
> >
> >
> >
> > Best regards,
> >
> > Michal Vodicka
> > Veridicom
> > (RKK - Skytale)
> > [WWW: http://www.veridicom.com , http://www.skytale.com]
> >
> >
> >
> > > ----------
> > > From: Andrew Shafranov[SMTP:xxxxx@hotmail.com]
> > > Reply To: NT Developers Interest List
> > > Sent: Tuesday, February 27, 2001 7:37 PM
> > > To: NT Developers Interest List
> > > Subject: [ntdev] ExfInterlockedInsertHeadList
> > >
> > > Hi
> > >
> > > That’s an exerpt from ntoskrnl.exe:
> > >
> > > Exported fn(): ExfInterlockedInsertHeadList - Ord:000Ah
> > > :00400618 9C pushfd
> > > :00400619 FA cli
> > > :0040061A 8B01 mov eax, dword ptr [ecx]
> > > :0040061C 8902 mov dword ptr [edx], eax
> > > :0040061E 894A04 mov dword ptr [edx+04], ecx
> > > :00400621 8911 mov dword ptr [ecx], edx
> > > :00400623 895004 mov dword ptr [eax+04], edx
> > > :00400626 9D popfd
> > > :00400627 33C1 xor eax, ecx
> > > :00400629 7402 je 0040062D
> > > :0040062B 33C1 xor eax, ecx
> > > :0040062D C20400 ret 0004
> > >
> > > They don’t care about a spin lock (3. parameter in
> > > ExInterlockedInsertHeadList), just disable interrupts for a while.
> > > It seems OK for UP, but how do they fix situation(patch code?) in case
> of
> > > MP when the spin lock should be acquired?
> > >
> > > Andrew
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@rkk.cz
> > > To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> > >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@hotmail.com
> > To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
>
> —
> You are currently subscribed to ntdev as: xxxxx@hotmail.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com