PEEKs and POKEs in Windows x64?

dennis - Mon, 05/24/2010 - 18:46

This kernel/driver-level Windows NT code:

void huh()
{
	LARGE_INTEGER a;
	KeQueryTickCount(&a);
	DbgPrint ("%d", a.QuadPart);
};

... is now translated in Windows 2003 DDK x64 environment into:

                 mov     rdx, 0FFFFF78000000320h
                 lea     rcx, Format     ; "%d"
                 mov     rdx, [rdx]
                 call    DbgPrint_0

Wow, some variable's address (KeTickCount) is now hardcoded just into driver's code during compilation.

Is not it just return to the PEEKs and POKEs?

http://en.wikipedia.org/wiki/PEEK_and_POKE

Is Microsoft promise to fix this variable to this address forever?

dennis's blog
Add new comment

PEEKs and POKEs in Windows x64?

Syndicate

Recent comments

User login