Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $$ Author: Matthieu Suiche (msuiche / MoonSols)
- $$ October 2011
- $$ v 1.1
- .printf "Offset DueTime Period(ms) Routine Signaled Module\n"
- r? $t2 = 256
- .for (r $t1 = 0; @$t1 < @$t2; r $t1 = @$t1 + 1)
- {
- .block
- {
- .if (low(dwo(nt!NtBuildNumber)) >= 0n7600)
- {
- $$ Windows 7
- r? $t3 = @$pcr->PrcbData.TimerTable.TimerEntries[@$t1].Entry.Flink
- }
- .else
- {
- $$ Windows XP
- r $t3 = nt!KiTimerTableListHead + (@@c++(sizeof(nt!_LIST_ENTRY)) * @$t1)
- r? $t3 = ((nt!_LIST_ENTRY *)@$t3)->Flink
- }
- }
- r? $t4 = @$t3
- r? $t5 = 0
- r $t8 = 0
- .while (@$t5 != @$t3)
- {
- r $t5 = (@$t4 - @@c++(#FIELD_OFFSET(nt!_KTIMER, TimerListEntry)));
- r? $t5 = (nt!_KTIMER *)@$t5;
- $$ ? @$t5
- r? $t6 = @$t5->Dpc
- .if ($vvalid(@$t5, 1))
- {
- r $t7 = 0
- $$ TimerNotificationObject
- .if (@@c++(@$t5->Header.Type) == 8) { r $t7 = 1 }
- $$ TimerSynchronizationObject
- .if (@@c++(@$t5->Header.Type) == 8-9) { r $t7 = 1 }
- $$ Is type valid
- .if (@$t7)
- {
- .if ($vvalid(@$t6, 1))
- {
- r $t8 = 0
- .if (@@c++(@$t6->DeferredRoutine))
- {
- $$ http://msdn.moonsols.com/win7rtm_x86/KOBJECTS.html
- $$ DpcObject = 19 /*0x13*/,
- .if (@@c++(@$t6->Type) == 0n19) { r $t8 = 1 }
- $$ ThreadedDpcObject = 24 /*0x18*/
- .if (@@c++(@$t6->Type) == 0n24) { r $t8 = 1 }
- }
- .if (@$t8)
- {
- .printf "%p %08X:%08X ", @$t5, @@c++(@$t5->DueTime.HighPart), @@c++(@$t5->DueTime.LowPart)
- .if (@@c++(@$t5->Period) > 0)
- {
- .printf "%8d ", @@c++(@$t5->Period) }
- .else
- {
- .printf "-------- "
- }
- .printf " %p ", @$t6
- .if (@@c++(@$t5->Header.SignalState)) { .printf "Yes" } .else { .printf "---" }
- .printf " %ly ", @@c++(@$t6->DeferredRoutine)
- .printf "\n"
- }
- }
- r $t8 = @$t8 + 1
- }
- $$ .else
- $$ {
- $$ .printf "(%3d) %p %08X:%08X ", @$t1, @$t5, @@c++(@$t5->DueTime.HighPart), @@c++(@$t5->DueTime.LowPart)
- $$ .if (@@c++(@$t5->Header.SignalState)) { .printf "Yes" } .else { .printf "---" }
- $$ }
- }
- r? $t4 = @$t5->TimerListEntry.Flink
- r? $t5 = @$t4
- .if (@$t5 == poi(@$t5)) { .break }
- $$ Ugly hack to avoid infinite loop, in case a linked list is broken.
- .if (@$t8 > 10) { .break }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement