; +-------------------------------------------------------------------------+
;      This file is generated by The Interactive Disassembler (IDA)        
;      Copyright (c) 2006 by DataRescue sa/nv, <ida@datarescue.com>   
;  Licensed to: Ivanlef0u - (1-user Advanced 03/2006)                      
; +-------------------------------------------------------------------------+
PAGE:005710B9 ;  S U B R O U T I N E 
PAGE:005710B9 ; Attributes: bp-based frame
PAGE:005710B9 ; NTSTATUS __stdcall NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode,PVOID InputBuffer,ULONG InputBufferLength,PVOID OutputBuffer,ULONG OutputBufferLength,PULONG ReturnLength)
PAGE:005710B9 _NtSystemDebugControl@24 proc near      ; DATA XREF: .text:0040BAA4o
PAGE:005710B9 var_60          = dword ptr -60h
PAGE:005710B9 var_5C          = dword ptr -5Ch
PAGE:005710B9 var_58          = dword ptr -58h
PAGE:005710B9 var_54          = dword ptr -54h
PAGE:005710B9 var_50          = dword ptr -50h
PAGE:005710B9 var_4C          = dword ptr -4Ch
PAGE:005710B9 var_48          = dword ptr -48h
PAGE:005710B9 var_44          = dword ptr -44h
PAGE:005710B9 var_40          = dword ptr -40h
PAGE:005710B9 var_3C          = dword ptr -3Ch
PAGE:005710B9 var_38          = dword ptr -38h
PAGE:005710B9 var_34          = dword ptr -34h
PAGE:005710B9 var_30          = dword ptr -30h
PAGE:005710B9 PreviousMode    = byte ptr -2Ch
PAGE:005710B9 P               = dword ptr -28h
PAGE:005710B9 var_24          = dword ptr -24h
PAGE:005710B9 var_20          = dword ptr -20h
PAGE:005710B9 var_1C          = dword ptr -1Ch
PAGE:005710B9 ms_exc          = CPPEH_RECORD ptr -18h
PAGE:005710B9 arg_0           = dword ptr  8
PAGE:005710B9 arg_4           = dword ptr  0Ch
PAGE:005710B9 arg_8           = dword ptr  10h
PAGE:005710B9 Address         = dword ptr  14h
PAGE:005710B9 Length          = dword ptr  18h
PAGE:005710B9 arg_14          = dword ptr  1Ch
PAGE:005710B9                 push    50h
PAGE:005710BB                 push    offset dword_452E28
PAGE:005710C0                 call    __SEH_prolog
PAGE:005710C5                 xor     esi, esi
PAGE:005710C7                 mov     [ebp+var_1C], esi
PAGE:005710CA                 mov     [ebp+var_20], esi
PAGE:005710CD                 mov     [ebp+var_24], esi
PAGE:005710D0                 mov     [ebp+P], esi
PAGE:005710D3                 mov     eax, large fs:124h
PAGE:005710D9                 mov     bl, [eax+140h]
PAGE:005710DF                 mov     [ebp+PreviousMode], bl
PAGE:005710E2                 mov     edi, dword ptr [ebp+PreviousMode]
PAGE:005710E5                 push    edi             ; PreviousMode
PAGE:005710E6                 push    ds:_SeDebugPrivilege.HighPart
PAGE:005710EC                 push    ds:_SeDebugPrivilege.LowPart ; PrivilegeValue
PAGE:005710F2                 call    _SeSinglePrivilegeCheck@12 ; SeSinglePrivilegeCheck(x,x,x)
PAGE:005710F7                 test    al, al
PAGE:005710F9                 jnz     short loc_571105
PAGE:005710FB                 mov     eax, 0C0000022h
PAGE:00571100                 jmp     loc_5714BE
PAGE:00571105 ; ---------------------------------------------------------------------------
PAGE:00571105 loc_571105:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+40j
PAGE:00571105                 mov     [ebp+ms_exc.disabled], esi
PAGE:00571108                 mov     esi, [ebp+arg_8]
PAGE:0057110B                 test    bl, bl
PAGE:0057110D                 mov     ebx, [ebp+arg_4]
PAGE:00571110                 jz      short loc_571161
PAGE:00571112                 test    esi, esi
PAGE:00571114                 jz      short loc_571134
PAGE:00571116                 test    bl, 3
PAGE:00571119                 jz      short loc_571120
PAGE:0057111B                 call    _ExRaiseDatatypeMisalignment@0 ; ExRaiseDatatypeMisalignment()
PAGE:00571120 loc_571120:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+60j
PAGE:00571120                 lea     eax, [esi+ebx]
PAGE:00571123                 cmp     eax, ebx
PAGE:00571125                 jb      short loc_57112F
PAGE:00571127                 cmp     eax, _MmUserProbeAddress
PAGE:0057112D                 jbe     short loc_571134
PAGE:0057112F loc_57112F:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+6Cj
PAGE:0057112F                 call    _ExRaiseAccessViolation@0 ; ExRaiseAccessViolation()
PAGE:00571134 loc_571134:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+5Bj
PAGE:00571134                                         ; NtSystemDebugControl(x,x,x,x,x,x)+74j
PAGE:00571134                 cmp     [ebp+Length], 0
PAGE:00571138                 jz      short loc_571147
PAGE:0057113A                 push    4               ; Alignment
PAGE:0057113C                 push    [ebp+Length]    ; Length
PAGE:0057113F                 push    [ebp+Address]   ; Address
PAGE:00571142                 call    _ProbeForWrite@12 ; ProbeForWrite(x,x,x)
PAGE:00571147 loc_571147:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+7Fj
PAGE:00571147                 mov     ecx, [ebp+arg_14]
PAGE:0057114A                 test    ecx, ecx
PAGE:0057114C                 jz      short loc_571161
PAGE:0057114E                 mov     eax, _MmUserProbeAddress
PAGE:00571153                 cmp     ecx, eax
PAGE:00571155                 jb      short loc_57115D
PAGE:00571157                 mov     dword ptr [eax], 0
PAGE:0057115D loc_57115D:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+9Cj
PAGE:0057115D                 mov     eax, [ecx]
PAGE:0057115F                 mov     [ecx], eax
PAGE:00571161 loc_571161:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+57j
PAGE:00571161                                         ; NtSystemDebugControl(x,x,x,x,x,x)+93j
PAGE:00571161                 mov     eax, [ebp+arg_0]
PAGE:00571164                 dec     eax
PAGE:00571165                 cmp     eax, 13h        ; switch 20 cases
PAGE:00571168                 ja      loc_571473      ; default
PAGE:0057116E                 jmp     ds:off_5714C6[eax*4] ; switch jump
PAGE:00571175 loc_571175:                             ; DATA XREF: PAGE:off_5714C6o
PAGE:00571175                 lea     eax, [ebp+var_20] ; case 0x0
PAGE:00571178                 push    eax
PAGE:00571179                 push    [ebp+Length]
PAGE:0057117C                 push    [ebp+Address]
PAGE:0057117F                 call    _KdGetTraceInformation@12 ; KdGetTraceInformation(x,x,x)
PAGE:00571184                 jmp     loc_57146E
PAGE:00571189 ; ---------------------------------------------------------------------------
PAGE:00571189 loc_571189:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571189                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:00571189                 cmp     esi, 38h        ; case 0x1
PAGE:0057118C                 jnz     loc_57143F
PAGE:00571192                 push    ebx
PAGE:00571193                 call    _KdSetInternalBreakpoint@4 ; KdSetInternalBreakpoint(x)
PAGE:00571198                 jmp     loc_57147A
PAGE:0057119D ; ---------------------------------------------------------------------------
PAGE:0057119D loc_57119D:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:0057119D                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:0057119D                 cmp     esi, 4          ; case 0x2
PAGE:005711A0                 jnz     loc_57143F
PAGE:005711A6                 push    0
PAGE:005711A8                 push    ebx
PAGE:005711A9                 call    _KdSetSpecialCall@8 ; KdSetSpecialCall(x,x)
PAGE:005711AE                 jmp     loc_57147A
PAGE:005711B3 ; ---------------------------------------------------------------------------
PAGE:005711B3 loc_5711B3:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005711B3                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:005711B3                 call    _KdClearSpecialCalls@0 ; case 0x3
PAGE:005711B8                 jmp     loc_57147A
PAGE:005711BD ; ---------------------------------------------------------------------------
PAGE:005711BD loc_5711BD:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005711BD                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:005711BD                 lea     eax, [ebp+var_20] ; case 0x4
PAGE:005711C0                 push    eax
PAGE:005711C1                 push    [ebp+Length]
PAGE:005711C4                 push    [ebp+Address]
PAGE:005711C7                 call    _KdQuerySpecialCalls@12 ; KdQuerySpecialCalls(x,x,x)
PAGE:005711CC                 jmp     loc_57146E
PAGE:005711D1 ; ---------------------------------------------------------------------------
PAGE:005711D1 loc_5711D1:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005711D1                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:005711D1                 cmp     _KdDebuggerEnabled, 0 ; case 0x5
PAGE:005711D8                 jz      short loc_5711E6
PAGE:005711DA                 push    6               ; Status
PAGE:005711DC                 call    _DbgBreakPointWithStatus@4 ; DbgBreakPointWithStatus(x)
PAGE:005711E1                 jmp     loc_57147A
PAGE:005711E6 ; ---------------------------------------------------------------------------
PAGE:005711E6 loc_5711E6:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+11Fj
PAGE:005711E6                 mov     [ebp+var_1C], 0C0000001h
PAGE:005711ED                 jmp     loc_57147A
PAGE:005711F2 ; ---------------------------------------------------------------------------
PAGE:005711F2 loc_5711F2:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005711F2                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:005711F2                 cmp     [ebp+Length], 28h ; case 0x6
PAGE:005711F6                 jnz     loc_57143F
PAGE:005711FC                 push    [ebp+Address]
PAGE:005711FF                 call    _KdpSysGetVersion@4 ; KdpSysGetVersion(x)
PAGE:00571204                 and     [ebp+var_1C], 0
PAGE:00571208                 jmp     loc_57147A
PAGE:0057120D ; ---------------------------------------------------------------------------
PAGE:0057120D loc_57120D:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:0057120D                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:0057120D                 cmp     esi, 0Ch        ; case 0x7
PAGE:00571210                 jnz     loc_57143F
PAGE:00571216                 mov     [ebp+var_34], ebx
PAGE:00571219                 lea     eax, [ebp+P]
PAGE:0057121C                 push    eax
PAGE:0057121D                 lea     eax, [ebp+var_24]
PAGE:00571220                 push    eax
PAGE:00571221                 push    edi
PAGE:00571222                 push    dword ptr [ebx+8]
PAGE:00571225                 push    dword ptr [ebx+4]
PAGE:00571228                 call    _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:0057122D                 mov     [ebp+var_1C], eax
PAGE:00571230                 test    eax, eax
PAGE:00571232                 jl      loc_57147A
PAGE:00571238                 lea     eax, [ebp+var_20]
PAGE:0057123B                 push    eax
PAGE:0057123C                 xor     eax, eax
PAGE:0057123E                 push    eax
PAGE:0057123F                 push    eax
PAGE:00571240                 push    dword ptr [ebx+8]
PAGE:00571243                 push    [ebp+var_24]
PAGE:00571246                 push    eax
PAGE:00571247 loc_571247:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+1D5j
PAGE:00571247                 push    dword ptr [ebx]
PAGE:00571249 loc_571249:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+248j
PAGE:00571249                 call    _KdpCopyMemoryChunks@28 ; KdpCopyMemoryChunks(x,x,x,x,x,x,x)
PAGE:0057124E                 jmp     loc_57146E
PAGE:00571253 ; ---------------------------------------------------------------------------
PAGE:00571253 loc_571253:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571253                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:00571253                 cmp     esi, 0Ch        ; case 0x8
PAGE:00571256                 jnz     loc_57143F
PAGE:0057125C                 mov     [ebp+var_38], ebx
PAGE:0057125F                 lea     eax, [ebp+P]
PAGE:00571262                 push    eax
PAGE:00571263                 lea     eax, [ebp+var_24]
PAGE:00571266                 push    eax
PAGE:00571267                 push    edi
PAGE:00571268                 push    dword ptr [ebx+8]
PAGE:0057126B                 push    dword ptr [ebx+4]
PAGE:0057126E                 call    _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:00571273                 mov     [ebp+var_1C], eax
PAGE:00571276                 test    eax, eax
PAGE:00571278                 jl      loc_57147A
PAGE:0057127E                 lea     eax, [ebp+var_20]
PAGE:00571281                 push    eax
PAGE:00571282                 push    1
PAGE:00571284                 push    0
PAGE:00571286                 push    dword ptr [ebx+8]
PAGE:00571289                 push    [ebp+var_24]
PAGE:0057128C                 push    0
PAGE:0057128E                 jmp     short loc_571247
PAGE:00571290 ; ---------------------------------------------------------------------------
PAGE:00571290 loc_571290:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571290                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:00571290                 cmp     esi, 10h        ; case 0x9
PAGE:00571293                 jnz     loc_57143F
PAGE:00571299                 mov     [ebp+var_3C], ebx
PAGE:0057129C                 lea     eax, [ebp+P]
PAGE:0057129F                 push    eax
PAGE:005712A0                 lea     eax, [ebp+var_24]
PAGE:005712A3                 push    eax
PAGE:005712A4                 push    edi
PAGE:005712A5                 push    dword ptr [ebx+0Ch]
PAGE:005712A8                 push    dword ptr [ebx+8]
PAGE:005712AB                 call    _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:005712B0                 mov     [ebp+var_1C], eax
PAGE:005712B3                 test    eax, eax
PAGE:005712B5                 jl      loc_57147A
PAGE:005712BB                 lea     eax, [ebp+var_20]
PAGE:005712BE                 push    eax
PAGE:005712BF                 push    2
PAGE:005712C1                 jmp     short loc_5712F4
PAGE:005712C3 ; ---------------------------------------------------------------------------
PAGE:005712C3 loc_5712C3:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005712C3                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:005712C3                 cmp     esi, 10h        ; case 0xA
PAGE:005712C6                 jnz     loc_57143F
PAGE:005712CC                 mov     [ebp+var_40], ebx
PAGE:005712CF                 lea     eax, [ebp+P]
PAGE:005712D2                 push    eax
PAGE:005712D3                 lea     eax, [ebp+var_24]
PAGE:005712D6                 push    eax
PAGE:005712D7                 push    edi
PAGE:005712D8                 push    dword ptr [ebx+0Ch]
PAGE:005712DB                 push    dword ptr [ebx+8]
PAGE:005712DE                 call    _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:005712E3                 mov     [ebp+var_1C], eax
PAGE:005712E6                 test    eax, eax
PAGE:005712E8                 jl      loc_57147A
PAGE:005712EE                 lea     eax, [ebp+var_20]
PAGE:005712F1                 push    eax
PAGE:005712F2                 push    3
PAGE:005712F4 loc_5712F4:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+208j
PAGE:005712F4                 push    0
PAGE:005712F6                 push    dword ptr [ebx+0Ch]
PAGE:005712F9                 push    [ebp+var_24]
PAGE:005712FC                 push    dword ptr [ebx+4]
PAGE:005712FF                 push    dword ptr [ebx]
PAGE:00571301                 jmp     loc_571249
PAGE:00571306 ; ---------------------------------------------------------------------------
PAGE:00571306 loc_571306:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571306                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:00571306                 cmp     esi, 18h        ; case 0xB
PAGE:00571309                 jnz     loc_57143F
PAGE:0057130F                 mov     [ebp+var_44], ebx
PAGE:00571312                 lea     eax, [ebp+P]
PAGE:00571315                 push    eax
PAGE:00571316                 lea     eax, [ebp+var_24]
PAGE:00571319                 push    eax
PAGE:0057131A                 push    edi
PAGE:0057131B                 push    dword ptr [ebx+0Ch]
PAGE:0057131E                 push    dword ptr [ebx+8]
PAGE:00571321                 call    _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:00571326                 mov     [ebp+var_1C], eax
PAGE:00571329                 test    eax, eax
PAGE:0057132B                 jl      loc_57147A
PAGE:00571331                 lea     eax, [ebp+var_20]
PAGE:00571334                 push    eax
PAGE:00571335                 push    dword ptr [ebx+0Ch]
PAGE:00571338                 push    [ebp+var_24]
PAGE:0057133B                 push    dword ptr [ebx+4]
PAGE:0057133E                 push    dword ptr [ebx]
PAGE:00571340                 push    dword ptr [ebx+10h]
PAGE:00571343                 call    _KdpSysReadControlSpace@24 ; KdpSysReadControlSpace(x,x,x,x,x,x)
PAGE:00571348                 jmp     loc_57146E
PAGE:0057134D ; ---------------------------------------------------------------------------
PAGE:0057134D loc_57134D:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:0057134D                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:0057134D                 cmp     esi, 18h        ; case 0xC
PAGE:00571350                 jnz     loc_57143F
PAGE:00571356                 mov     [ebp+var_48], ebx
PAGE:00571359                 lea     eax, [ebp+P]
PAGE:0057135C                 push    eax
PAGE:0057135D                 lea     eax, [ebp+var_24]
PAGE:00571360                 push    eax
PAGE:00571361                 push    edi
PAGE:00571362                 push    dword ptr [ebx+0Ch]
PAGE:00571365                 push    dword ptr [ebx+8]
PAGE:00571368                 call    _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:0057136D                 mov     [ebp+var_1C], eax
PAGE:00571370                 test    eax, eax
PAGE:00571372                 jl      loc_57147A
PAGE:00571378                 lea     eax, [ebp+var_20]
PAGE:0057137B                 push    eax
PAGE:0057137C                 push    dword ptr [ebx+0Ch]
PAGE:0057137F                 push    [ebp+var_24]
PAGE:00571382                 push    dword ptr [ebx+4]
PAGE:00571385                 push    dword ptr [ebx]
PAGE:00571387                 push    dword ptr [ebx+10h]
PAGE:0057138A                 call    _KdpSysWriteControlSpace@24 ; KdpSysWriteControlSpace(x,x,x,x,x,x)
PAGE:0057138F                 jmp     loc_57146E
PAGE:00571394 ; ---------------------------------------------------------------------------
PAGE:00571394 loc_571394:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571394                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:00571394                 cmp     esi, 20h        ; case 0xD
PAGE:00571397                 jnz     loc_57143F
PAGE:0057139D                 mov     [ebp+var_4C], ebx
PAGE:005713A0                 lea     eax, [ebp+var_20]
PAGE:005713A3                 push    eax             ; int
PAGE:005713A4                 push    dword ptr [ebx+0Ch] ; int
PAGE:005713A7                 push    dword ptr [ebx+8] ; int
PAGE:005713AA                 push    dword ptr [ebx+4] ; int
PAGE:005713AD                 push    dword ptr [ebx] ; Port
PAGE:005713AF                 push    dword ptr [ebx+18h] ; int
PAGE:005713B2                 push    dword ptr [ebx+14h] ; int
PAGE:005713B5                 push    dword ptr [ebx+10h] ; int
PAGE:005713B8                 call    _KdpSysReadIoSpace@32 ; KdpSysReadIoSpace(x,x,x,x,x,x,x,x)
PAGE:005713BD                 jmp     loc_57146E
PAGE:005713C2 ; ---------------------------------------------------------------------------
PAGE:005713C2 loc_5713C2:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005713C2                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:005713C2                 cmp     esi, 20h        ; case 0xE
PAGE:005713C5                 jnz     short loc_57143F
PAGE:005713C7                 mov     [ebp+var_50], ebx
PAGE:005713CA                 lea     eax, [ebp+var_20]
PAGE:005713CD                 push    eax             ; int
PAGE:005713CE                 push    dword ptr [ebx+0Ch] ; int
PAGE:005713D1                 push    dword ptr [ebx+8] ; int
PAGE:005713D4                 push    dword ptr [ebx+4] ; int
PAGE:005713D7                 push    dword ptr [ebx] ; Port
PAGE:005713D9                 push    dword ptr [ebx+18h] ; int
PAGE:005713DC                 push    dword ptr [ebx+14h] ; int
PAGE:005713DF                 push    dword ptr [ebx+10h] ; int
PAGE:005713E2                 call    _KdpSysWriteIoSpace@32 ; KdpSysWriteIoSpace(x,x,x,x,x,x,x,x)
PAGE:005713E7                 jmp     loc_57146E
PAGE:005713EC ; ---------------------------------------------------------------------------
PAGE:005713EC loc_5713EC:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005713EC                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:005713EC                 cmp     esi, 10h        ; case 0xF
PAGE:005713EF                 jnz     short loc_57143F
PAGE:005713F1                 mov     [ebp+var_54], ebx
PAGE:005713F4                 lea     eax, [ebx+8]
PAGE:005713F7                 push    eax
PAGE:005713F8                 push    dword ptr [ebx]
PAGE:005713FA                 call    _KdpSysReadMsr@8 ; KdpSysReadMsr(x,x)
PAGE:005713FF                 jmp     short loc_57146E
PAGE:00571401 ; ---------------------------------------------------------------------------
PAGE:00571401 loc_571401:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571401                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:00571401                 cmp     esi, 10h        ; case 0x10
PAGE:00571404                 jnz     short loc_57143F
PAGE:00571406                 mov     [ebp+var_58], ebx
PAGE:00571409                 lea     eax, [ebx+8]
PAGE:0057140C                 push    eax
PAGE:0057140D                 push    dword ptr [ebx]
PAGE:0057140F                 call    _KdpSysWriteMsr@8 ; KdpSysWriteMsr(x,x)
PAGE:00571414                 jmp     short loc_57146E
PAGE:00571416 ; ---------------------------------------------------------------------------
PAGE:00571416 loc_571416:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571416                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:00571416                 cmp     esi, 18h        ; case 0x11
PAGE:00571419                 jnz     short loc_57143F
PAGE:0057141B                 mov     [ebp+var_5C], ebx
PAGE:0057141E                 lea     eax, [ebp+var_20]
PAGE:00571421                 push    eax             ; int
PAGE:00571422                 push    dword ptr [ebx+8] ; Length
PAGE:00571425                 push    dword ptr [ebx+4] ; Buffer
PAGE:00571428                 push    dword ptr [ebx] ; Offset
PAGE:0057142A                 push    dword ptr [ebx+14h] ; SlotNumber
PAGE:0057142D                 push    dword ptr [ebx+10h] ; BusNumber
PAGE:00571430                 push    dword ptr [ebx+0Ch] ; BusDataType
PAGE:00571433                 call    _KdpSysReadBusData@28 ; KdpSysReadBusData(x,x,x,x,x,x,x)
PAGE:00571438                 jmp     short loc_57146E
PAGE:0057143A ; ---------------------------------------------------------------------------
PAGE:0057143A loc_57143A:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:0057143A                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:0057143A                 cmp     esi, 18h        ; case 0x12
PAGE:0057143D                 jz      short loc_57144A
PAGE:0057143F loc_57143F:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+D3j
PAGE:0057143F                                         ; NtSystemDebugControl(x,x,x,x,x,x)+E7j ...
PAGE:0057143F                 or      [ebp+ms_exc.disabled], 0FFFFFFFFh
PAGE:00571443                 mov     eax, 0C0000004h
PAGE:00571448                 jmp     short loc_5714BE
PAGE:0057144A ; ---------------------------------------------------------------------------
PAGE:0057144A loc_57144A:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+384j
PAGE:0057144A                 mov     [ebp+var_60], ebx
PAGE:0057144D                 lea     eax, [ebp+var_20]
PAGE:00571450                 push    eax             ; int
PAGE:00571451                 push    dword ptr [ebx+8] ; Length
PAGE:00571454                 push    dword ptr [ebx+4] ; Buffer
PAGE:00571457                 push    dword ptr [ebx] ; Offset
PAGE:00571459                 push    dword ptr [ebx+14h] ; SlotNumber
PAGE:0057145C                 push    dword ptr [ebx+10h] ; BusNumber
PAGE:0057145F                 push    dword ptr [ebx+0Ch] ; BusDataType
PAGE:00571462                 call    _KdpSysWriteBusData@28 ; KdpSysWriteBusData(x,x,x,x,x,x,x)
PAGE:00571467                 jmp     short loc_57146E
PAGE:00571469 ; ---------------------------------------------------------------------------
PAGE:00571469 loc_571469:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571469                                         ; DATA XREF: PAGE:off_5714C6o
PAGE:00571469                 call    _KdpSysCheckLowMemory@0 ; case 0x13
PAGE:0057146E loc_57146E:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+CBj
PAGE:0057146E                                         ; NtSystemDebugControl(x,x,x,x,x,x)+113j ...
PAGE:0057146E                 mov     [ebp+var_1C], eax
PAGE:00571471                 jmp     short loc_57147A
PAGE:00571473 ; ---------------------------------------------------------------------------
PAGE:00571473 loc_571473:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+AFj
PAGE:00571473                 mov     [ebp+var_1C], 0C0000003h ; default
PAGE:0057147A loc_57147A:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+DFj
PAGE:0057147A                                         ; NtSystemDebugControl(x,x,x,x,x,x)+F5j ...
PAGE:0057147A                 mov     eax, [ebp+arg_14]
PAGE:0057147D                 test    eax, eax
PAGE:0057147F                 jz      short loc_5714A9
PAGE:00571481                 mov     ecx, [ebp+var_20]
PAGE:00571484                 mov     [eax], ecx
PAGE:00571486                 jmp     short loc_5714A9
PAGE:00571486 ; ---------------------------------------------------------------------------
PAGE:00571488                 dd 90909090h
PAGE:0057148C                 db 90h
PAGE:0057148D ; ---------------------------------------------------------------------------
PAGE:0057148D loc_57148D:                             ; DATA XREF: .text:00452E2Co
PAGE:0057148D                 mov     eax, [ebp+ms_exc.exc_ptr]
PAGE:00571490                 mov     eax, [eax]
PAGE:00571492                 mov     eax, [eax]
PAGE:00571494                 mov     [ebp+var_30], eax
PAGE:00571497                 xor     eax, eax
PAGE:00571499                 inc     eax
PAGE:0057149A                 retn
PAGE:0057149A ; ---------------------------------------------------------------------------
PAGE:0057149B                 align 10h
PAGE:005714A0 loc_5714A0:                             ; DATA XREF: .text:00452E30o
PAGE:005714A0                 mov     esp, [ebp+ms_exc.old_esp]
PAGE:005714A3                 mov     eax, [ebp+var_30]
PAGE:005714A6                 mov     [ebp+var_1C], eax
PAGE:005714A9 loc_5714A9:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+3C6j
PAGE:005714A9                                         ; NtSystemDebugControl(x,x,x,x,x,x)+3CDj
PAGE:005714A9                 or      [ebp+ms_exc.disabled], 0FFFFFFFFh
PAGE:005714AD                 cmp     [ebp+var_24], 0
PAGE:005714B1                 jz      short loc_5714BB
PAGE:005714B3                 push    [ebp+P]         ; P
PAGE:005714B6                 call    _ExUnlockUserBuffer@4 ; ExUnlockUserBuffer(x)
PAGE:005714BB loc_5714BB:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+3F8j
PAGE:005714BB                 mov     eax, [ebp+var_1C]
PAGE:005714BE loc_5714BE:                             ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+47j
PAGE:005714BE                                         ; NtSystemDebugControl(x,x,x,x,x,x)+38Fj
PAGE:005714BE                 call    __SEH_epilog
PAGE:005714C3                 retn    18h
PAGE:005714C3 _NtSystemDebugControl@24 endp
PAGE:005714C3 ; ---------------------------------------------------------------------------