;
; +-------------------------------------------------------------------------+
; ¦ This file is generated by The Interactive Disassembler (IDA) ¦
; ¦ Copyright (c) 2006 by DataRescue sa/nv, <ida@datarescue.com> ¦
; ¦ Licensed to: Ivanlef0u - (1-user Advanced 03/2006) ¦
; +-------------------------------------------------------------------------+
;
PAGE:005710B9
PAGE:005710B9 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
PAGE:005710B9
PAGE:005710B9 ; Attributes: bp-based frame
PAGE:005710B9
PAGE:005710B9 ; NTSTATUS __stdcall NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode,PVOID InputBuffer,ULONG InputBufferLength,PVOID OutputBuffer,ULONG OutputBufferLength,PULONG ReturnLength)
PAGE:005710B9 _NtSystemDebugControl@24 proc near ; DATA XREF: .text:0040BAA4o
PAGE:005710B9
PAGE:005710B9 var_60 = dword ptr -60h
PAGE:005710B9 var_5C = dword ptr -5Ch
PAGE:005710B9 var_58 = dword ptr -58h
PAGE:005710B9 var_54 = dword ptr -54h
PAGE:005710B9 var_50 = dword ptr -50h
PAGE:005710B9 var_4C = dword ptr -4Ch
PAGE:005710B9 var_48 = dword ptr -48h
PAGE:005710B9 var_44 = dword ptr -44h
PAGE:005710B9 var_40 = dword ptr -40h
PAGE:005710B9 var_3C = dword ptr -3Ch
PAGE:005710B9 var_38 = dword ptr -38h
PAGE:005710B9 var_34 = dword ptr -34h
PAGE:005710B9 var_30 = dword ptr -30h
PAGE:005710B9 PreviousMode = byte ptr -2Ch
PAGE:005710B9 P = dword ptr -28h
PAGE:005710B9 var_24 = dword ptr -24h
PAGE:005710B9 var_20 = dword ptr -20h
PAGE:005710B9 var_1C = dword ptr -1Ch
PAGE:005710B9 ms_exc = CPPEH_RECORD ptr -18h
PAGE:005710B9 arg_0 = dword ptr 8
PAGE:005710B9 arg_4 = dword ptr 0Ch
PAGE:005710B9 arg_8 = dword ptr 10h
PAGE:005710B9 Address = dword ptr 14h
PAGE:005710B9 Length = dword ptr 18h
PAGE:005710B9 arg_14 = dword ptr 1Ch
PAGE:005710B9
PAGE:005710B9 push 50h
PAGE:005710BB push offset dword_452E28
PAGE:005710C0 call __SEH_prolog
PAGE:005710C5 xor esi, esi
PAGE:005710C7 mov [ebp+var_1C], esi
PAGE:005710CA mov [ebp+var_20], esi
PAGE:005710CD mov [ebp+var_24], esi
PAGE:005710D0 mov [ebp+P], esi
PAGE:005710D3 mov eax, large fs:124h
PAGE:005710D9 mov bl, [eax+140h]
PAGE:005710DF mov [ebp+PreviousMode], bl
PAGE:005710E2 mov edi, dword ptr [ebp+PreviousMode]
PAGE:005710E5 push edi ; PreviousMode
PAGE:005710E6 push ds:_SeDebugPrivilege.HighPart
PAGE:005710EC push ds:_SeDebugPrivilege.LowPart ; PrivilegeValue
PAGE:005710F2 call _SeSinglePrivilegeCheck@12 ; SeSinglePrivilegeCheck(x,x,x)
PAGE:005710F7 test al, al
PAGE:005710F9 jnz short loc_571105
PAGE:005710FB mov eax, 0C0000022h
PAGE:00571100 jmp loc_5714BE
PAGE:00571105 ; ---------------------------------------------------------------------------
PAGE:00571105
PAGE:00571105 loc_571105: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+40j
PAGE:00571105 mov [ebp+ms_exc.disabled], esi
PAGE:00571108 mov esi, [ebp+arg_8]
PAGE:0057110B test bl, bl
PAGE:0057110D mov ebx, [ebp+arg_4]
PAGE:00571110 jz short loc_571161
PAGE:00571112 test esi, esi
PAGE:00571114 jz short loc_571134
PAGE:00571116 test bl, 3
PAGE:00571119 jz short loc_571120
PAGE:0057111B call _ExRaiseDatatypeMisalignment@0 ; ExRaiseDatatypeMisalignment()
PAGE:00571120
PAGE:00571120 loc_571120: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+60j
PAGE:00571120 lea eax, [esi+ebx]
PAGE:00571123 cmp eax, ebx
PAGE:00571125 jb short loc_57112F
PAGE:00571127 cmp eax, _MmUserProbeAddress
PAGE:0057112D jbe short loc_571134
PAGE:0057112F
PAGE:0057112F loc_57112F: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+6Cj
PAGE:0057112F call _ExRaiseAccessViolation@0 ; ExRaiseAccessViolation()
PAGE:00571134
PAGE:00571134 loc_571134: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+5Bj
PAGE:00571134 ; NtSystemDebugControl(x,x,x,x,x,x)+74j
PAGE:00571134 cmp [ebp+Length], 0
PAGE:00571138 jz short loc_571147
PAGE:0057113A push 4 ; Alignment
PAGE:0057113C push [ebp+Length] ; Length
PAGE:0057113F push [ebp+Address] ; Address
PAGE:00571142 call _ProbeForWrite@12 ; ProbeForWrite(x,x,x)
PAGE:00571147
PAGE:00571147 loc_571147: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+7Fj
PAGE:00571147 mov ecx, [ebp+arg_14]
PAGE:0057114A test ecx, ecx
PAGE:0057114C jz short loc_571161
PAGE:0057114E mov eax, _MmUserProbeAddress
PAGE:00571153 cmp ecx, eax
PAGE:00571155 jb short loc_57115D
PAGE:00571157 mov dword ptr [eax], 0
PAGE:0057115D
PAGE:0057115D loc_57115D: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+9Cj
PAGE:0057115D mov eax, [ecx]
PAGE:0057115F mov [ecx], eax
PAGE:00571161
PAGE:00571161 loc_571161: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+57j
PAGE:00571161 ; NtSystemDebugControl(x,x,x,x,x,x)+93j
PAGE:00571161 mov eax, [ebp+arg_0]
PAGE:00571164 dec eax
PAGE:00571165 cmp eax, 13h ; switch 20 cases
PAGE:00571168 ja loc_571473 ; default
PAGE:0057116E jmp ds:off_5714C6[eax*4] ; switch jump
PAGE:00571175
PAGE:00571175 loc_571175: ; DATA XREF: PAGE:off_5714C6o
PAGE:00571175 lea eax, [ebp+var_20] ; case 0x0
PAGE:00571178 push eax
PAGE:00571179 push [ebp+Length]
PAGE:0057117C push [ebp+Address]
PAGE:0057117F call _KdGetTraceInformation@12 ; KdGetTraceInformation(x,x,x)
PAGE:00571184 jmp loc_57146E
PAGE:00571189 ; ---------------------------------------------------------------------------
PAGE:00571189
PAGE:00571189 loc_571189: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571189 ; DATA XREF: PAGE:off_5714C6o
PAGE:00571189 cmp esi, 38h ; case 0x1
PAGE:0057118C jnz loc_57143F
PAGE:00571192 push ebx
PAGE:00571193 call _KdSetInternalBreakpoint@4 ; KdSetInternalBreakpoint(x)
PAGE:00571198 jmp loc_57147A
PAGE:0057119D ; ---------------------------------------------------------------------------
PAGE:0057119D
PAGE:0057119D loc_57119D: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:0057119D ; DATA XREF: PAGE:off_5714C6o
PAGE:0057119D cmp esi, 4 ; case 0x2
PAGE:005711A0 jnz loc_57143F
PAGE:005711A6 push 0
PAGE:005711A8 push ebx
PAGE:005711A9 call _KdSetSpecialCall@8 ; KdSetSpecialCall(x,x)
PAGE:005711AE jmp loc_57147A
PAGE:005711B3 ; ---------------------------------------------------------------------------
PAGE:005711B3
PAGE:005711B3 loc_5711B3: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005711B3 ; DATA XREF: PAGE:off_5714C6o
PAGE:005711B3 call _KdClearSpecialCalls@0 ; case 0x3
PAGE:005711B8 jmp loc_57147A
PAGE:005711BD ; ---------------------------------------------------------------------------
PAGE:005711BD
PAGE:005711BD loc_5711BD: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005711BD ; DATA XREF: PAGE:off_5714C6o
PAGE:005711BD lea eax, [ebp+var_20] ; case 0x4
PAGE:005711C0 push eax
PAGE:005711C1 push [ebp+Length]
PAGE:005711C4 push [ebp+Address]
PAGE:005711C7 call _KdQuerySpecialCalls@12 ; KdQuerySpecialCalls(x,x,x)
PAGE:005711CC jmp loc_57146E
PAGE:005711D1 ; ---------------------------------------------------------------------------
PAGE:005711D1
PAGE:005711D1 loc_5711D1: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005711D1 ; DATA XREF: PAGE:off_5714C6o
PAGE:005711D1 cmp _KdDebuggerEnabled, 0 ; case 0x5
PAGE:005711D8 jz short loc_5711E6
PAGE:005711DA push 6 ; Status
PAGE:005711DC call _DbgBreakPointWithStatus@4 ; DbgBreakPointWithStatus(x)
PAGE:005711E1 jmp loc_57147A
PAGE:005711E6 ; ---------------------------------------------------------------------------
PAGE:005711E6
PAGE:005711E6 loc_5711E6: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+11Fj
PAGE:005711E6 mov [ebp+var_1C], 0C0000001h
PAGE:005711ED jmp loc_57147A
PAGE:005711F2 ; ---------------------------------------------------------------------------
PAGE:005711F2
PAGE:005711F2 loc_5711F2: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005711F2 ; DATA XREF: PAGE:off_5714C6o
PAGE:005711F2 cmp [ebp+Length], 28h ; case 0x6
PAGE:005711F6 jnz loc_57143F
PAGE:005711FC push [ebp+Address]
PAGE:005711FF call _KdpSysGetVersion@4 ; KdpSysGetVersion(x)
PAGE:00571204 and [ebp+var_1C], 0
PAGE:00571208 jmp loc_57147A
PAGE:0057120D ; ---------------------------------------------------------------------------
PAGE:0057120D
PAGE:0057120D loc_57120D: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:0057120D ; DATA XREF: PAGE:off_5714C6o
PAGE:0057120D cmp esi, 0Ch ; case 0x7
PAGE:00571210 jnz loc_57143F
PAGE:00571216 mov [ebp+var_34], ebx
PAGE:00571219 lea eax, [ebp+P]
PAGE:0057121C push eax
PAGE:0057121D lea eax, [ebp+var_24]
PAGE:00571220 push eax
PAGE:00571221 push edi
PAGE:00571222 push dword ptr [ebx+8]
PAGE:00571225 push dword ptr [ebx+4]
PAGE:00571228 call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:0057122D mov [ebp+var_1C], eax
PAGE:00571230 test eax, eax
PAGE:00571232 jl loc_57147A
PAGE:00571238 lea eax, [ebp+var_20]
PAGE:0057123B push eax
PAGE:0057123C xor eax, eax
PAGE:0057123E push eax
PAGE:0057123F push eax
PAGE:00571240 push dword ptr [ebx+8]
PAGE:00571243 push [ebp+var_24]
PAGE:00571246 push eax
PAGE:00571247
PAGE:00571247 loc_571247: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+1D5j
PAGE:00571247 push dword ptr [ebx]
PAGE:00571249
PAGE:00571249 loc_571249: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+248j
PAGE:00571249 call _KdpCopyMemoryChunks@28 ; KdpCopyMemoryChunks(x,x,x,x,x,x,x)
PAGE:0057124E jmp loc_57146E
PAGE:00571253 ; ---------------------------------------------------------------------------
PAGE:00571253
PAGE:00571253 loc_571253: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571253 ; DATA XREF: PAGE:off_5714C6o
PAGE:00571253 cmp esi, 0Ch ; case 0x8
PAGE:00571256 jnz loc_57143F
PAGE:0057125C mov [ebp+var_38], ebx
PAGE:0057125F lea eax, [ebp+P]
PAGE:00571262 push eax
PAGE:00571263 lea eax, [ebp+var_24]
PAGE:00571266 push eax
PAGE:00571267 push edi
PAGE:00571268 push dword ptr [ebx+8]
PAGE:0057126B push dword ptr [ebx+4]
PAGE:0057126E call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:00571273 mov [ebp+var_1C], eax
PAGE:00571276 test eax, eax
PAGE:00571278 jl loc_57147A
PAGE:0057127E lea eax, [ebp+var_20]
PAGE:00571281 push eax
PAGE:00571282 push 1
PAGE:00571284 push 0
PAGE:00571286 push dword ptr [ebx+8]
PAGE:00571289 push [ebp+var_24]
PAGE:0057128C push 0
PAGE:0057128E jmp short loc_571247
PAGE:00571290 ; ---------------------------------------------------------------------------
PAGE:00571290
PAGE:00571290 loc_571290: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571290 ; DATA XREF: PAGE:off_5714C6o
PAGE:00571290 cmp esi, 10h ; case 0x9
PAGE:00571293 jnz loc_57143F
PAGE:00571299 mov [ebp+var_3C], ebx
PAGE:0057129C lea eax, [ebp+P]
PAGE:0057129F push eax
PAGE:005712A0 lea eax, [ebp+var_24]
PAGE:005712A3 push eax
PAGE:005712A4 push edi
PAGE:005712A5 push dword ptr [ebx+0Ch]
PAGE:005712A8 push dword ptr [ebx+8]
PAGE:005712AB call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:005712B0 mov [ebp+var_1C], eax
PAGE:005712B3 test eax, eax
PAGE:005712B5 jl loc_57147A
PAGE:005712BB lea eax, [ebp+var_20]
PAGE:005712BE push eax
PAGE:005712BF push 2
PAGE:005712C1 jmp short loc_5712F4
PAGE:005712C3 ; ---------------------------------------------------------------------------
PAGE:005712C3
PAGE:005712C3 loc_5712C3: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005712C3 ; DATA XREF: PAGE:off_5714C6o
PAGE:005712C3 cmp esi, 10h ; case 0xA
PAGE:005712C6 jnz loc_57143F
PAGE:005712CC mov [ebp+var_40], ebx
PAGE:005712CF lea eax, [ebp+P]
PAGE:005712D2 push eax
PAGE:005712D3 lea eax, [ebp+var_24]
PAGE:005712D6 push eax
PAGE:005712D7 push edi
PAGE:005712D8 push dword ptr [ebx+0Ch]
PAGE:005712DB push dword ptr [ebx+8]
PAGE:005712DE call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:005712E3 mov [ebp+var_1C], eax
PAGE:005712E6 test eax, eax
PAGE:005712E8 jl loc_57147A
PAGE:005712EE lea eax, [ebp+var_20]
PAGE:005712F1 push eax
PAGE:005712F2 push 3
PAGE:005712F4
PAGE:005712F4 loc_5712F4: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+208j
PAGE:005712F4 push 0
PAGE:005712F6 push dword ptr [ebx+0Ch]
PAGE:005712F9 push [ebp+var_24]
PAGE:005712FC push dword ptr [ebx+4]
PAGE:005712FF push dword ptr [ebx]
PAGE:00571301 jmp loc_571249
PAGE:00571306 ; ---------------------------------------------------------------------------
PAGE:00571306
PAGE:00571306 loc_571306: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571306 ; DATA XREF: PAGE:off_5714C6o
PAGE:00571306 cmp esi, 18h ; case 0xB
PAGE:00571309 jnz loc_57143F
PAGE:0057130F mov [ebp+var_44], ebx
PAGE:00571312 lea eax, [ebp+P]
PAGE:00571315 push eax
PAGE:00571316 lea eax, [ebp+var_24]
PAGE:00571319 push eax
PAGE:0057131A push edi
PAGE:0057131B push dword ptr [ebx+0Ch]
PAGE:0057131E push dword ptr [ebx+8]
PAGE:00571321 call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:00571326 mov [ebp+var_1C], eax
PAGE:00571329 test eax, eax
PAGE:0057132B jl loc_57147A
PAGE:00571331 lea eax, [ebp+var_20]
PAGE:00571334 push eax
PAGE:00571335 push dword ptr [ebx+0Ch]
PAGE:00571338 push [ebp+var_24]
PAGE:0057133B push dword ptr [ebx+4]
PAGE:0057133E push dword ptr [ebx]
PAGE:00571340 push dword ptr [ebx+10h]
PAGE:00571343 call _KdpSysReadControlSpace@24 ; KdpSysReadControlSpace(x,x,x,x,x,x)
PAGE:00571348 jmp loc_57146E
PAGE:0057134D ; ---------------------------------------------------------------------------
PAGE:0057134D
PAGE:0057134D loc_57134D: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:0057134D ; DATA XREF: PAGE:off_5714C6o
PAGE:0057134D cmp esi, 18h ; case 0xC
PAGE:00571350 jnz loc_57143F
PAGE:00571356 mov [ebp+var_48], ebx
PAGE:00571359 lea eax, [ebp+P]
PAGE:0057135C push eax
PAGE:0057135D lea eax, [ebp+var_24]
PAGE:00571360 push eax
PAGE:00571361 push edi
PAGE:00571362 push dword ptr [ebx+0Ch]
PAGE:00571365 push dword ptr [ebx+8]
PAGE:00571368 call _ExLockUserBuffer@20 ; ExLockUserBuffer(x,x,x,x,x)
PAGE:0057136D mov [ebp+var_1C], eax
PAGE:00571370 test eax, eax
PAGE:00571372 jl loc_57147A
PAGE:00571378 lea eax, [ebp+var_20]
PAGE:0057137B push eax
PAGE:0057137C push dword ptr [ebx+0Ch]
PAGE:0057137F push [ebp+var_24]
PAGE:00571382 push dword ptr [ebx+4]
PAGE:00571385 push dword ptr [ebx]
PAGE:00571387 push dword ptr [ebx+10h]
PAGE:0057138A call _KdpSysWriteControlSpace@24 ; KdpSysWriteControlSpace(x,x,x,x,x,x)
PAGE:0057138F jmp loc_57146E
PAGE:00571394 ; ---------------------------------------------------------------------------
PAGE:00571394
PAGE:00571394 loc_571394: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571394 ; DATA XREF: PAGE:off_5714C6o
PAGE:00571394 cmp esi, 20h ; case 0xD
PAGE:00571397 jnz loc_57143F
PAGE:0057139D mov [ebp+var_4C], ebx
PAGE:005713A0 lea eax, [ebp+var_20]
PAGE:005713A3 push eax ; int
PAGE:005713A4 push dword ptr [ebx+0Ch] ; int
PAGE:005713A7 push dword ptr [ebx+8] ; int
PAGE:005713AA push dword ptr [ebx+4] ; int
PAGE:005713AD push dword ptr [ebx] ; Port
PAGE:005713AF push dword ptr [ebx+18h] ; int
PAGE:005713B2 push dword ptr [ebx+14h] ; int
PAGE:005713B5 push dword ptr [ebx+10h] ; int
PAGE:005713B8 call _KdpSysReadIoSpace@32 ; KdpSysReadIoSpace(x,x,x,x,x,x,x,x)
PAGE:005713BD jmp loc_57146E
PAGE:005713C2 ; ---------------------------------------------------------------------------
PAGE:005713C2
PAGE:005713C2 loc_5713C2: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005713C2 ; DATA XREF: PAGE:off_5714C6o
PAGE:005713C2 cmp esi, 20h ; case 0xE
PAGE:005713C5 jnz short loc_57143F
PAGE:005713C7 mov [ebp+var_50], ebx
PAGE:005713CA lea eax, [ebp+var_20]
PAGE:005713CD push eax ; int
PAGE:005713CE push dword ptr [ebx+0Ch] ; int
PAGE:005713D1 push dword ptr [ebx+8] ; int
PAGE:005713D4 push dword ptr [ebx+4] ; int
PAGE:005713D7 push dword ptr [ebx] ; Port
PAGE:005713D9 push dword ptr [ebx+18h] ; int
PAGE:005713DC push dword ptr [ebx+14h] ; int
PAGE:005713DF push dword ptr [ebx+10h] ; int
PAGE:005713E2 call _KdpSysWriteIoSpace@32 ; KdpSysWriteIoSpace(x,x,x,x,x,x,x,x)
PAGE:005713E7 jmp loc_57146E
PAGE:005713EC ; ---------------------------------------------------------------------------
PAGE:005713EC
PAGE:005713EC loc_5713EC: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:005713EC ; DATA XREF: PAGE:off_5714C6o
PAGE:005713EC cmp esi, 10h ; case 0xF
PAGE:005713EF jnz short loc_57143F
PAGE:005713F1 mov [ebp+var_54], ebx
PAGE:005713F4 lea eax, [ebx+8]
PAGE:005713F7 push eax
PAGE:005713F8 push dword ptr [ebx]
PAGE:005713FA call _KdpSysReadMsr@8 ; KdpSysReadMsr(x,x)
PAGE:005713FF jmp short loc_57146E
PAGE:00571401 ; ---------------------------------------------------------------------------
PAGE:00571401
PAGE:00571401 loc_571401: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571401 ; DATA XREF: PAGE:off_5714C6o
PAGE:00571401 cmp esi, 10h ; case 0x10
PAGE:00571404 jnz short loc_57143F
PAGE:00571406 mov [ebp+var_58], ebx
PAGE:00571409 lea eax, [ebx+8]
PAGE:0057140C push eax
PAGE:0057140D push dword ptr [ebx]
PAGE:0057140F call _KdpSysWriteMsr@8 ; KdpSysWriteMsr(x,x)
PAGE:00571414 jmp short loc_57146E
PAGE:00571416 ; ---------------------------------------------------------------------------
PAGE:00571416
PAGE:00571416 loc_571416: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571416 ; DATA XREF: PAGE:off_5714C6o
PAGE:00571416 cmp esi, 18h ; case 0x11
PAGE:00571419 jnz short loc_57143F
PAGE:0057141B mov [ebp+var_5C], ebx
PAGE:0057141E lea eax, [ebp+var_20]
PAGE:00571421 push eax ; int
PAGE:00571422 push dword ptr [ebx+8] ; Length
PAGE:00571425 push dword ptr [ebx+4] ; Buffer
PAGE:00571428 push dword ptr [ebx] ; Offset
PAGE:0057142A push dword ptr [ebx+14h] ; SlotNumber
PAGE:0057142D push dword ptr [ebx+10h] ; BusNumber
PAGE:00571430 push dword ptr [ebx+0Ch] ; BusDataType
PAGE:00571433 call _KdpSysReadBusData@28 ; KdpSysReadBusData(x,x,x,x,x,x,x)
PAGE:00571438 jmp short loc_57146E
PAGE:0057143A ; ---------------------------------------------------------------------------
PAGE:0057143A
PAGE:0057143A loc_57143A: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:0057143A ; DATA XREF: PAGE:off_5714C6o
PAGE:0057143A cmp esi, 18h ; case 0x12
PAGE:0057143D jz short loc_57144A
PAGE:0057143F
PAGE:0057143F loc_57143F: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+D3j
PAGE:0057143F ; NtSystemDebugControl(x,x,x,x,x,x)+E7j ...
PAGE:0057143F or [ebp+ms_exc.disabled], 0FFFFFFFFh
PAGE:00571443 mov eax, 0C0000004h
PAGE:00571448 jmp short loc_5714BE
PAGE:0057144A ; ---------------------------------------------------------------------------
PAGE:0057144A
PAGE:0057144A loc_57144A: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+384j
PAGE:0057144A mov [ebp+var_60], ebx
PAGE:0057144D lea eax, [ebp+var_20]
PAGE:00571450 push eax ; int
PAGE:00571451 push dword ptr [ebx+8] ; Length
PAGE:00571454 push dword ptr [ebx+4] ; Buffer
PAGE:00571457 push dword ptr [ebx] ; Offset
PAGE:00571459 push dword ptr [ebx+14h] ; SlotNumber
PAGE:0057145C push dword ptr [ebx+10h] ; BusNumber
PAGE:0057145F push dword ptr [ebx+0Ch] ; BusDataType
PAGE:00571462 call _KdpSysWriteBusData@28 ; KdpSysWriteBusData(x,x,x,x,x,x,x)
PAGE:00571467 jmp short loc_57146E
PAGE:00571469 ; ---------------------------------------------------------------------------
PAGE:00571469
PAGE:00571469 loc_571469: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+B5j
PAGE:00571469 ; DATA XREF: PAGE:off_5714C6o
PAGE:00571469 call _KdpSysCheckLowMemory@0 ; case 0x13
PAGE:0057146E
PAGE:0057146E loc_57146E: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+CBj
PAGE:0057146E ; NtSystemDebugControl(x,x,x,x,x,x)+113j ...
PAGE:0057146E mov [ebp+var_1C], eax
PAGE:00571471 jmp short loc_57147A
PAGE:00571473 ; ---------------------------------------------------------------------------
PAGE:00571473
PAGE:00571473 loc_571473: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+AFj
PAGE:00571473 mov [ebp+var_1C], 0C0000003h ; default
PAGE:0057147A
PAGE:0057147A loc_57147A: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+DFj
PAGE:0057147A ; NtSystemDebugControl(x,x,x,x,x,x)+F5j ...
PAGE:0057147A mov eax, [ebp+arg_14]
PAGE:0057147D test eax, eax
PAGE:0057147F jz short loc_5714A9
PAGE:00571481 mov ecx, [ebp+var_20]
PAGE:00571484 mov [eax], ecx
PAGE:00571486 jmp short loc_5714A9
PAGE:00571486 ; ---------------------------------------------------------------------------
PAGE:00571488 dd 90909090h
PAGE:0057148C db 90h
PAGE:0057148D ; ---------------------------------------------------------------------------
PAGE:0057148D
PAGE:0057148D loc_57148D: ; DATA XREF: .text:00452E2Co
PAGE:0057148D mov eax, [ebp+ms_exc.exc_ptr]
PAGE:00571490 mov eax, [eax]
PAGE:00571492 mov eax, [eax]
PAGE:00571494 mov [ebp+var_30], eax
PAGE:00571497 xor eax, eax
PAGE:00571499 inc eax
PAGE:0057149A retn
PAGE:0057149A ; ---------------------------------------------------------------------------
PAGE:0057149B align 10h
PAGE:005714A0
PAGE:005714A0 loc_5714A0: ; DATA XREF: .text:00452E30o
PAGE:005714A0 mov esp, [ebp+ms_exc.old_esp]
PAGE:005714A3 mov eax, [ebp+var_30]
PAGE:005714A6 mov [ebp+var_1C], eax
PAGE:005714A9
PAGE:005714A9 loc_5714A9: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+3C6j
PAGE:005714A9 ; NtSystemDebugControl(x,x,x,x,x,x)+3CDj
PAGE:005714A9 or [ebp+ms_exc.disabled], 0FFFFFFFFh
PAGE:005714AD cmp [ebp+var_24], 0
PAGE:005714B1 jz short loc_5714BB
PAGE:005714B3 push [ebp+P] ; P
PAGE:005714B6 call _ExUnlockUserBuffer@4 ; ExUnlockUserBuffer(x)
PAGE:005714BB
PAGE:005714BB loc_5714BB: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+3F8j
PAGE:005714BB mov eax, [ebp+var_1C]
PAGE:005714BE
PAGE:005714BE loc_5714BE: ; CODE XREF: NtSystemDebugControl(x,x,x,x,x,x)+47j
PAGE:005714BE ; NtSystemDebugControl(x,x,x,x,x,x)+38Fj
PAGE:005714BE call __SEH_epilog
PAGE:005714C3 retn 18h
PAGE:005714C3 _NtSystemDebugControl@24 endp
PAGE:005714C3
PAGE:005714C3 ; ---------------------------------------------------------------------------