在SSDT Hook的妙用-对抗ring0 inline hook这个帖子里有这么一段:
ULONG Address;
ULONG OldServiceAddress;//原来NtOpenProcess的服务地址
Address = (ULONG)KeServiceDescriptorTable->ServiceTableBase + 0x7A * 4;//0x7A为NtOpenProcess服务ID
DbgPrint("Address:0x%08X",Address);
OldServiceAddress = *(ULONG*)Address;
请问OldServiceAddress = *(ULONG*)Address;与OldServiceAddress = Address;有什么区别?望大虾指点一下。
ULONG Address;
ULONG OldServiceAddress;//原来NtOpenProcess的服务地址
Address = (ULONG)KeServiceDescriptorTable->ServiceTableBase + 0x7A * 4;//0x7A为NtOpenProcess服务ID
DbgPrint("Address:0x%08X",Address);
OldServiceAddress = *(ULONG*)Address;
请问OldServiceAddress = *(ULONG*)Address;与OldServiceAddress = Address;有什么区别?望大虾指点一下。