WinPcap: NPF驱动核心指南
优质
小牛编辑
134浏览
2023-12-01
模块 | |
NPF 结构与定义 | |
NPF 函数 | |
数据结构 | |
struct | binary_stream |
A stream of X86 binary code. More... | |
struct | JIT_BPF_Filter |
Structure describing a x86 filtering program created by the jitter. More... | |
定义 | |
#define | EAX0 |
#define | ECX1 |
#define | EDX2 |
#define | EBX3 |
#define | ESP4 |
#define | EBP5 |
#define | ESI6 |
#define | EDI7 |
#define | AX0 |
#define | CX1 |
#define | DX2 |
#define | BX3 |
#define | SP4 |
#define | BP5 |
#define | SI6 |
#define | DI7 |
#define | AL0 |
#define | CL1 |
#define | DL2 |
#define | BL3 |
#define | MOVid(r32, i32)emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4); |
mov r32,i32 | |
#define | MOVrd(dr32, sr32)emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); |
mov dr32,sr32 | |
#define | MOVodd(dr32, sr32, off) |
mov dr32,sr32[off] | |
#define | MOVobd(dr32, sr32, or32) |
mov dr32,sr32[or32] | |
#define | MOVobw(dr32, sr32, or32) |
mov dr16,sr32[or32] | |
#define | MOVobb(dr8, sr32, or32) |
mov dr8,sr32[or32] | |
#define | MOVomd(dr32, or32, sr32) |
mov [dr32][or32],sr32 | |
#define | BSWAP(dr32) |
bswap dr32 | |
#define | SWAP_AX() |
xchg al,ah | |
#define | PUSH(r32)emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1); |
push r32 | |
#define | POP(r32)emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1); |
pop r32 | |
#define | RET()emitm(&stream, 12 << 4 | 0 << 3 | 3, 1); |
ret | |
#define | ADDrd(dr32, sr32) |
add dr32,sr32 | |
#define | ADD_EAXi(i32) |
add eax,i32 | |
#define | ADDid(r32, i32) |
add r32,i32 | |
#define | ADDib(r32, i8) |
add r32,i8 | |
#define | SUBrd(dr32, sr32) |
sub dr32,sr32 | |
#define | SUB_EAXi(i32) |
sub eax,i32 | |
#define | MULrd(r32) |
mul r32 | |
#define | DIVrd(r32) |
div r32 | |
#define | ANDib(r8, i8) |
and r8,i8 | |
#define | ANDid(r32, i32) |
and r32,i32 | |
#define | ANDrd(dr32, sr32) |
and dr32,sr32 | |
#define | ORrd(dr32, sr32) |
or dr32,sr32 | |
#define | ORid(r32, i32) |
or r32,i32 | |
#define | SHLib(r32, i8) |
shl r32,i8 | |
#define | SHL_CLrb(dr32) |
shl dr32,cl | |
#define | SHRib(r32, i8) |
shr r32,i8 | |
#define | SHR_CLrb(dr32) |
shr dr32,cl | |
#define | NEGd(r32) |
neg r32 | |
#define | CMPodd(dr32, sr32, off) |
cmp dr32,sr32[off] | |
#define | CMPrd(dr32, sr32) |
cmp dr32,sr32 | |
#define | CMPid(dr32, i32) |
cmp dr32,i32 | |
#define | JNEb(off8) |
jne off32 | |
#define | JE(off32) |
je off32 | |
#define | JLE(off32) |
jle off32 | |
#define | JLEb(off8) |
jle off8 | |
#define | JA(off32) |
ja off32 | |
#define | JAE(off32) |
jae off32 | |
#define | JG(off32) |
jg off32 | |
#define | JGE(off32) |
jge off32 | |
#define | JMP(off32) |
jmp off32 | |
自定义类型 | |
typedef UINT(__cdecl *) | BPF_filter_function (PVOID *, ULONG, UINT) |
Prototype of a filtering function created by the jitter. | |
typedef void(*) | emit_func (binary_stream *stream, ULONG value, UINT n) |
Prototype of the emit functions. |