Какой ресурс в NT жестко ассоциирован с хэндлом со значением 4 ?

← →
paul_shmakov (2001-11-07 20:50) [13]

тоже самое на асме
; ; test.asm ; deletes itself. winnt only ; tasm32 /ml test.asm ; ilink32 test,,,import32.lib ; .386P .MODEL flat EXTERN GetModuleHandleA: PROC EXTERN GetModuleFileNameA: PROC EXTERN GetProcAddress: PROC .DATA szKernel db "kernel32.dll", 0 szUnmapViewOfFile db "UnmapViewOfFile", 0 szCloseHandle db "CloseHandle", 0 szExitProcess db "ExitProcess", 0 szDeleteFile db "DeleteFileA", 0 MAX_PATH equ 260 VAR_COUNT equ 6 VAR_SIZE equ (MAX_PATH + VAR_COUNT * 4) hInstance equ dword ptr [ebp] pUnmapViewOfFile equ dword ptr [ebp + 4] pCloseHandle equ dword ptr [ebp + 8] pExitProcess equ dword ptr [ebp + 0Ch] pDeleteFile equ dword ptr [ebp + 10h] szFileName equ dword ptr [ebp + 14h] .CODE main PROC push ebp sub esp, VAR_SIZE mov ebp, esp push 0 call GetModuleHandleA mov hInstance, eax push MAX_PATH lea ebx, szFileName push ebx push eax call GetModuleFileNameA mov eax, OFFSET szKernel push eax call GetModuleHandleA mov ebx, eax push OFFSET szUnmapViewOfFile push ebx call GetProcAddress mov pUnmapViewOfFile, eax push OFFSET szCloseHandle push ebx call GetProcAddress mov pCloseHandle, eax push OFFSET szExitProcess push ebx call GetProcAddress mov pExitProcess, eax push OFFSET szDeleteFile push ebx call GetProcAddress mov pDeleteFile, eax push 0 lea eax, szFileName push eax push pExitProcess push 4 push pDeleteFile push hInstance push pCloseHandle push pUnmapViewOfFile ret pop ebp ; never get here ret main ENDP END main

Какой ресурс в NT жестко ассоциирован с хэндлом со значением 4 ? Найти похожие ветки