--- Alex Ionescu ionucu@videotron.ca wrote:
mrnobo1024 wrote:
The new implementations for RtlFillMemory, RtlZeroMemory, and
RtlMoveMemory
have a bug where they don't write the last 1-3 bytes if the length isn't
a
multiple of the word size. They have an "or ecx, ecx" which needs to be
"or
ecx, edx".
Noted, thanks! Surprised it still booted!
Looking at them again I noticed a couple other problems. At the end of RtlCompareMemory it subtracts the length (esp+20) instead of the buffer start (esp+12), and RtlCompareMemoryUlong subtracts from esi when it's using edi.
I also noticed some of the functions clear the direction flag, and some don't. This would be either a bug or just unnecessary code. I don't know if the Win32 calling conventions require the flag to be clear before calling a function or not.
Also the new RtlUlonglongByteSwap is sub-optimal, it swaps eax and edx when they could have just been read in reverse order like the other version did.
Not true. BSWAP will pair on the pipe and be executed much faster.
I meant that instead of mov edx,[esp+8] mov eax,[esp+4] it could be mov edx,[esp+4] mov eax,[esp+8]. I don't think that would affect instruction pairing.
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com