--- Alex Ionescu <ionucu(a)videotron.ca> wrote:
mrnobo1024 wrote:
The new implementations for RtlFillMemory,
RtlZeroMemory, and
RtlMoveMemory
have a bug where they don't write the last
1-3 bytes if the length isn't
a
multiple of the word size. They have an "or
ecx, ecx" which needs to be
"or
ecx, edx".
Noted, thanks! Surprised it still booted!
Looking at them again I noticed a couple other problems. At the end of
RtlCompareMemory it subtracts the length (esp+20) instead of the buffer start
(esp+12), and RtlCompareMemoryUlong subtracts from esi when it's using edi.
I also noticed some of the functions clear the direction flag, and some
don't. This would be either a bug or just unnecessary code. I don't know if
the Win32 calling conventions require the flag to be clear before calling a
function or not.
Also the new
RtlUlonglongByteSwap is sub-optimal, it swaps eax and
edx when they could have just been read in reverse order like the other
version did.
Not true. BSWAP will pair on the pipe and be executed much faster.
I meant that instead of mov edx,[esp+8] mov eax,[esp+4] it could be mov
edx,[esp+4] mov eax,[esp+8]. I don't think that would affect instruction pairing.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com