24-May-2010: PEEKs and POKEs in Windows x64?

This kernel/driver-level Windows NT code:

void huh()
{
	LARGE_INTEGER a;
	KeQueryTickCount(&a);
	DbgPrint ("%d", a.QuadPart);
};

... is now translated in Windows 2003 DDK x64 environment into:

                 mov     rdx, 0FFFFF78000000320h
                 lea     rcx, Format     ; "%d"
                 mov     rdx, [rdx]
                 call    DbgPrint_0

Wow, some variable's address (KeTickCount) is now hardcoded just into driver's code during compilation.

Is not it just return to the PEEKs and POKEs?

http://en.wikipedia.org/wiki/PEEK_and_POKE

Is Microsoft promise to fix this variable to this address forever?


This open sourced site and this page in particular is hosted on GitHub. Patches, suggestions and comments are welcome.


→ [list of blog posts, my twitter/facebook]

The page last updated on 27-April-2016