Windows kernel analysis index directory : https: //www.cnblogs.com/onetrainee/p/11675224.html
Common set of assembly instructions
1. gdtr
1.gdtr read gdt table address
It requires six bytes, but the first two bytes and useless.
Assembly code:
CHAR Sgdtr[6] = { NULL };
__asm {
sgdt Sgdtr;
}
View memory address: ff 03 00 f0 03 80
After four byte value 8003f000, windbg r gdtr can be verified.