Hi,

I often see in ollydbg's analysis, it put comments like the following:
01006AEE . 53 PUSH EBX ; /pModule = ""
01006AEF . 8B3D 4C110001 MOV EDI,DWORD PTR DS:[<&KERNEL32.GetModuleHandleA>>; |kernel32.GetModuleHandleA
01006AF5 . FFD7 CALL EDI ; \GetModuleHandleA

However when I get to some api like ZwCreateFile,
no comments get loaded
I've searched, but not sure how olly does it, is it through symbols?
How can I manually add the ZwCreateFile in comments?

I only need this as some ZwXXX functions have a lot of arguments, and looking at what each of them are is a pain

thanks

Zwxxx are supposedly the 'undocumented functions' of MS... You're not supposed to know or fiddle with them. That's why there is no proper documentation... though I remember long ago an enterprising binary analyst had written a book about them...

Have Phun

look at post # nine in this thread for adding your own descriptions to unknownm functions

http://www.woodmann.com/forum/showthread.php?t=10437&highlight=.arg

ah, ok
thanks a lot