随笔分类 -  Win32

Windows Internals
摘要:Chapter 6 I/O system Driver objects and device objects Experiment: Looking at device objects 1 !object \Device 2 !drvobj 3 !devobj 4 !process 0 0 dwm. 阅读全文
posted @ 2022-04-12 17:32 anyboo 阅读(76) 评论(0) 推荐(0) 编辑
SSDT and SSTD shadow
摘要:!idt dps nt!KeServiceDescriptorTable dds KiServiceTable dq KiServiceTable ln poi(KiServiceTable + 102 * 4) Hook SSDT(Shadow) Hooking the System Servic 阅读全文
posted @ 2022-04-01 16:13 anyboo 阅读(43) 评论(0) 推荐(0) 编辑
WIndows Security and Identity [Authorizaiton Part]
摘要:$user - Display a structure with account information for the account running the application. For security reasons, the password information is not di 阅读全文
posted @ 2021-12-27 10:45 anyboo 阅读(21) 评论(0) 推荐(0) 编辑
Asynchronous Procedure Calls
摘要:An asynchronous procedure call (APC) is a function that executes asynchronously in the context of a particular thread. QueueUserAPC A thread enters an 阅读全文
posted @ 2020-07-23 15:06 anyboo 阅读(165) 评论(0) 推荐(0) 编辑
设备发现之初探 Setupapi
摘要:本文介绍Windows设备管理领域,重点讨论SetupDiXXX一族API的细节。 Devguid.h定义了经典设备的类GUID ,形如:GUID_DEVCLASS_Xxx 例: GUID_DEVCLASS_PRINTQUEUE 计算机\HKEY_LOCAL_MACHINE\SYSTEM\Curre 阅读全文
posted @ 2020-07-02 14:16 anyboo 阅读(715) 评论(0) 推荐(0) 编辑
VS2017调试技巧
摘要:“类视图”和“对象浏览器”图标 VS2017调试小技巧 $ADDRESS Current instruction $CALLER Calling function name $CALLSTACK Call stack $FUNCTION Current function name $PID Proc 阅读全文
posted @ 2020-07-01 09:38 anyboo 阅读(232) 评论(0) 推荐(0) 编辑

点击右上角即可分享
微信分享提示