驱动调试方法 1.查看内核打印日志 2.挂虚拟机调试
摘要:1.DebugPrintFilter.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter] "
阅读全文
Directory
摘要:ok = CreateDirectory(TempFolder, NULL); if ((! ok) && GetLastError() == ERROR_ALREADY_EXISTS) ok = TRUE; WCHAR filename[MAX_PATH + 64]; ZeroMemory(fil
阅读全文
SandBoxie-LPC通信
摘要:req->h.msgid = MSGID_PROCESS_RUN_SANDBOXED; status = NtRequestWaitReplyPort(data->PortHandle, (PORT_MESSAGE *)spaceReq, (PORT_MESSAGE *)spaceRpl); sta
阅读全文
service map
摘要:BOOL Kmd_Install_Service( const wchar_t *Service_Name, const wchar_t *Service_Path, const wchar_t *Service_Display, const wchar_t *Service_Group, OPTI
阅读全文
thread map
摘要:Figure 5: An example of the Windows NT multithreaded server status = NtOpenThreadToken( NtCurrentThread(), TOKEN_QUERY, FALSE, &hOldToken); b = GetThr
阅读全文
windows token(The Windows Distributed Security Model)
摘要:ALIGNED void EnablePriv(void) { // // enable SeRestorePrivilege so SetShortName() can do its job // WCHAR priv_space[64]; TOKEN_PRIVILEGES *privs = (T
阅读全文
wcs相关
摘要:wcscpy(cmdline, L"/box:"); wcscat(cmdline, L"__ask__"); _wcsicmp(name, L"RPCSS") _wcsnicmp(ptr, L"system32\\wuauclt.exe", 20) if (wcschr(src, L'\"'))
阅读全文
Managing Heap Memory
摘要:The Windows subsystem on Windows NT provides high-level memory management functions that make it easy for applications to build dynamic data structure
阅读全文
windows架构
摘要:Figure 1: A general representation of Operating System as a ring-structure Figure 2: A layered structure of Windows NT OS
阅读全文
process map
摘要:Figure 5-1. Data structures associated with processes and threads Figure 5-2. Structure of an executive process block Figure 5-3. Structure of the exe
阅读全文
TLS(Thread local storage)相关
摘要:TlsAllocTlsFreeTlsGetValueTlsSetValue 例子: #include <stdio.h> #include <windows.h> #define THREADCOUNT 2 DWORD dwTlsIndex; VOID ErrorExit(LPCWSTR lpszM
阅读全文