2013年1月6日

记录一些重要的运行时函数

摘要: Summary of Kernel-Mode Safe String FunctionsThe following table summarizes the safe string functions that are available to kernel-mode drivers, and it indicates the C/C++ language runtime library functions that they replace. If a function's name contains Cb, the function treats strings as byte-c 阅读全文

posted @ 2013-01-06 23:27 emissary 阅读(546) 评论(0) 推荐(0) 编辑

派遣例程和 IRQLs

摘要: Dispatch Routines and IRQLsMost drivers' dispatch routines are called in an arbitrary thread context at IRQL = PASSIVE_LEVEL, with the following exceptions:Any highest-level driver's dispatch routines are called in the context of the thread that originated the I/O request, which is commonly 阅读全文

posted @ 2013-01-06 19:08 emissary 阅读(249) 评论(0) 推荐(0) 编辑

记录几个网址

摘要: Driver to Hide Processes and Fileshttp://www.codeproject.com/Articles/32744/Driver-to-Hide-Processes-and-FilesDriver to Hide Processes and Files. Second Edition: Splicinghttp://www.codeproject.com/Articles/167583/Driver-to-Hide-Processes-and-Files-Second-EditionSimple antirootkithttp://apriorit.com/ 阅读全文

posted @ 2013-01-06 13:55 emissary 阅读(148) 评论(0) 推荐(0) 编辑

导航