Welcome![Sign In][Sign Up]
Front-page it | Collect it | [中国-简体中文]
FAQ Fav
Location:
Search - ZwCreateFile

Search list

[Driver DevelopIrp-Files

Description: 直接IRP操作文件的实现问题,其实对于大部分接口(诸如: ZwReadFile、ZwWriteFile、ZwSetInformationFile、ZwDeleteFile等)在OSR上的“ Rolling Your Own - Building IRPs to Perform I/O ”一文中已经实现,但是那里面的实现还不够全。所以,我就翻出了前段时间在网上淘到的资料,特与大家共享!尤其值得注意的是,这里面还实现了ZwCreateFile接口! 大家都知道使用IRP的好处就是:效率提高了,对中断级要求更宽了,还解决了常见的重入问题等等。 附件中一个是接口的实现代码,另外一个是应用实例。
Platform: | Size: 146814 | Author: kingbaser | Hits:

[Driver DevelopIrp-Files

Description: 直接IRP操作文件的实现问题,其实对于大部分接口(诸如: ZwReadFile、ZwWriteFile、ZwSetInformationFile、ZwDeleteFile等)在OSR上的“ Rolling Your Own - Building IRPs to Perform I/O ”一文中已经实现,但是那里面的实现还不够全。所以,我就翻出了前段时间在网上淘到的资料,特与大家共享!尤其值得注意的是,这里面还实现了ZwCreateFile接口! 大家都知道使用IRP的好处就是:效率提高了,对中断级要求更宽了,还解决了常见的重入问题等等。 附件中一个是接口的实现代码,另外一个是应用实例。 -IRP operation documents directly realize the problem, in fact, for most interface (such as: ZwReadFile, ZwWriteFile, ZwSetInformationFile, ZwDeleteFile etc.) in the OSR on the Rolling Your Own- Building IRPs to Perform I/O one text has been achieved, but that there realize the whole is not enough. Therefore, some time ago I saw video of Amoy in the online information, special to share with everyone! It is worth noting that there have also achieved ZwCreateFile interface! We all know the benefits of the use of IRP is to: improve the efficiency of interrupt-level requirements of a broader, and also solve the common problem of re-entry and so on. Annex A is the realization of interface code, the other one is the application example.
Platform: | Size: 146432 | Author: kingbaser | Hits:

[Driver DevelopZwCreateFile

Description: HOOK ZwCreateFile 配合 ZwDeleteFile 实现监视不许指定文件创建-HOOK ZwCreateFile with monitoring the realization of ZwDeleteFile not create the specified file
Platform: | Size: 2048 | Author: 朱芮男 | Hits:

[OS programZwCreateFile

Description: ZwCreateFile 挂钩驱动源码, 挂钩驱动-ZwCreateFile hook-driven source code, hook-driven
Platform: | Size: 160768 | Author: 张皓 | Hits:

[OS programHookPE

Description: Hook内核导出函数ZwCreateFile的一个实例,可在此基础上扩展。-an instance of hook ZwCreateFile exported from windows kernel. It can be extended.
Platform: | Size: 19456 | Author: 田野 | Hits:

[Windows CEdmp

Description: KeCapturePersistentThreadState捕捉当前线程,获得_DUMP_HEADER结构内容,其中比较有趣的内容是DumpHead->PsLoadedModuleList,DumpHead->PsActiveProcessHead,DumpHead->PfnDataBase..... 接下来就是将_DUMP_HEADER结构内容写到一个dmp文件里, ZwCreateFile---->ZwWriteFile..... -KeCapturePersistentThreadState capture the current thread, get _DUMP_HEADER structure content, which is interesting is the content of the DumpHead-> PsLoadedModuleList, DumpHead-> PsActiveProcessHead, DumpHead-> PfnDataBase... The next step is to _DUMP_HEADER structure content wrote a DMP files, ZwCreateFile- > ZwWriteFile...
Platform: | Size: 2048 | Author: 王明 | Hits:

[Windows DevelopZwCreateFile

Description: 读取磁盘文件ZwCreateFile等API函数使用-Read disk files and other API functions use ZwCreateFile
Platform: | Size: 3962880 | Author: 陈文寿 | Hits:

CodeBus www.codebus.net