Location:
Search - kernel mode api
Search list
Description: 内核模式的API间谍-
我们将扩大我们的模式,内核模式从事间谍活动,并钩的API调用这是由我们的目标设备驱动程序。 我们还将推出一个全新的沟通方式之间的内核模式驱动程序和用户模式应用-而不是使用系统服务,我们将执行我们自己的小型版本的异步过程调用。 -Kernel-mode API spying- We will expand our model, kernel-mode engaged in espionage activities, and hook the API call it is our goal device drivers. We will also launch an entirely new way of communication between the kernel-mode drivers and user-mode application- rather than the use of system services, we will implement our own small version of the asynchronous procedure call.
Platform: |
Size: 24576 |
Author: mm |
Hits:
Description: Kernel-mode API spying - an ultimate hack.-Kernel-mode API spying- an ultimate hack.
Platform: |
Size: 153600 |
Author: liulang |
Hits:
Description: Ring0级操作注册表!在驱动开发中,经常会用到对注册表的操作,与Win32的API不同,DDK提供另外一套对注册表操作的相关函数,本代码给出了内核模式下对注册表的所有操作实例!-Ring0 registry class operation! At driver development, often used for the operation of the registry with Win32' s API different, DDK provide another set of registry operations correlation function, the code give the kernel mode of operation of the registry of all the examples !
Platform: |
Size: 6144 |
Author: 隔夜茶 |
Hits:
Description: 本书是一本介绍Windows核心技术及高级技巧的专著。从系统内核编程出发,使用大量的例子帮助读者理解这些编程技术,讲述了线程同步及隐藏、系统钩子深入分析、读写物理磁盘的关键技术、读写物理内存和其他进程内存的核心技术、Windows 9x下调用16位实模式和保护模式代码的核心技术、直接读写端口技术、可执行文件加壳的技巧、PE结构分析、Ring0的实现、Windows API截取技术、屏幕取词技术等方面的内容。全书对热点源代码进行了深入剖析和讲解,同时本书汇聚了作者利用Soft-ICE跟踪调试经验,作者多年的编程心得和技巧一览无遗。随书附送的光盘提供了书中涉及的程序源代码。-This book is an introduction Windows core technology and advanced techniques monographs. Starting from the system kernel programming, using a large number of examples to help readers understand the programming techniques described thread synchronization and hidden, system hooks in-depth analysis of the physical disk read and write the key technology, reading and writing physical memory and other processes memory the core technology, Windows 9x next call 16-bit real mode and protected-mode code, the core technology, direct read and write port technology, executable packers skills, PE structural analysis, Ring0 realization, Windows API interception technology, Capture Characters from Screen Technology and other aspects. The book on the hot source code in-depth analysis and explanation, while the book brings together authors tracked the use of Soft-ICE debugging experience, the author many years of programming experience and skills at a glance. CD-ROM supplied with the book provides the p
Platform: |
Size: 49120256 |
Author: 龙文 |
Hits:
Description: 通过多个实例,由浅入深地讲述Win32 API程序设计、类库框架设计、MFC程序设计、内核模式程序设计等-Through multiple instances, implemented progressively to about Win32 API programming, class library framework design, MFC programming, kernel-mode program design
Platform: |
Size: 9417728 |
Author: wanghl |
Hits:
Description: ulios1是我的毕业设计课题,它是一个简单的单内核多任务分时图形化操作系统。由于设计的疏漏和时间的限制,已经无法继续一些更高级的开发了。 ulios2在ulios1的基础上进行了结构、算法的重大改进,代码彻底重写。实现内核级线程的支持,实现共享库的支持,扩展进程地址空间到4G,提供高速IPC,提供高扩展性的内核API,成为一个用于x86桌面操作系统的微内核。 在这个微内核的基础上实现文件系统、可执行文件和库加载器、用户态驱动服务、TCP/IP驱动、GUI、CUI、shell以及工具软件甚至浏览器、媒体播放器等可组成一个实用的桌面系统。 -ulios1 is my graduation project, it is a simple single-core multi-tasking graphical time-sharing operating system. As the design oversight and time constraints, has been unable to continue some of the more advanced developed. ulios2 in ulios1 on the basis of the structure, a significant improvement algorithm, code completely rewritten. Achieve kernel-level thread support, shared library support, extended process address space to 4G, high-speed IPC, to provide highly scalable core API, as a desktop operating system for the x86 micro-kernel. In this micro-kernel based on the file system, executable files and libraries loader, user mode driver service, TCP/IP drivers, GUI, CUI, shell and tools and even the browser, media player, etc. can form a useful desktop system.
Platform: |
Size: 343040 |
Author: 孙亮 |
Hits:
Description: Ring0级操作注册表!在驱动开发中,经常会用到对注册表的操作,与Win32的API不同同,DDK提供另外一套对注册表操作的相关函数,本代码给出了内核模式下对注册表的所有操作实例!
-Ring0 level operation of the registry! Driven development, often used in the operation of the registry, with the Win32 API, DDK provides another set of registry operations function, the code gives the kernel mode registry instance !
Platform: |
Size: 6144 |
Author: 结盟 |
Hits:
Description: 一个高性能的网络数据包处理架构,利用WinpkFilter可以在应用层直接对数据包进行处理,甚至可以在应用层延缓数据包发送-WinpkFilter is a high performance packet filtering framework for Windows that allows developers to transparently filter (view and modify) raw network packets with minimal impact on network activity without having to write low level TDI or NDIS driver code.
WinpkFilter is more than just a firewall development kit for Windows. With WinpkFilter you can make an application that inserts itself into the Windows network stream: custom firewall solution, internet connection sharing (NAT), IP shaper, VPN and many other low-level network solutions completely in user-mode using your favorite development environment: Visual C++, Visual C#, Delphi, Visual Basic, C++ Builder and etc.
Using WinpkFilter requires no experience in kernel mode programming on your behalf since WinpkFilter provides you with powerful user level API. However, if you need to implement your solution (to achieve better performance) in kernel mode you can use well-documented raw IOCTL interface as well.
Platform: |
Size: 5840896 |
Author: awe |
Hits:
Description: EasyHook starts where Microsoft Detours ends.
This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software.-EasyHook starts where Microsoft Detours ends. This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software.
Platform: |
Size: 1777664 |
Author: l |
Hits:
Description: USBSAMP的示例演示了如何执行完整和高速散装和同步,超音速散装流数据传输到一个通用USB设备通过使用内核模式驱动程序框架(KMDF)。超快速度的批量传输只有工作当微软USB 3.0堆栈被加载。示例还包含一个控制台应用程序,启动批量测试(包括流)和等时传输和获取数据从设备的I / O端点。该应用程序还演示了如何使用设备名称和管道基础guid名称生成的操作系统使用SetupDiXXX用户模式api。-The USBSAMP sample demonstrates how to perform full and high speed bulk and isochronous, and SuperSpeed bulk stream data transfers to a generic USB device by using Kernel Mode Driver Framework (KMDF). Superspeed bulk transfers only work when the Microsoft USB 3.0 stack is loaded. The sample also contains a console test application that initiates bulk (including stream) and isochronous transfers and obtains data from the device s I/O endpoints. The application also demonstrates how to use GUID-based device names and pipe names generated by the operating system using the SetupDiXXX user-mode APIs.
Platform: |
Size: 75776 |
Author: 冯一疯 |
Hits:
Description: NT/2K provides a set of APIs, known as "Process Structure Routines" [2] exported by NTOSKRNL. One of these APIs PsSetCreateProcessNotifyRoutine() offers the ability to register system-wide callback function which is called by OS each time when a new process starts, exits or is terminated. The mentioned API can be employed as an easy to implement method for tracking down processes simply by implementing a NT kernel-mode driver and a user mode Win32 control application. The role of the driver is to detect process execution and notifiy the control program about these events.
Platform: |
Size: 34816 |
Author: sirpoot |
Hits: