哪位大虾有 Windows NT System Call Hooking 的相关信息资料？？

sanpi 2000-02-01 10:41:00

...全文

195 2 打赏收藏转发到动态举报

写回复

2 条回复

切换为时间正序

请发表友善的回复…

发表回复

jiangtao 2000-02-01

打赏
举报

回复

www.sysinternals.com

sanpi 2000-02-01

打赏
举报

回复

有谁能提供信息资料，或下载站点（要能成功下载）。
My E_Mail :sanpi2000@sina.com

Table of Contents Chapter 1: Windows NT: An Inside Look EVALUATING WINDOWS NT DELVING INTO THE WINDOWS NT ARCHITECTURE SUMMARY Chapter 2: Writing Windows NT Device Drivers PREREQUISITES TO WRITING NT DEVICE DRIVERS DRIVER BUILD PROCEDURE STRUCTURE OF A DEVICE DRIVER SUMMARY Chapter 3: Win32 Implementations: A Comparative Look WIN32 API IMPLEMENTATION ON WINDOWS 95 WIN32 API IMPLEMENTATION ON WINDOWS NT WIN32 IMPLEMENTATION DIFFERENCES SUMMARY Chapter 4: Memory Management MEMORY MODELS IN MICROSOFT OPERATING SYSTEMS WINDOWS NT MEMORY MANAGEMENT OVERVIEW BELOW THE OPERATING SYSTEM THE INSIDE LOOK VIRTUAL MEMORY MANAGEMENT VIRTUAL ADDRESS DESCRIPTORS IMPACT ON HOOKING SWITCHING CONTEXT DIFFERENCES BETWEEN WINDOWS NT AND WINDOWS 95/98 SUMMARY Chapter 5: Reverse Engineering Techniques HOW TO PREPARE FOR REVERSE ENGINEERING HOW TO REVERSE ENGINEER UNDERSTANDING CODE GENERATION PATTERNS HOW WINDOWS NT PROVIDES DEBUGGING INFORMATION HOW TO DECIPHER THE PARAMETERS PASSED TO AN UNDOCUMENTED FUNCTION TYPICAL ASSEMBLY LANGUAGE PATTERNS AND THEIR MEANINGS THE PRACTICAL APPLICATION OF REVERSE ENGINEERING SUMMARY Chapter 6: Hooking Windows NT System Services SYSTEM SERVICES: THE LONG VIEW NEED FOR HOOKING SYSTEM SERVICES TYPES OF HOOKS IMPLEMENTATIONS OF HOOKS WINDOWS NT SYSTEM SERVICES HOOKING NT SYSTEM SERVICES SUMMARY Chapter 7: Adding New System Services to the Windows NT Kernal DETAILED IMPLEMENTATION OF A SYSTEM SERVICE IN WINDOWS NT ADDING NEW SYSTEM SERVICES EXAMPLE OF ADDING A NEW SYSTEM SERVICE SUMMARY Chapter 8: Local Procedure Call THE ORIGIN OF THE SUBSYSTEMS LOCAL PROCEDURE CALL PORT-RELATED FUNCTIONS LPC SAMPLE PROGRAMS QUICK LPC SUMMARY Chapter 9: Hooking Software Interrupts WHAT ARE INTERRUPTS? HOW OPERATING SYSTEMS USE SOFTWARE INTERRUPTS WHY SOFTWARE INTERRUPTS NEED TO BE HOOKED HOW TO HOOK SOFTWARE INTERRUPTS SUMMARY Chapter 10: Adding New Software Interrupts WHAT HAPPENS WHEN A 32-BIT APPLICATION EXECUTES AN INT NN INSTRUCTION? ADDING NEW SOFTWARE INTERRUPTS TO THE WINDOWS NT KERNEL USING CALLGATES TO EXECUTE PRIVILEGED CODE HOW TO USE THE CALLGATE TECHNIQUE PAGING ISSUES SUMMARY Chapter 11: Portable Executable File Format OVERVIEW OF A PE FILE STRUCTURE OF A PE FILE RELATIVE VIRTUAL ADDRESS DETAILS OF THE PE FORMAT INDICES IN THE DATA DIRECTORY LOADING PROCEDURE SUMMARY

This book documents what goes on under the covers in Windows NT. Three experts share what they've dug up on NT through years of hands-on research and programming experience. The authors dissect the Win32 interface, deconstruct the underlying APIs, and decipher the Memory Management architecture to help you understand operations, fix flaws, and enhance performance. Table of Contents Chapter 1: Windows NT: An Inside Look EVALUATING WINDOWS NT DELVING INTO THE WINDOWS NT ARCHITECTURE SUMMARY Chapter 2: Writing Windows NT Device Drivers PREREQUISITES TO WRITING NT DEVICE DRIVERS DRIVER BUILD PROCEDURE STRUCTURE OF A DEVICE DRIVER SUMMARY Chapter 3: Win32 Implementations: A Comparative Look WIN32 API IMPLEMENTATION ON WINDOWS 95 WIN32 API IMPLEMENTATION ON WINDOWS NT WIN32 IMPLEMENTATION DIFFERENCES SUMMARY Chapter 4: Memory Management MEMORY MODELS IN MICROSOFT OPERATING SYSTEMS WINDOWS NT MEMORY MANAGEMENT OVERVIEW BELOW THE OPERATING SYSTEM THE INSIDE LOOK VIRTUAL MEMORY MANAGEMENT VIRTUAL ADDRESS DESCRIPTORS IMPACT ON HOOKING SWITCHING CONTEXT DIFFERENCES BETWEEN WINDOWS NT AND WINDOWS 95/98 SUMMARY Chapter 5: Reverse Engineering Techniques HOW TO PREPARE FOR REVERSE ENGINEERING HOW TO REVERSE ENGINEER UNDERSTANDING CODE GENERATION PATTERNS HOW WINDOWS NT PROVIDES DEBUGGING INFORMATION HOW TO DECIPHER THE PARAMETERS PASSED TO AN UNDOCUMENTED FUNCTION TYPICAL ASSEMBLY LANGUAGE PATTERNS AND THEIR MEANINGS THE PRACTICAL APPLICATION OF REVERSE ENGINEERING SUMMARY Chapter 6: Hooking Windows NT System Services SYSTEM SERVICES: THE LONG VIEW NEED FOR HOOKING SYSTEM SERVICES TYPES OF HOOKS IMPLEMENTATIONS OF HOOKS WINDOWS NT SYSTEM SERVICES HOOKING NT SYSTEM SERVICES SUMMARY Chapter 7: Adding New System Services to the Windows NT Kernal DETAILED IMPLEMENTATION OF A SYSTEM SERVICE IN WINDOWS NT ADDING NEW SYSTEM SERVICES EXAMPLE OF ADDING A NEW SYSTEM SERVICE SUMMARY Chapter 8: Local Procedure Call THE ORIGIN OF THE SUBSYSTEMS LOCAL PROCEDURE CALL PORT-RELATED FUNCTIONS LPC SAMPLE PROGRAMS QUICK LPC SUMMARY Chapter 9: Hooking Software Interrupts WHAT ARE INTERRUPTS? HOW OPERATING SYSTEMS USE SOFTWARE INTERRUPTS WHY SOFTWARE INTERRUPTS NEED TO BE HOOKED HOW TO HOOK SOFTWARE INTERRUPTS SUMMARY Chapter 10: Adding New Software Interrupts WHAT HAPPENS WHEN A 32-BIT APPLICATION EXECUTES AN INT NN INSTRUCTION? ADDING NEW SOFTWARE INTERRUPTS TO THE WINDOWS NT KERNEL USING CALLGATES TO EXECUTE PRIVILEGED CODE HOW TO USE THE CALLGATE TECHNIQUE PAGING ISSUES SUMMARY Chapter 11: Portable Executable File Format OVERVIEW OF A PE FILE STRUCTURE OF A PE FILE RELATIVE VIRTUAL ADDRESS DETAILS OF THE PE FORMAT INDICES IN THE DATA DIRECTORY LOADING PROCEDURE SUMMARY

许多系统都通过拦截技术（spying techniques）利用现有windows应用程序。而拦截的一个重要目的，并不只是为应用程序提供更高级功能，而是为完成调试。
与老式操作系统（如dos，win3.xx）不同，现有操作系统（如WINNT/2K和win9X）使用了成熟的机制来分隔各进程的地址空间。这种架构提供了真正的内存保护，因此任何应用程序都不能破坏属于其它进程的地址空间，更不可能破坏操作系统本身。这使得开发系统相关的钩子（system-aware hooks）变得十分困难。
我写这篇文章就是要探讨一种简单实用的钩子机制，它提供了一个简单的接口，用来拦截不同的API调用。它也示范了一些技巧，可以帮助你开发出自己的api拦截程序（spying system）。同时它还提供了一系列在WIN2K/NT和WIN98/ME（下面简称9X）等windows上拦截WIN32 API 的方法。为了简化我的描述，我没有引入UNICODE的相关内容。但你只需对代码作一些微小改动就能支持UNICODE。

Stealth hooking：Another way to subvert the Windows Kernel

深入讲解API HOOK技术内幕，是我想做一个对战平台的时候，下载的学习资料，

5,388

社区成员

262,730

社区内容

发帖

与我相关

我的任务

社区管理员

加入社区

近7日
近30日
至今

加载中

查看更多榜单

社区公告

暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章