社区
Delphi
帖子详情
哪位大虾有 Windows NT System Call Hooking 的相关信息资料??
sanpi
2000-02-01 10:41:00
...全文
197
2
打赏
收藏
哪位大虾有 Windows NT System Call Hooking 的相关信息资料??
复制链接
扫一扫
分享
转发到动态
举报
写回复
配置赞助广告
用AI写文章
2 条
回复
切换为时间正序
请发表友善的回复…
发表回复
打赏红包
jiangtao
2000-02-01
打赏
举报
回复
www.sysinternals.com
sanpi
2000-02-01
打赏
举报
回复
有谁能提供信息资料,或下载站点(要能成功下载)。
My E_Mail :sanpi2000@sina.com
Undocume
nt
ed
Windows
NT
带图完整英文版chm
Table of Co
nt
e
nt
s Chapter 1:
Windows
NT
: An Inside Look EVALUAT
ING
WINDOWS
NT
DELV
ING
I
NT
O THE
WINDOWS
NT
ARCHITECTURE SUMMARY Chapter 2: Writ
ing
Windows
NT
Device Drivers PREREQUISITES TO WRIT
ING
NT
DEVICE DRIVERS DRIVER BUILD PROCEDURE STRUCTURE OF A DEVICE DRIVER SUMMARY Chapter 3: Win32 Impleme
nt
ations: A Comparative Look WIN32 API IMPLEME
NT
ATION ON
WINDOWS
95 WIN32 API IMPLEME
NT
ATION ON
WINDOWS
NT
WIN32 IMPLEME
NT
ATION DIFFERENCES SUMMARY Chapter 4: Memory Manageme
nt
MEMORY MODELS IN MICROSOFT OPERAT
ING
SYSTEMS
WINDOWS
NT
MEMORY MANAGEME
NT
OVERVIEW BELOW THE OPERAT
ING
SYSTEM THE INSIDE LOOK VIRTUAL MEMORY MANAGEME
NT
VIRTUAL ADDRESS DESCRIPTORS IMPACT ON
HOOK
ING
SWITCH
ING
CO
NT
EXT DIFFERENCES BETWEEN
WINDOWS
NT
AND
WINDOWS
95/98 SUMMARY Chapter 5: Reverse Engineer
ing
Techniques HOW TO PREPARE FOR REVERSE ENGINEER
ING
HOW TO REVERSE ENGINEER UNDERSTAND
ING
CODE GENERATION PATTERNS HOW
WINDOWS
NT
PROVIDES DEBUGG
ING
INFORMATION HOW TO DECIPHER THE PARAMETERS PASSED TO AN UNDOCUME
NT
ED FUNCTION TYPICAL ASSEMBLY LANGUAGE PATTERNS AND THEIR MEAN
ING
S THE PRACTICAL APPLICATION OF REVERSE ENGINEER
ING
SUMMARY Chapter 6:
Hook
ing
Windows
NT
System Services SYSTEM SERVICES: THE LONG VIEW NEED FOR
HOOK
ING
SYSTEM SERVICES TYPES OF
HOOK
S IMPLEME
NT
ATIONS OF
HOOK
S
WINDOWS
NT
SYSTEM SERVICES
HOOK
ING
NT
SYSTEM SERVICES SUMMARY Chapter 7: Add
ing
New System Services to the
Windows
NT
Kernal DETAILED IMPLEME
NT
ATION OF A SYSTEM SERVICE IN
WINDOWS
NT
ADD
ING
NEW SYSTEM SERVICES EXAMPLE OF ADD
ING
A NEW SYSTEM SERVICE SUMMARY Chapter 8: Local Procedure Call THE ORIGIN OF THE SUBSYSTEMS LOCAL PROCEDURE CALL PORT-RELATED FUNCTIONS LPC SAMPLE PROGRAMS QUICK LPC SUMMARY Chapter 9:
Hook
ing
Software I
nt
errupts WHAT ARE I
NT
ERRUPTS? HOW OPERAT
ING
SYSTEMS USE SOFTWARE I
NT
ERRUPTS WHY SOFTWARE I
NT
ERRUPTS NEED TO BE
HOOK
ED HOW TO
HOOK
SOFTWARE I
NT
ERRUPTS SUMMARY Chapter 10: Add
ing
New Software I
nt
errupts WHAT HAPPENS WHEN A 32-BIT APPLICATION EXECUTES AN I
NT
NN INSTRUCTION? ADD
ING
NEW SOFTWARE I
NT
ERRUPTS TO THE
WINDOWS
NT
KERNEL US
ING
CALLGATES TO EXECUTE PRIVILEGED CODE HOW TO USE THE CALLGATE TECHNIQUE PAG
ING
ISSUES SUMMARY Chapter 11: Portable Executable File Format OVERVIEW OF A PE FILE STRUCTURE OF A PE FILE RELATIVE VIRTUAL ADDRESS DETAILS OF THE PE FORMAT INDICES IN THE DATA DIRECTORY LOAD
ING
PROCEDURE SUMMARY
Undocume
nt
ed
Windows
NT
英文完整版chm
This book docume
nt
s what goes on under the covers in
Windows
NT
. Three experts share what they've dug up on
NT
through years of hands-on research and programm
ing
experience. The authors dissect the Win32 i
nt
erface, deconstruct the underly
ing
APIs, and decipher the Memory Manageme
nt
architecture to help you understand operations, fix flaws, and enhance performance. Table of Co
nt
e
nt
s Chapter 1:
Windows
NT
: An Inside Look EVALUAT
ING
WINDOWS
NT
DELV
ING
I
NT
O THE
WINDOWS
NT
ARCHITECTURE SUMMARY Chapter 2: Writ
ing
Windows
NT
Device Drivers PREREQUISITES TO WRIT
ING
NT
DEVICE DRIVERS DRIVER BUILD PROCEDURE STRUCTURE OF A DEVICE DRIVER SUMMARY Chapter 3: Win32 Impleme
nt
ations: A Comparative Look WIN32 API IMPLEME
NT
ATION ON
WINDOWS
95 WIN32 API IMPLEME
NT
ATION ON
WINDOWS
NT
WIN32 IMPLEME
NT
ATION DIFFERENCES SUMMARY Chapter 4: Memory Manageme
nt
MEMORY MODELS IN MICROSOFT OPERAT
ING
SYSTEMS
WINDOWS
NT
MEMORY MANAGEME
NT
OVERVIEW BELOW THE OPERAT
ING
SYSTEM THE INSIDE LOOK VIRTUAL MEMORY MANAGEME
NT
VIRTUAL ADDRESS DESCRIPTORS IMPACT ON
HOOK
ING
SWITCH
ING
CO
NT
EXT DIFFERENCES BETWEEN
WINDOWS
NT
AND
WINDOWS
95/98 SUMMARY Chapter 5: Reverse Engineer
ing
Techniques HOW TO PREPARE FOR REVERSE ENGINEER
ING
HOW TO REVERSE ENGINEER UNDERSTAND
ING
CODE GENERATION PATTERNS HOW
WINDOWS
NT
PROVIDES DEBUGG
ING
INFORMATION HOW TO DECIPHER THE PARAMETERS PASSED TO AN UNDOCUME
NT
ED FUNCTION TYPICAL ASSEMBLY LANGUAGE PATTERNS AND THEIR MEAN
ING
S THE PRACTICAL APPLICATION OF REVERSE ENGINEER
ING
SUMMARY Chapter 6:
Hook
ing
Windows
NT
System Services SYSTEM SERVICES: THE LONG VIEW NEED FOR
HOOK
ING
SYSTEM SERVICES TYPES OF
HOOK
S IMPLEME
NT
ATIONS OF
HOOK
S
WINDOWS
NT
SYSTEM SERVICES
HOOK
ING
NT
SYSTEM SERVICES SUMMARY Chapter 7: Add
ing
New System Services to the
Windows
NT
Kernal DETAILED IMPLEME
NT
ATION OF A SYSTEM SERVICE IN
WINDOWS
NT
ADD
ING
NEW SYSTEM SERVICES EXAMPLE OF ADD
ING
A NEW SYSTEM SERVICE SUMMARY Chapter 8: Local Procedure Call THE ORIGIN OF THE SUBSYSTEMS LOCAL PROCEDURE CALL PORT-RELATED FUNCTIONS LPC SAMPLE PROGRAMS QUICK LPC SUMMARY Chapter 9:
Hook
ing
Software I
nt
errupts WHAT ARE I
NT
ERRUPTS? HOW OPERAT
ING
SYSTEMS USE SOFTWARE I
NT
ERRUPTS WHY SOFTWARE I
NT
ERRUPTS NEED TO BE
HOOK
ED HOW TO
HOOK
SOFTWARE I
NT
ERRUPTS SUMMARY Chapter 10: Add
ing
New Software I
nt
errupts WHAT HAPPENS WHEN A 32-BIT APPLICATION EXECUTES AN I
NT
NN INSTRUCTION? ADD
ING
NEW SOFTWARE I
NT
ERRUPTS TO THE
WINDOWS
NT
KERNEL US
ING
CALLGATES TO EXECUTE PRIVILEGED CODE HOW TO USE THE CALLGATE TECHNIQUE PAG
ING
ISSUES SUMMARY Chapter 11: Portable Executable File Format OVERVIEW OF A PE FILE STRUCTURE OF A PE FILE RELATIVE VIRTUAL ADDRESS DETAILS OF THE PE FORMAT INDICES IN THE DATA DIRECTORY LOAD
ING
PROCEDURE SUMMARY
API
hook
ing
revealed
许多系统都通过拦截技术(spy
ing
techniques)利用现有
windows
应用程序。而拦截的一个重要目的,并不只是为应用程序提供更高级功能,而是为完成调试。
与老式操作系统(如dos,win3.xx)不同,现有操作系统(如WIN
NT
/2K和win9X)使用了成熟的机制来分隔各进程的地址空间。这种架构提供了真正的内存保护,因此任何应用程序都不能破坏属于其它进程的地址空间,更不可能破坏操作系统本身。这使得开发系统
相关
的钩子(system-aware
hook
s)变得十分困难。
我写这篇文章就是要探讨一种简单实用的钩子机制,它提供了一个简单的接口,用来拦截不同的API调用。它也示范了一些技巧,可以帮助你开发出自己的api拦截程序(spy
ing
system)。同时它还提供了一系列在WIN2K/
NT
和WIN98/ME(下面简称9X)等
windows
上拦截WIN32 API 的方法。为了简化我的描述,我没有引入UNICODE的
相关
内容。但你只需对代码作一些微小改动就能支持UNICODE。
Stealth
hook
ing
:Another way to subvert the
Windows
Kernel
Stealth
hook
ing
:Another way to subvert the
Windows
Kernel
API
Hook
ing
的原理
深入讲解API
HOOK
技术内幕,是我想做一个对战平台的时候,下载的学习
资料
,
Delphi
5,388
社区成员
262,730
社区内容
发帖
与我相关
我的任务
Delphi
Delphi 开发及应用
复制链接
扫一扫
分享
社区描述
Delphi 开发及应用
社区管理员
加入社区
获取链接或二维码
近7日
近30日
至今
加载中
查看更多榜单
社区公告
暂无公告
试试用AI创作助手写篇文章吧
+ 用AI写文章