文件名称:Undocumented Windows NT 带图完整英文版chm
文件大小:407KB
文件格式:CHM
更新时间:2012-11-11 15:51:20
Undocumented Windows NT undocumented windows
Table of Contents Chapter 1: Windows NT: An Inside Look EVALUATING WINDOWS NT DELVING INTO THE WINDOWS NT ARCHITECTURE SUMMARY Chapter 2: Writing Windows NT Device Drivers PREREQUISITES TO WRITING NT DEVICE DRIVERS DRIVER BUILD PROCEDURE STRUCTURE OF A DEVICE DRIVER SUMMARY Chapter 3: Win32 Implementations: A Comparative Look WIN32 API IMPLEMENTATION ON WINDOWS 95 WIN32 API IMPLEMENTATION ON WINDOWS NT WIN32 IMPLEMENTATION DIFFERENCES SUMMARY Chapter 4: Memory Management MEMORY MODELS IN MICROSOFT OPERATING SYSTEMS WINDOWS NT MEMORY MANAGEMENT OVERVIEW BELOW THE OPERATING SYSTEM THE INSIDE LOOK VIRTUAL MEMORY MANAGEMENT VIRTUAL ADDRESS DESCRIPTORS IMPACT ON HOOKING SWITCHING CONTEXT DIFFERENCES BETWEEN WINDOWS NT AND WINDOWS 95/98 SUMMARY Chapter 5: Reverse Engineering Techniques HOW TO PREPARE FOR REVERSE ENGINEERING HOW TO REVERSE ENGINEER UNDERSTANDING CODE GENERATION PATTERNS HOW WINDOWS NT PROVIDES DEBUGGING INFORMATION HOW TO DECIPHER THE PARAMETERS PASSED TO AN UNDOCUMENTED FUNCTION TYPICAL ASSEMBLY LANGUAGE PATTERNS AND THEIR MEANINGS THE PRACTICAL APPLICATION OF REVERSE ENGINEERING SUMMARY Chapter 6: Hooking Windows NT System Services SYSTEM SERVICES: THE LONG VIEW NEED FOR HOOKING SYSTEM SERVICES TYPES OF HOOKS IMPLEMENTATIONS OF HOOKS WINDOWS NT SYSTEM SERVICES HOOKING NT SYSTEM SERVICES SUMMARY Chapter 7: Adding New System Services to the Windows NT Kernal DETAILED IMPLEMENTATION OF A SYSTEM SERVICE IN WINDOWS NT ADDING NEW SYSTEM SERVICES EXAMPLE OF ADDING A NEW SYSTEM SERVICE SUMMARY Chapter 8: Local Procedure Call THE ORIGIN OF THE SUBSYSTEMS LOCAL PROCEDURE CALL PORT-RELATED FUNCTIONS LPC SAMPLE PROGRAMS QUICK LPC SUMMARY Chapter 9: Hooking Software Interrupts WHAT ARE INTERRUPTS? HOW OPERATING SYSTEMS USE SOFTWARE INTERRUPTS WHY SOFTWARE INTERRUPTS NEED TO BE HOOKED HOW TO HOOK SOFTWARE INTERRUPTS SUMMARY Chapter 10: Adding New Software Interrupts WHAT HAPPENS WHEN A 32-BIT APPLICATION EXECUTES AN INT NN INSTRUCTION? ADDING NEW SOFTWARE INTERRUPTS TO THE WINDOWS NT KERNEL USING CALLGATES TO EXECUTE PRIVILEGED CODE HOW TO USE THE CALLGATE TECHNIQUE PAGING ISSUES SUMMARY Chapter 11: Portable Executable File Format OVERVIEW OF A PE FILE STRUCTURE OF A PE FILE RELATIVE VIRTUAL ADDRESS DETAILS OF THE PE FORMAT INDICES IN THE DATA DIRECTORY LOADING PROCEDURE SUMMARY