发帖
雷达卡
+[1-1]SetupTestEnv 216 Byte
+[1-2]KrnlHW64 27.9 KB
+[2-1]AboutKPP&DSE 192 Byte
+[2-2]ScmDrvLoader 28.2 KB
main.cpp 1.2 KB
ScmDrvCtrl.h 3.7 KB
ScmDrvLoader.sln 1.2 KB
ScmDrvLoader.suo 14.0 KB
ScmDrvLoader.vcxproj 6.9 KB
ScmDrvLoader.vcxproj.filters 1.0 KB
ScmDrvLoader.vcxproj.user 143 Byte
+[2-3]MemoryOperationTest 4.5 KB
+[2-4]StringOperationTest 7.7 KB
+[2-5]FileOperationTest 10.7 KB
+[2-6]RegistryOperationTest 15.4 KB
+[2-7]ProcessOperationTest 10.4 KB
+[2-8]OtherFunction 11.7 KB
+[3-3]CalcSSDTFuncAddr 10.4 KB
+[4-1]MonitorCreateExitProcessThread 5.6 KB
+[4-2]MonitorLoadUnloadDllDriver 5.6 KB
+[4-3]MonitorRegistryOperation 6.1 KB
CmRegMonitor_x64.sys 6.0 KB
说明.txt 107 Byte
+[4-4]MonitorFileOperation 66.4 KB
+[4-5]MonitorProcessThreadHandle 12.1 KB
+[4-6]MonitorFileOperationByCallback 5.1 KB
+[4-7]MonitorInternetAccessByWFP 14.5 KB
+[4-8]TimeChangeCallback 5.6 KB
buildfre_win7_amd64.log 3.7 KB
main.c 1.6 KB
makefile 265 Byte
sources 72 Byte
+[5-1]DrvInlineASM 31.5 KB
+[5-2]DkomHideProtect 5.0 KB
+[5-3]DriverEnumHide 60.5 KB
+[5-4]ForceKillProcess 25.5 KB
+[5-5]ForceProcMemRW 79.0 KB
+[5-6]EnumMsgHook 63.0 KB
+[5-7]UnlockFile 66.7 KB
+[5-8]PE32+ 2.4 MB
+[6-1]RemoteThreadToSystemProcess 103.0 KB
+[7-1]EnumRemoveProcessThreadNotify 10.1 KB
+[7-2]EnumRemoveImageNotify 8.0 KB
+[7-3]EnumRemoveCmpCallback 10.9 KB
+[7-4]EnumRemoveObCallback 9.5 KB
+[7-5]EnumAntiMiniFilter 8.1 KB
+教程 19.4 MB
[0-1]学习WIN64驱动开发的硬件准备.pdf 225.0 KB
[0-2]配置驱动开发环境.pdf 277.0 KB
[1-1]配置驱动测试环境.pdf 479.0 KB
[1-2]编译和测试内核HelloWorld.pdf 530.0 KB
[2-1]WIN64内核编程的基本规则.pdf 245.0 KB
[2-2]驱动程序与应用程序通信.pdf 365.0 KB
[2-3]内核里使用内存.pdf 386.0 KB
[2-4]内核里操作字符串.pdf 471.0 KB
[2-5]内核里操作文件.pdf 660.0 KB
[2-6]内核里操作注册表.pdf 459.0 KB
[2-7]内核里操作进程.pdf 560.0 KB
[2-8]内核里其他常用的代码.pdf 299.0 KB
[3-1]系统调用、WOW64与兼容模式.pdf 814.0 KB
[3-2]编程实现突破WIN7的PatchGuard.pdf 372.0 KB
[3-3]系统服务描述表结构详解.pdf 418.0 KB
[3-4]SSDT HOOK和UNHOOK.pdf 1.4 MB
[3-5]SHADOW SSDT HOOK和UNHOOK.pdf 910.0 KB
[3-6]RING0 INLINE HOOK和UNHOOK.pdf 503.0 KB
[4-1]无HOOK监控进线程启动和退出.pdf 544.0 KB
[4-2]无HOOK监控模块加载.pdf 317.0 KB
[4-3]无HOOK监控注册表操作.pdf 389.0 KB
[4-4]无HOOK监控文件操作.pdf 628.0 KB
[4-5]无HOOK监控进线程句柄操作.pdf 368.0 KB
[4-6]使用对象回调监视文件访问.pdf 350.0 KB
[4-7]无HOOK监控网络访问.pdf 616.0 KB
[4-8]无HOOK监视修改时间.pdf 265.0 KB
[5-1]驱动里实现内嵌汇编.pdf 228.0 KB
[5-2]DKOM隐藏进程+保护进程.pdf 416.0 KB
[5-3]枚举和隐藏内核模块.pdf 390.0 KB
[5-4]强制结束进程.pdf 292.0 KB
[5-5]强制读写进程内存.pdf 531.0 KB
[5-6]枚举消息钩子.pdf 517.0 KB
[5-7]强制解锁文件.pdf 169.0 KB
[5-8]初步探索PE32+格式文件.pdf 909.0 KB
[6-1]RING3注入DLL到系统进程.pdf 780.0 KB
[6-2]RING3的INLINE HOOK和Anti Hook.pdf 751.0 KB
[6-3]RING3的IAT HOOK和EAT HOOK.pdf 342.0 KB
[7-1]枚举与删除进线程回调.pdf 298.0 KB
[7-2]枚举与删除映像回调.pdf 203.0 KB
[7-3]枚举与删除注册表回调.pdf 323.0 KB
[7-4]枚举与删除对象回调.pdf 249.0 KB
[7-5]枚举与对抗MiniFilter.pdf 418.0 KB
序:编程本来可以看起来有趣.pdf 161.0 KB
WIN64驱动编程基础教程.zip
(18.05 MB, 需要: RMB 29 元)
京公网安备 11010802022788号
