搜索资源列表
irqs
- 描述了如何使user-mode的应用程序能进入kernel 的地址空间,并且在GDT中调用一个门调用描述符,同时不需要使用驱动。文章解释了如何在32位的处理器中进行虚拟地址到物理地址的转换,同时又描述了user-mode的应用程序如何能够找出其被分配的虚拟地址表示形式在物理地址中的位置。 这个例子程序在我的机器上做过彻底的测试,是windows XP SP2 ---- 它运行的很好而且似乎没有一点问题。-described how user-mode applications can ac
毕业论文_Windows下取证研究
- 论文从计算机取证角度出发,详细研究操作系统内核、入侵与反入侵策略、网络监测技术、系统分析技术等。用软件工程的方法,设计实现适合于Windows NT/2000/XP操作系统下的计算机取证软件-papers from the perspective of Computer Forensics, a detailed study operating system kernel, the invasion and the anti-invasion strategy, network monitori
anti-ssdt
- Windows XP是通过sysenter调用KiFastCallEntry将ntdll.dll的调用切换到内核的。KiFastCallEntry的原理是通过在SSDT中查找函数地址跳转。所以只要伪造一张原始SSDT,就可以使得SSDT-HOOK无效了。-Windows XP by calling KiFastCallEntry sysenter ntdll.dll call will switch to the kernel. KiFastCallEntry SSDT principle i
bochs-20081123.tar
- Bochs is a highly portable open source IA-32 (x86) PC emulator written in C++, that runs on most popular platforms. It includes emulation of the Intel x86 CPU, common I/O devices, and a custom BIOS. Currently, Bochs can be compiled to emulate a
PSLib
- Completely hide a process on Windows NT, 2000, XP SP2 in Visual Basic 6! This project uses a kernel driver, for which the source is also included.
UserPort
- Win2K/XP下直接读取并口、串口等IO-kernel mode driver for Windows NT/2000 that gives usermode programs access to I/O Ports.
PGP.Corporation.PGP.SDK.v3.7.2.ccrun.044998
- PGP SDK 包括大范围的标准加密、数字签名和编解码技术,以及各种网络安全协议执行程序。PGP SDK为开发人员提供同其他PGP产品核心相同的核加密功能。 PGP SDK技术说明:PGP SDK是我们的加密和密钥管理库的C接口,支持以下平台: · Windows 98, Millennium (ME), NT, 2000, and XP · Mac OS X · Linux x86 with 2.0.x kernel or later · Sun Solaris
ICOP_Vortex86_50genWindowsCE
- 下面一步一步引导如何使用ICOP_Vortex86_50 BSP 包生成,定制,编译,下载Windows CE 5.0 内核镜像. 开发机安装 Windows XP 专业版以及最新补丁. 目标机采用 eBoxII. 两台机器用HUB 连接 到局域网,并用DHCP 服务器自动分配IP 地址.-The following step-by-step guide how to use the package ICOP_Vortex86_50 BSP generation, customiza
DriverFirewall
- 一个支持 windows xp 的驱动防火墙的源代码,用来监视系统内核驱动的加载。-Windows xp driver to support a firewall source code, used to monitor the loading of kernel drivers.
kernel.sockets.module
- KernelSocketsModule is intended to provide the simple common network programming interface in kernel mode without dependence on target operating system. On Windows XP and Windows Server 2003 it uses TDI-implementation, on Windows Vista, Windows Serve
WindowsInternals
- 详细介绍了Windows系列操作系统的内核编程和操作系统的内部架构级运行机制。-The premier guide to the Windows kernel now covers Windows Server 2003, Windows XP, and Windows 2000, including 64-bit extensions. Get the architectural perspectives and insider insights needed to unlock the po
Prentice-Hall---The-Windows-2000-Device-Driver-Bo
- A good introduction to writing device drivers for Windows (even if the book is targeted towards Windows 2000, most kernel programming lessons still apply for the current Windows operating systems: XP, Vista and 7).
Beeper
- 汇编语言编写的能使计算机内喇叭发声的程序。在Windows内核环境中运行-A program: make computer speaker beep, run in windows Xp kernel
easyhook-71015
- EasyHook starts where Microsoft Detours ends. This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Window
App-kernel-soft
- 本源码学习要点:普通应用程序如何与内核驱动通讯。 主要功能:实现了禁止打开某个程序和禁止非法关闭某个程序。 注意事项:本程序只在Windows XP下测试过。-The source learning points: how applications communicate with the kernel driver. Main features: Do not open a program and the prohibition of illegal closure of a prog
App-kernel-soft
- 本源码学习要点:普通应用程序如何与内核驱动通讯。 主要功能:实现了禁止打开某个程序和禁止非法关闭某个程序。 注意事项:本程序只在Windows XP下测试过。-The source learning points: how applications communicate with the kernel driver. Main features: Do not open a program and the prohibition of illegal closure of a prog
BSODHack
- This program is compatible ONLY with Windows XP Service Pack 2, with the latest updates installed. Should work with or without KB929338. BSOD message text changing is not as guaranteed to work as the colour changing, because the addresses differ
terminate-kernel-process
- The source code of the program, showing an example of forced completion of all processes, including anti-virus Kaspersky, Agnitum, etc., using the driver PsTerminateProcess feature in Windows 2000, 2003, XP, Vista, 7, 8.
softice4.2.7
- SoftICE is a kernel mode debugger for Microsoft Windows up to Windows XP. Crucially, it is designed to run underneath Windows such that the operating system is unaware of its presence. Unlike an application debugger, SoftICE is capable of suspending
Windows-Kernel-Explorer-master
- Windows Kernel Explorer (you can simply call it as "WKE") is a free but powerful Windows kernel research tool. It supports from Windows XP to Windows 10, 32-bit and 64-bit. Compare to popular tools (such as WIN64AST and PCHunter), WKE is a