Description: 描述了如何使user-mode的应用程序能进入kernel 的地址空间,并且在GDT中调用一个门调用描述符,同时不需要使用驱动。文章解释了如何在32位的处理器中进行虚拟地址到物理地址的转换,同时又描述了user-mode的应用程序如何能够找出其被分配的虚拟地址表示形式在物理地址中的位置。
这个例子程序在我的机器上做过彻底的测试,是windows XP SP2 ---- 它运行的很好而且似乎没有一点问题。-described how user-mode applications can access the kernel address space, and the GDT call a portal called descriptors, and no use of drivers. The article explains how the 32-bit processor for virtual addresses to physical address translation, but also describes the user-mode applications can find out how to be allocated to the virtual address indicated in the form of the physical address location. Examples of this procedure in my machine done thorough testing, yes windows XP SP2-it running well but seems to have no problems. Platform: |
Size: 20713 |
Author:陈东升 |
Hits:
Description: 描述了如何使user-mode的应用程序能进入kernel 的地址空间,并且在GDT中调用一个门调用描述符,同时不需要使用驱动。文章解释了如何在32位的处理器中进行虚拟地址到物理地址的转换,同时又描述了user-mode的应用程序如何能够找出其被分配的虚拟地址表示形式在物理地址中的位置。
这个例子程序在我的机器上做过彻底的测试,是windows XP SP2 ---- 它运行的很好而且似乎没有一点问题。-described how user-mode applications can access the kernel address space, and the GDT call a portal called descriptors, and no use of drivers. The article explains how the 32-bit processor for virtual addresses to physical address translation, but also describes the user-mode applications can find out how to be allocated to the virtual address indicated in the form of the physical address location. Examples of this procedure in my machine done thorough testing, yes windows XP SP2-it running well but seems to have no problems. Platform: |
Size: 20480 |
Author:陈东升 |
Hits:
Description: Undocumented WIndows 2000 Secrets 完整简体中文版!!NT架构windows(20000、xp)Kernel Hacking必备!!附cd iso与完整附录!-Undocumented WIndows 2000 Secrets a complete simplified Chinese version! ! NT Architecture windows (20000, xp) Kernel Hacking essential! ! Attached appendix and full cd iso! Platform: |
Size: 9147392 |
Author:songlei |
Hits:
Description: Bochs is a highly portable open source IA-32 (x86) PC emulator
written in C++, that runs on most popular platforms. It includes
emulation of the Intel x86 CPU, common I/O devices, and a custom
BIOS. Currently, Bochs can be compiled to emulate a 386, 486,
Pentium/PentiumII/PentiumIII/Pentium4 or x86-64 CPU, including optional
MMX, SSEx and 3DNow! instructions. Bochs is capable of running
most Operating Systems inside the emulation, for example Linux, DOS,
Windows 95/98/NT/2000/XP or Windows Vista.-Bochs is a highly portable open source IA-32 (x86) PC emulatorwritten in C , that runs on most popular platforms. It includesemulation of the Intel x86 CPU, common I/O devices, and a customBIOS. Currently, Bochs can be compiled to emulate a 386, 486, Pentium/PentiumII/PentiumIII/Pentium4 or x86-64 CPU, including optionalMMX, SSEx and 3DNow! instructions. Bochs is capable of runningmost Operating Systems inside the emulation, for example Linux, DOS, Windows 95/98/NT/2000/XP or Windows Vista. Platform: |
Size: 3924992 |
Author:simba Jiang |
Hits:
Description: 下面一步一步引导如何使用ICOP_Vortex86_50 BSP 包生成,定制,编译,下载Windows
CE 5.0 内核镜像.
开发机安装 Windows XP 专业版以及最新补丁. 目标机采用 eBoxII. 两台机器用HUB 连接
到局域网,并用DHCP 服务器自动分配IP 地址.-The following step-by-step guide how to use the package ICOP_Vortex86_50 BSP generation, customization, compile, download the Windows CE 5.0 kernel-image. The development of machines to install Windows XP Professional Edition and the latest patches. Target machine eBoxII. Two machines connected to the LAN using HUB, and DHCP server automatically assigns IP addresses. Platform: |
Size: 2674688 |
Author:季小虎 |
Hits:
Description: windows 内核崩溃文件分析教程,
windows 内核崩溃文件分析教程,-Windows XP Kernel Crash Analysi
Windows XP Kernel Crash Analysi Platform: |
Size: 226304 |
Author:李永豪 |
Hits:
Description: 一个支持 windows xp 的驱动防火墙的源代码,用来监视系统内核驱动的加载。-Windows xp driver to support a firewall source code, used to monitor the loading of kernel drivers. Platform: |
Size: 1024 |
Author:ARA |
Hits:
Description: KernelSocketsModule is intended to provide the simple common network programming interface in kernel mode without dependence on target operating system. On Windows XP and Windows Server 2003 it uses TDI-implementation, on Windows Vista, Windows Server 2008 and Windows 7 it uses Windows Sockets Kernel (WSK) implementation. Interface stays the same. Sorry, but most of comments are in Russian. Simple SMTP-client module that uses this KernelSocketsModule is provided for example. Provided project is fully-working (on 28.02.2010) example, that sends e-mail to certain mailbox on "mail.ru" server. You can find account parameters inside the project. Platform: |
Size: 43008 |
Author:villy |
Hits:
Description: Windows XP是通过sysenter调用KiFastCallEntry将ntdll.dll的调用切换到内核的。KiFastCallEntry的原理是通过在SSDT中查找函数地址跳转。所以只要伪造一张原始SSDT,就可以使得SSDT-HOOK无效了。-Windows XP by calling KiFastCallEntry sysenter ntdll.dll call will switch to the kernel. KiFastCallEntry SSDT principle is to find the function by address jump. So long as the original forged an SSDT, you can make SSDT-HOOK invalid. Platform: |
Size: 5120 |
Author:何耀彬 |
Hits:
Description: 详细介绍了Windows系列操作系统的内核编程和操作系统的内部架构级运行机制。-The premier guide to the Windows kernel now covers Windows Server 2003, Windows XP, and Windows 2000, including 64-bit extensions. Get the architectural perspectives and insider insights needed to unlock the power of Windows. Platform: |
Size: 10976256 |
Author:闫煜 |
Hits:
Description: A good introduction to writing device drivers for Windows (even if the book is targeted towards Windows 2000, most kernel programming lessons still apply for the current Windows operating systems: XP, Vista and 7). Platform: |
Size: 622592 |
Author:silvia.stegaru |
Hits:
Description: 汇编语言编写的能使计算机内喇叭发声的程序。在Windows内核环境中运行-A program: make computer speaker beep, run in windows Xp kernel Platform: |
Size: 4096 |
Author:rengood |
Hits:
Description: EasyHook starts where Microsoft Detours ends.
This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software.-EasyHook starts where Microsoft Detours ends. This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software. Platform: |
Size: 1777664 |
Author:l |
Hits:
Description: 本源码学习要点:普通应用程序如何与内核驱动通讯。
主要功能:实现了禁止打开某个程序和禁止非法关闭某个程序。
注意事项:本程序只在Windows XP下测试过。-The source learning points: how applications communicate with the kernel driver. Main features: Do not open a program and the prohibition of illegal closure of a program. Note: This app only tested under Windows XP. Platform: |
Size: 2295808 |
Author:优酸乳 |
Hits:
Description: 本源码学习要点:普通应用程序如何与内核驱动通讯。
主要功能:实现了禁止打开某个程序和禁止非法关闭某个程序。
注意事项:本程序只在Windows XP下测试过。-The source learning points: how applications communicate with the kernel driver. Main features: Do not open a program and the prohibition of illegal closure of a program. Note: This app only tested under Windows XP. Platform: |
Size: 75776 |
Author:优酸乳 |
Hits:
Description: This program is compatible ONLY with Windows XP Service Pack 2, with the latest updates installed.
Should work with or without KB929338.
BSOD message text changing is not as guaranteed to work as the colour changing, because the addresses differ greatly between each version of the Windows Kernel.
I ll now explain how this program works. Platform: |
Size: 28672 |
Author:animatorix |
Hits:
Description: The source code of the program, showing an example of forced completion of all processes, including anti-virus Kaspersky, Agnitum, etc., using the driver PsTerminateProcess feature in Windows 2000, 2003, XP, Vista, 7, 8.
Platform: |
Size: 91136 |
Author:denis7656 |
Hits:
Description: SoftICE is a kernel mode debugger for Microsoft Windows up to Windows XP. Crucially, it is designed to run underneath Windows such that the operating system is unaware of its presence. Unlike an application debugger, SoftICE is capable of suspending all operations in Windows when instructed. For driver debugging this is critical due to how hardware is accessed and the kernel of the operating system functions. Because of its low-level capabilities, SoftICE is also popular as a software cracking tool. Platform: |
Size: 3024896 |
Author:horsti
|
Hits:
Description: Windows Kernel Explorer (you can simply call it as "WKE") is a free but powerful Windows kernel research tool. It supports from Windows XP to Windows 10, 32-bit and 64-bit. Compare to popular tools (such as WIN64AST and PCHunter), WKE is a highly customizable tool and it can run on the latest Windows 10 without updating binary files. Platform: |
Size: 20640768 |
Author:Duong Nguyen |
Hits: