Git Product home page Git Product logo

win64driverstudy_src's Introduction

####WIN64驱动编程基础教程 作者:胡文亮

源码的编译环境是WDK7600

以下是原文介绍

【原创+福利+源码包】WIN64驱动编程基础教程(含PASS DSE的文件)

大家好,我的是Tesla.Angela。

这份教程本来是拿来出售的,不过由于某些原因导致部分章节出现在了互联网上,于是决定彻底公开了。

详细目录如下:

0.基础的基础

|-学习WIN64驱动开发的硬件准备

|-配置驱动开发环境

1.驱动级HelloWorld

|-配置驱动测试环境

|-编译和加载内核HelloWorld

2.内核编程基础

|-WIN64内核编程的基本规则

|-驱动程序与应用程序通信

|-内核里使用内存

|-内核里操作字符串

|-内核里操作文件

|-内核里操作注册表

|-内核里操作进线程

|-驱动里的其它常用代码

3.内核HOOK与UNHOOK

|-系统调用、WOW64与兼容模式

|-编程实现突破WIN7的PatchGuard

|-系统服务描述表结构详解

|-SSDT HOOK和UNHOOK

|-SHADOW SSDT HOOK和UNHOOK

|-INLINE HOOK和UNHOOK

4.无HOOK监控技术

|-无HOOK监控进线程启动和退出

|-无HOOK监控模块加载

|-无HOOK监控注册表操作

|-无HOOK监控文件操作

|-无HOOK监控进线程句柄操作

|-使用对象回调监视文件访问

|-无HOOK监控网络访问

|-无HOOK监视修改时间

5.零散内容

|-驱动里实现内嵌汇编

|-DKOM隐藏进程+保护进程

|-枚举和隐藏内核模块

|-强制结束进程

|-强制读写进程内存

|-枚举消息钩子

|-强制解锁文件

|-初步探索PE32+格式文件

6.用户态HOOK与UNHOOK

|-RING3注射DLL到系统进程

|-RING3的INLINE HOOK和UNHOOK

|-RING3的EAT HOOK和IAT HOOK

7.反回调

|-枚举与删除创建进线程回调

|-枚举与删除加载映像回调

|-枚举与删除注册表回调

|-枚举与对抗MiniFilter

|-枚举与删除对象回调

值得一提的是,这份教程的附件里,包含了一个过“数字签名强制”(DSE)的LIB,只要在程序里包含了这个LIB,就能无视DSE直接加载未签名的驱动。

当然,这个LIB只支持WIN7、WIN8和WIN8.1,对于未出现的系统,是不可能支持的。

本教程由于编写仓促,难免有错漏之处,欢迎指出。不过,本教程的文章和代码,绝对不会有故意插入的错误,所有代码都能“即抄即用”。

下载地址:http://pan.baidu.com/share/home?uk=1915097229#category/type=0

欢迎访问我的论坛:www.vbasm.com

欢迎加入我的内核编程群:204267013

欢迎使用我的ARK类工具:http://bbs.kafan.cn/thread-1426416-1-2.html

另外,原来的“WIN64内核编程基础班”已升级为“WINDOWS内核编程VIP讨论组”,欢迎加入,详情请加群后与群主私聊。

win64driverstudy_src's People

Contributors

wanttobeno avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.