|
[求助]我晕,关于sfilter做文件夹保护的问题
你在处理CREATE_NEW操作时,SHELL收到的失败后会再次尝试创建。哥们你是否在PostCreate处拦截的啊? |
|
[求助]minifitler预打开文件!
第二个参数,看仔细 Instance An opaque instance pointer for the minifilter driver instance that the create request is to be sent to. The instance must be attached to the volume where the file or directory resides. This parameter is optional and can be NULL. If this parameter is NULL, the request is sent to the device object at the top of the file system driver stack for the volume. If it is non-NULL, the request is sent only to minifilter driver instances that are attached below the specified instance. |
|
[原创]1st :使用LPC机制进行ring0-ring3双向可靠通信
每次面试内核开发人员必问通讯这一环。。 |
|
[原创]1st :使用LPC机制进行ring0-ring3双向可靠通信
难得看到有人讨论LPC了。 年初的时候我封装好了LPC. 支持内核对内核 内核对上层等双向通讯,任何一方均可主动发起。 支持PUSH模式也直接交换通讯模式。 但LPC的缺点也是有的。比如双向通讯需要双向监听的问题。 搂主你要走的路还很长。为了兼容大数据传输。我最后在LPC和Read/Write中取了个折中点。即内部数据传递使用LPC,外部数据进来使用READ/WRITE进行提交。然后我做了复杂的内存管理函数。以及维护多张管理通讯终端的2X表,目前速度应该在14万个POST_MESSAGE/秒左右。 有兴趣我可以提供我的接口库以及DEMO |
|
[原创]六一献小礼:完整可编译NT4's NTFS源码(可稳定替换xp原版ntfs.sys)
indexsup.c #2104行貌似是导致ASSERT的罪魁祸首? |
|
[原创][公开源代码]集合了无数大牛们的代码,打造自己的山寨版IceSword(KsBinSword)
驱动部分的代码看下了. 搂主要努力了~ 很多该有的判断没有.许多地址未验证~ Usermode就不看了~ |
|
|
|
[讨论]Hecvm我虚拟机编译好了。
附录.上面是RUN文件正确的原代码.下面是x86机器码识别的汇编(OD) #allocate local storage PUSHQ $FP MOV $FP,$SP LQI $R7,512 SUB $SP,$SP,$R7 #populate name of shared lib = sharedLib.dll LAI $R10,$FP,filename MOV $R14,$R10 LBI $R2,1 LBI $R1,'s' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'h' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'a' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'r' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'e' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'d' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'L' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'i' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'b' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'.' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'d' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'l' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'l' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,0 SB $R1,$R10 #populate XML input <IN>proc1</IN> LAI $R10,$FP,input MOV $R11,$R10 LBI $R2,1 LBI $R1,'<' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'I' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'N' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'>' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'p' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'r' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'o' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'c' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'1' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'<' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'/' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'I' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'N' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,'>' SB $R1,$R10 ADD $R10,$R10,$R2 LBI $R1,0 SB $R1,$R10 #load the library (put handle in $R20) LQI $R1,0 MOV $R2,$R14 INT 9 MOV $R20,$R3 MOV $R2,$R4 LQI $R1,20 INT 0 LQI $R2,10 LQI $R1,16 INT 0 LQI $R2,13 LQI $R1,16 INT 0 #execute native call LAI $R4,$FP,output MOV $R3,$R11 MOV $R2,$R20 LQI $R1,1 INT 9 LAI $R2,$FP,output LQI $R1,18 INT 0 LQI $R2,10 LQI $R1,16 INT 0 LQI $R2,13 LQI $R1,16 INT 0 #free library MOV $R2,$R20 LQI $R1,2 INT 9 MOV $R2,$R3 LQI $R1,20 INT 0 LQI $R2,10 LQI $R1,16 INT 0 LQI $R2,13 LQI $R1,16 INT 0 #reclaim local storage MOV $SP,$FP POPQ $FP HALT .PE ---------------------OD识别 POP SS ADD AH,[DS:EAX] ADD AL,[DS:ECX] ADD ECX,[DS:ESI] ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADD AL,[DS:EAX] ADD [SS:ECX],EAX PUSH CS POP ES ADC [DS:EDX],EAX ??? ??? ??? ??? ??? ??? PUSH EAX AND [DS:1090011],DL ADD [DS:EAX],CL JNB SHORT 00400010 OR [DS:ECX],DL XOR EAX,91111 OR [DS:EAX+E],CH OR [DS:ECX],DL XOR EAX,91111 OR [DS:ECX+E],AH OR [DS:ECX],DL XOR EAX,91111 OR [DS:EDX+E],DH OR [DS:ECX],DL XOR EAX,91111 OR [SS:EBP+E],AH OR [DS:ECX],DL XOR EAX,91111 OR [DS:ESI+ECX+8],AH ADC [DS:91111],ESI OR [DS:ESI+ECX+8],CL ADC [DS:91111],ESI OR [DS:ECX+E],CH OR [DS:ECX],DL XOR EAX,91111 OR [DS:EDX+E],AH OR [DS:ECX],DL XOR EAX,91111 OR [DS:ESI],CH PUSH CS OR [DS:ECX],DL XOR EAX,91111 OR [DS:ESI+ECX+8],AH ADC [DS:91111],ESI OR [DS:ESI+ECX+8],CH ADC [DS:91111],ESI OR [DS:ESI+ECX+8],CH ADC [DS:91111],ESI OR [DS:EAX],AL PUSH CS OR [DS:ECX],DL POP ES ADC [DS:EDX],EAX ??? ??? ??? ??? ??? ??? INC [DWORD DS:EAX+111220] OR [DS:ECX],EAX ADD [DS:EAX],CL CMP AL,E OR [DS:ECX],DL XOR EAX,91111 OR [DS:ECX+E],CL OR [DS:ECX],DL XOR EAX,91111 OR [DS:ESI+E],CL OR [DS:ECX],DL XOR EAX,91111 OR [DS:ESI],BH PUSH CS OR [DS:ECX],DL XOR EAX,91111 OR [DS:EAX+E],DH OR [DS:ECX],DL XOR EAX,91111 OR [DS:EDX+E],DH OR [DS:ECX],DL XOR EAX,91111 OR [DS:EDI+E],CH OR [DS:ECX],DL XOR EAX,91111 OR [DS:EBX+E],AH OR [DS:ECX],DL XOR EAX,91111 OR [DS:ECX],DH PUSH CS OR [DS:ECX],DL XOR EAX,91111 OR [DS:ESI+ECX],BH OR [DS:ECX],DL XOR EAX,91111 OR [DS:EDI],CH PUSH CS OR [DS:ECX],DL XOR EAX,91111 OR [DS:ECX+E],CL OR [DS:ECX],DL XOR EAX,91111 OR [DS:ESI+E],CL OR [DS:ECX],DL XOR EAX,91111 OR [DS:ESI],BH PUSH CS OR [DS:ECX],DL XOR EAX,91111 OR [DS:EAX],AL PUSH CS OR [DS:ECX],DL ADD ECX,[DS:EAX] ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL AND [DS:ECX],CL ADC EAX,1B200927 OR AH,[DS:EAX] OR [DS:EBX],ECX ADD ECX,[DS:EAX] ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EDI],DL ADD [DS:EBX],AL OR [DS:EAX],EAX ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL OR AL,[DS:EBX] OR [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADC [DS:EDI],AH ADD [DS:EBX],AL OR [DS:EAX],EAX ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL OR EAX,803 ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],DL DAA ADD [DS:EDI],AL OR EAX,[DS:EDX] ??? ??? ??? ??? ??? ??? INC [BYTE DS:EAX] AND [DS:EDX],CL ADC AH,[DS:EAX] OR [DS:EBX],EBX ADD ECX,[DS:EAX] ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:ECX],AL DAA OR [DS:EDI],EAX OR [DS:EDX],EAX ??? ??? ??? ??? ??? ??? INC [BYTE DS:EAX] ADD ECX,[DS:EAX] ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EDX],DL DAA ADD [DS:EBX],AL OR [DS:EAX],EAX ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL OR AL,[DS:EBX] OR [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADC [DS:EDI],AH ADD [DS:EBX],AL OR [DS:EAX],EAX ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL OR EAX,803 ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],DL DAA ADD [DS:EAX],AH OR [DS:EBX],EBX ADD ECX,[DS:EAX] ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EDX],AL DAA OR [DS:EAX],ESP OR [DS:EDX],ECX ADD ECX,[DS:EAX] ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EDI],DL ADD [DS:EBX],AL OR [DS:EAX],EAX ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL OR AL,[DS:EBX] OR [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL ADC [DS:EDI],AH ADD [DS:EBX],AL OR [DS:EAX],EAX ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],AL OR EAX,803 ADD [DS:EAX],AL ADD [DS:EAX],AL ADD [DS:EAX],DL DAA ADD [DS:EAX],AH ADD [DS:EDX],EAX |
|
[求助]求个HEcvm里的.run文件做测试
再次补充。 HEC会验证头两字节 = "\xDE\xED" 难道第一句要是FSUBP ST(5),ST(0)之类的指令还仅仅就是个"0xDe 0xED"的标记呢? 晕了 |
|
[求助]求个HEcvm里的.run文件做测试
补充下。 我使用NASM -fbin XXX.asm -o files.RUN 生成的文件。HEC会提示 file not HEC executable 。。。 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值