├── 5-31 ├── Look-MyHookPort │ └── MyHookPort │ │ ├── BUILD │ │ ├── ddkbldenv.cmd │ │ ├── buildnumber.h │ │ ├── Module.h │ │ ├── SSDT.cpp │ │ ├── Module.cpp │ │ ├── MyHookPort.cpp │ │ ├── ddkprebld.cmd │ │ ├── ddkpostbld.cmd │ │ ├── makefile │ │ ├── MyHookPort.vsprops │ │ ├── sources │ │ ├── buildinc.cmd │ │ ├── Common.cpp │ │ ├── Common.h │ │ └── drvcommon.h └── Look-ReloadKernelDriver │ └── ReloadKernelDriver │ ├── BUILD │ ├── ddkbldenv.cmd │ ├── buildnumber.h │ ├── Module.h │ ├── SSDT.cpp │ ├── ddkprebld.cmd │ ├── Module.cpp │ ├── KernelInternal.h │ ├── ReloadKernel.cpp │ ├── ReloadKernel.h │ ├── ddkpostbld.cmd │ ├── makefile │ ├── ReloadKernelDriver.vsprops │ ├── sources │ ├── buildinc.cmd │ ├── Common.cpp │ ├── Common.h │ └── drvcommon.h ├── WIN64驱动编程基础教程 ├── 代码 │ ├── [5-7]UnlockFile │ │ ├── lockfile.xxx │ │ ├── 测试说明.txt │ │ ├── LockFile.exe │ │ ├── UnlockFile.sys │ │ └── src │ │ │ └── UnlockFile │ │ │ ├── sources │ │ │ ├── EnumHandle.c │ │ │ └── makefile │ ├── [6-2]Ring3InlineHookAntiHook │ │ ├── hook │ │ │ ├── 复制全部文件到C盘根目录 │ │ │ ├── HookDll.dll │ │ │ ├── Calculator.lnk │ │ │ ├── HookDll │ │ │ │ ├── stdafx.cpp │ │ │ │ ├── stdafx.h │ │ │ │ ├── HookDll.cpp │ │ │ │ ├── HookDll.suo │ │ │ │ ├── dllmain.cpp │ │ │ │ ├── targetver.h │ │ │ │ ├── HookDll.vcxproj.user │ │ │ │ ├── ReadMe.txt │ │ │ │ ├── HookDll.sln │ │ │ │ └── HookDll.vcxproj.filters │ │ │ ├── InjectDllx64.exe │ │ │ ├── NtHookEngine.dll │ │ │ ├── InjectDllx64 │ │ │ │ ├── InjectDllx64.suo │ │ │ │ ├── InjectDllx64.vcxproj.user │ │ │ │ ├── InjectDllx64.vcxproj.filters │ │ │ │ ├── InjectDllx64.sln │ │ │ │ └── main.cpp │ │ │ └── MiniHookEngineForX86X64 │ │ │ │ ├── release │ │ │ │ ├── NtHookEngine.dll │ │ │ │ ├── NtHookEngine.exp │ │ │ │ └── NtHookEngine.lib │ │ │ │ ├── NtHookEngine │ │ │ │ ├── NtHookEngine.rc │ │ │ │ ├── NtHookEngine.suo │ │ │ │ ├── NtHookEngine.vcxproj.user │ │ │ │ ├── distorm_x64.lib │ │ │ │ ├── distorm_x86.lib │ │ │ │ ├── stdafx.cpp │ │ │ │ ├── resource.h │ │ │ │ └── stdafx.h │ │ │ │ ├── x64 │ │ │ │ └── release │ │ │ │ │ ├── NtHookEngine.dll │ │ │ │ │ ├── NtHookEngine.exp │ │ │ │ │ └── NtHookEngine.lib │ │ │ │ └── NtHookEngine.sln │ │ └── anti-hook │ │ │ ├── 复制全部文件到C盘根目录 │ │ │ ├── AntiHook │ │ │ ├── _HookTest │ │ │ │ ├── !!复制全部文件到C盘根目录 │ │ │ │ ├── HookDll.dll │ │ │ │ ├── AntiHook.exe │ │ │ │ ├── Calculator.lnk │ │ │ │ ├── InjectDllx64.exe │ │ │ │ └── NtHookEngine.dll │ │ │ ├── stdafx.h │ │ │ ├── stdafx.cpp │ │ │ ├── targetver.h │ │ │ ├── AntiHook.cpp │ │ │ ├── AntiHook.suo │ │ │ ├── AntiHook.vcxproj.user │ │ │ ├── ReadMe.txt │ │ │ ├── AntiHook.sln │ │ │ └── AntiHook.vcxproj.filters │ │ │ ├── AntiHook.exe │ │ │ ├── HookDll.dll │ │ │ ├── Calculator.lnk │ │ │ ├── InjectDllx64.exe │ │ │ ├── NtHookEngine.dll │ │ │ └── HookZwReadFile │ │ │ ├── stdafx.h │ │ │ ├── stdafx.cpp │ │ │ ├── HookDll.cpp │ │ │ ├── HookDll.suo │ │ │ ├── dllmain.cpp │ │ │ ├── targetver.h │ │ │ ├── HookDll.vcxproj.user │ │ │ ├── ReadMe.txt │ │ │ ├── HookDll.sln │ │ │ └── HookDll.vcxproj.filters │ ├── [5-5]ForceProcMemRW │ │ ├── 模拟游戏 │ │ │ ├── Game.vbw │ │ │ ├── Form1.frm │ │ │ └── Game.vbp │ │ ├── 模拟盗号 │ │ │ ├── PlugIn.vbw │ │ │ ├── Form1.frm │ │ │ └── PlugIn.vbp │ │ ├── 模拟游戏.exe │ │ ├── 模拟盗号.exe │ │ ├── 驱动级模拟盗号.exe │ │ ├── KRWProcess.sys │ │ ├── 驱动级游戏保护 │ │ │ └── 下载地址.txt │ │ └── 驱动级模拟盗号 │ │ │ ├── exe │ │ │ ├── form1.frm │ │ │ ├── MSSCCPRJ.SCC │ │ │ ├── cls_Driver.cls │ │ │ ├── Win7x64Drv.vbw │ │ │ ├── Win7x64Drv.vbp │ │ │ └── Mod_MemClr.bas │ │ │ └── sys │ │ │ ├── sources │ │ │ ├── makefile │ │ │ └── Win7x64Drv.h │ ├── [1-2]KrnlHW64 │ │ ├── sys │ │ │ ├── test.c │ │ │ ├── MyDriver.c │ │ │ ├── sources │ │ │ ├── 含有多个C文件时用的source │ │ │ ├── objfre_win7_amd64 │ │ │ │ └── amd64 │ │ │ │ │ ├── KrnlHW64.sys │ │ │ │ │ ├── KmdManager.exe │ │ │ │ │ └── calc_ctl_code.exe │ │ │ └── makefile │ │ └── calc_ctl_code │ │ │ ├── calc_ctl_code.suo │ │ │ ├── x64 │ │ │ └── Release │ │ │ │ └── calc_ctl_code.exe │ │ │ ├── calc_ctl_code.vcxproj.user │ │ │ ├── main.cpp │ │ │ ├── calc_ctl_code.vcxproj.filters │ │ │ └── calc_ctl_code.sln │ ├── [3-1]Wow64&CompatibleMode │ │ ├── 兼容模式相关测试代码 │ │ │ ├── _VB_CODE │ │ │ │ ├── CCM.vbw │ │ │ │ ├── CCM.exe │ │ │ │ ├── CCM.vbp │ │ │ │ └── Form1.frm │ │ │ ├── bin │ │ │ │ └── Release │ │ │ │ │ └── CCM.exe │ │ │ └── main.c │ │ └── WOW64相关测试代码 │ │ │ └── bin │ │ │ └── Release │ │ │ └── TestWow64.exe │ ├── [4-8]TimeChangeCallback │ │ ├── sources │ │ ├── amd64 │ │ │ └── TimeNotify.sys │ │ └── makefile │ ├── [5-8]PE32+ │ │ ├── PE32结构图.jpg │ │ ├── PE64结构图.jpg │ │ ├── SimplePE64Viewer.exe │ │ └── SimplePE64Viewer │ │ │ ├── main.cpp │ │ │ ├── SimplePE64Viewer.suo │ │ │ ├── SimplePE64Viewer.vcxproj.user │ │ │ ├── SimplePE64Viewer.vcxproj.filters │ │ │ └── SimplePE64Viewer.sln │ ├── [2-3]MemoryOperationTest │ │ ├── sources │ │ ├── objfre_win7_amd64 │ │ │ └── amd64 │ │ │ │ └── SYS_FILE_NAME.sys │ │ └── makefile │ ├── [2-4]StringOperationTest │ │ ├── sources │ │ ├── objfre_win7_amd64 │ │ │ └── amd64 │ │ │ │ └── SYS_FILE_NAME.sys │ │ ├── makefile │ │ └── buildfre_win7_amd64.log │ ├── [2-1]AboutKPP&DSE │ │ ├── 禁用DSE.txt │ │ └── 禁用KPP.txt │ ├── [2-6]RegistryOperationTest │ │ ├── sources │ │ ├── objfre_win7_amd64 │ │ │ └── amd64 │ │ │ │ └── SYS_FILE_NAME.sys │ │ └── makefile │ ├── [2-7]ProcessOperationTest │ │ ├── sources │ │ ├── objfre_win7_amd64 │ │ │ └── amd64 │ │ │ │ └── SYS_FILE_NAME.sys │ │ └── makefile │ ├── [5-6]EnumMsgHook │ │ ├── 测试说明.txt │ │ ├── src │ │ │ ├── exe │ │ │ │ ├── exe.suo │ │ │ │ ├── DrvCtrl.h │ │ │ │ ├── main.cpp │ │ │ │ ├── exe.vcxproj.user │ │ │ │ ├── exe.vcxproj.filters │ │ │ │ └── exe.sln │ │ │ └── sys │ │ │ │ ├── MyDriver.c │ │ │ │ ├── sources │ │ │ │ ├── buildfre_win7_amd64.wrn │ │ │ │ ├── makefile │ │ │ │ ├── rwkm.h │ │ │ │ └── MyDriver.h │ │ ├── EnumMsgHook64.exe │ │ └── EnumMsgHook64.sys │ ├── [1-1]SetupTestEnv │ │ └── 软件下载地址.txt │ ├── [2-8]OtherFunction │ │ ├── MyDriver.c │ │ ├── sources │ │ └── makefile │ ├── [3-3]CalcSSDTFuncAddr │ │ ├── MyDriver.c │ │ ├── sources │ │ ├── objfre_win7_amd64 │ │ │ └── amd64 │ │ │ │ └── MyDriver.sys │ │ ├── makefile │ │ └── MyDriver.h │ ├── [3-4]SSDTHookUnhook │ │ ├── hook │ │ │ ├── 说明.txt │ │ │ ├── LoadDrv.exe │ │ │ ├── src │ │ │ │ ├── MyDriver.c │ │ │ │ ├── hookssdt.h │ │ │ │ ├── sources │ │ │ │ ├── makefile │ │ │ │ └── MyDriver.h │ │ │ └── hookssdt_x64.sys │ │ └── unhook │ │ │ ├── EnumSSDT_x64_sys │ │ │ ├── buildfre_win7_amd64.wrn │ │ │ ├── sources │ │ │ ├── MyDriver.c │ │ │ ├── makefile │ │ │ └── MyDriver.h │ │ │ ├── emSSDT64.sys │ │ │ ├── EnumSSDT_x64_exe.exe │ │ │ └── EnumSSDT_x64_exe │ │ │ ├── EnumSSDT_x64_exe.suo │ │ │ ├── EnumSSDT_x64_exe │ │ │ ├── main.cpp │ │ │ ├── DrvCtrl.h │ │ │ ├── GetNtos.h │ │ │ ├── EnumSSDT_x64_exe.vcxproj.user │ │ │ └── EnumSSDT_x64_exe.vcxproj.filters │ │ │ └── EnumSSDT_x64_exe.sln │ ├── [5-3]DriverEnumHide │ │ ├── HideKM64.sys │ │ ├── EnumDriver.exe │ │ ├── EnumDriver │ │ │ ├── main.cpp │ │ │ ├── EnumDriver.suo │ │ │ ├── EnumDriver.vcxproj.user │ │ │ ├── EnumDriver.vcxproj.filters │ │ │ └── EnumDriver.sln │ │ └── HideDriver │ │ │ ├── HideKM.c │ │ │ ├── sources │ │ │ └── makefile │ ├── [5-4]ForceKillProcess │ │ ├── FKP64.exe │ │ ├── Win7x64Drv.sys │ │ ├── exe │ │ │ ├── form1.frm │ │ │ ├── MSSCCPRJ.SCC │ │ │ ├── Mod_MemClr.bas │ │ │ ├── cls_Driver.cls │ │ │ ├── Win7x64Drv.vbw │ │ │ └── Win7x64Drv.vbp │ │ └── sys │ │ │ ├── Win7x64Drv.c │ │ │ ├── sources │ │ │ ├── makefile │ │ │ └── Win7x64Drv.h │ ├── [2-2]ScmDrvLoader │ │ ├── ScmDrvLoader.suo │ │ ├── x64 │ │ │ └── Release │ │ │ │ ├── KrnlHW64.sys │ │ │ │ └── ScmDrvLoader.exe │ │ ├── ScmDrvLoader.vcxproj.user │ │ ├── ScmDrvLoader.vcxproj.filters │ │ ├── main.cpp │ │ └── ScmDrvLoader.sln │ ├── [2-5]FileOperationTest │ │ ├── MyDriver.c │ │ ├── sources │ │ ├── objfre_win7_amd64 │ │ │ └── amd64 │ │ │ │ └── MyDriver.sys │ │ └── makefile │ ├── [3-2]DisableWin7KPP&DSE │ │ ├── VC │ │ │ ├── 说明.txt │ │ │ ├── x64 │ │ │ │ └── Release │ │ │ │ │ └── disable_pgds.exe │ │ │ ├── disable_pgds.vcxproj.user │ │ │ ├── disable_pgds.vcxproj.filters │ │ │ └── disable_pgds.sln │ │ └── ASM │ │ │ ├── patch.exe │ │ │ ├── 编译.bat │ │ │ └── 一键破解.cmd │ ├── [5-2]DkomHideProtect │ │ ├── MyDriver.sys │ │ └── src │ │ │ ├── MyDriver.c │ │ │ ├── sources │ │ │ ├── makefile │ │ │ ├── buildfre_win7_amd64.log │ │ │ └── MyDriver.h │ ├── [4-3]MonitorRegistryOperation │ │ ├── 说明.txt │ │ ├── src │ │ │ ├── sources │ │ │ ├── MyDriver.c │ │ │ ├── testcode.h │ │ │ ├── MyDriver.h │ │ │ └── makefile │ │ └── CmRegMonitor_x64.sys │ ├── [4-4]MonitorFileOperation │ │ ├── MFTest.sys │ │ ├── readme.txt │ │ ├── WdmDrvLoader.exe │ │ └── src │ │ │ ├── driver │ │ │ ├── MFTest.c │ │ │ ├── sources │ │ │ ├── makefile │ │ │ └── buildfre_win7_amd64.log │ │ │ └── WdmDrvLoader │ │ │ ├── VB6StrFunc.h │ │ │ ├── WdmDrvLoader.suo │ │ │ ├── WdmDrvLoader.vcxproj.user │ │ │ ├── WdmDrvLoader.vcxproj.filters │ │ │ └── WdmDrvLoader.sln │ ├── [5-1]DrvInlineASM │ │ ├── Win64InlineASM.sys │ │ ├── x64asm_to_x64bin.exe │ │ └── src │ │ │ ├── sources │ │ │ ├── makefile │ │ │ ├── dbghelp.h │ │ │ └── Win7x64Drv.h │ ├── [7-2]EnumRemoveImageNotify │ │ ├── MyDriver.c │ │ ├── sources │ │ ├── objfre_win7_amd64 │ │ │ └── amd64 │ │ │ │ └── EnumRemoveImageNotify.sys │ │ ├── makefile │ │ ├── MyDriver.h │ │ └── ImgNotify.h │ ├── [7-3]EnumRemoveCmpCallback │ │ ├── MyDriver.c │ │ ├── sources │ │ ├── objfre_win7_amd64 │ │ │ └── amd64 │ │ │ │ └── EnumRemoveCmpCallback.sys │ │ ├── makefile │ │ └── MyDriver.h │ ├── [3-5]SSSDTHookUnhook │ │ ├── hook │ │ │ ├── Fuck3SDT.sys │ │ │ ├── MyDriver.exe │ │ │ ├── SSSDTHook_NtUserPostMessage │ │ │ │ ├── sys │ │ │ │ │ ├── sources │ │ │ │ │ ├── MyDriver.c │ │ │ │ │ ├── hook3sdt.h │ │ │ │ │ ├── makefile │ │ │ │ │ └── MyDriver.h │ │ │ │ └── exe │ │ │ │ │ ├── MyDriver.vbw │ │ │ │ │ ├── MSSCCPRJ.SCC │ │ │ │ │ ├── cls_Driver.cls │ │ │ │ │ ├── frm_Main.frm │ │ │ │ │ ├── mod_DrvFunc.bas │ │ │ │ │ └── MyDriver.vbp │ │ │ ├── KillProcessByPostMessage.exe │ │ │ └── KillProcessByPostMessage │ │ │ │ └── main.c │ │ └── unhook │ │ │ ├── sys │ │ │ ├── sources │ │ │ ├── MyDriver.c │ │ │ ├── makefile │ │ │ └── MyDriver.h │ │ │ ├── SSSDTx64.sys │ │ │ ├── exe │ │ │ ├── DrvCtrl.h │ │ │ ├── EnumDrv.h │ │ │ ├── main.cpp │ │ │ ├── EnumSSSDT64.suo │ │ │ ├── EnumSSSDT64.vcxproj.user │ │ │ ├── EnumSSSDT64.vcxproj.filters │ │ │ └── EnumSSSDT64.sln │ │ │ └── EnumSSSDT64.exe │ ├── [3-6]InlineHookUnhook │ │ ├── hook │ │ │ ├── hook_ps.exe │ │ │ ├── hook_ps.sys │ │ │ ├── sys │ │ │ │ ├── sources │ │ │ │ ├── HookFunc.h │ │ │ │ ├── MyDriver.c │ │ │ │ ├── buildfre_win7_amd64.wrn │ │ │ │ ├── makefile │ │ │ │ └── MyDriver.h │ │ │ └── exe │ │ │ │ ├── MSSCCPRJ.SCC │ │ │ │ ├── MyDriver.vbp │ │ │ │ ├── frm_Main.frm │ │ │ │ ├── cls_Driver.cls │ │ │ │ ├── mod_DrvFunc.bas │ │ │ │ └── MyDriver.vbw │ │ └── unhook │ │ │ ├── sys │ │ │ ├── sources │ │ │ ├── MyDriver.c │ │ │ ├── makefile │ │ │ └── MyDriver.h │ │ │ ├── ClrKIH64.sys │ │ │ ├── exe │ │ │ ├── DrvCtrl.h │ │ │ ├── main.cpp │ │ │ ├── GetKernelOriCode.suo │ │ │ ├── GetKernelOriCode.vcxproj.user │ │ │ ├── GetKernelOriCode.vcxproj.filters │ │ │ └── GetKernelOriCode.sln │ │ │ └── GetKernelOriCode.exe │ ├── [4-5]MonitorProcessThreadHandle │ │ ├── sources │ │ ├── MyDriver.h │ │ └── makefile │ ├── [4-2]MonitorLoadUnloadDllDriver │ │ ├── 测试说明.txt │ │ ├── src │ │ │ ├── MyDriver.c │ │ │ ├── MyDriver.h │ │ │ ├── sources │ │ │ └── makefile │ │ └── LoadImageNotifyX64.sys │ ├── [7-4]EnumRemoveObCallback │ │ ├── sources │ │ ├── objfre_win7_amd64 │ │ │ └── amd64 │ │ │ │ └── EnumRemoveObCallback.sys │ │ └── makefile │ ├── [4-1]MonitorCreateExitProcessThread │ │ ├── 使用说明.txt │ │ ├── src │ │ │ ├── MyDriver.c │ │ │ ├── ProcessNotify.h │ │ │ ├── sources │ │ │ ├── makefile │ │ │ └── MyDriver.h │ │ └── monitor_create_process_x64.sys │ ├── [6-1]RemoteThreadToSystemProcess │ │ ├── TestDll.dll │ │ ├── TestDll │ │ │ ├── stdafx.h │ │ │ ├── TestDll.cpp │ │ │ ├── TestDll.suo │ │ │ ├── dllmain.cpp │ │ │ ├── stdafx.cpp │ │ │ ├── targetver.h │ │ │ ├── TestDll.vcxproj.user │ │ │ ├── ReadMe.txt │ │ │ ├── TestDll.sln │ │ │ └── TestDll.vcxproj.filters │ │ ├── SuperInsertDll.exe │ │ └── SuperInsertDll │ │ │ ├── ntdll.lib │ │ │ ├── SuperInsertDll.suo │ │ │ ├── SuperInsertDll.vcxproj.user │ │ │ ├── main.cpp │ │ │ ├── SuperInsertDll.vcxproj.filters │ │ │ └── SuperInsertDll.sln │ ├── [4-6]MonitorFileOperationByCallback │ │ ├── readme.txt │ │ ├── src │ │ │ ├── main.c │ │ │ ├── MAKEFILE │ │ │ └── sources │ │ └── file_monitor_x64.sys │ ├── [7-1]EnumRemoveProcessThreadNotify │ │ ├── MyDriver.c │ │ ├── ProcNotify.h │ │ ├── sources │ │ ├── objfre_win7_amd64 │ │ │ └── amd64 │ │ │ │ └── EnumProcessThreadNotify64.sys │ │ ├── makefile │ │ └── MyDriver.h │ ├── [6-3]Ring3EatIatHook │ │ ├── EAT_IAT_HOOK_TEST32 │ │ │ ├── main.cpp │ │ │ └── test.exe │ │ └── EAT_IAT_HOOK_TEST64 │ │ │ ├── main.cpp │ │ │ └── test.exe │ ├── [4-7]MonitorInternetAccessByWFP │ │ ├── objfre_win7_amd64 │ │ │ └── amd64 │ │ │ │ └── WFP_TEST.sys │ │ ├── sources │ │ └── makefile │ └── [7-5]EnumAntiMiniFilter │ │ ├── objfre_win7_amd64 │ │ └── amd64 │ │ │ └── EnumAntiMiniFilter.sys │ │ ├── makefile │ │ ├── MyDriver.c │ │ └── sources ├── 说明.txt ├── 福利 │ ├── 免签名加载驱动SDK.rar │ └── WINIO3数字签名版.rar ├── 鄙视一些没道德的人 │ ├── 说明.txt │ ├── 侵权证据.JPG │ └── 侵权文件(fuck_pgds_win7_by_TA).rar └── 教程 │ ├── [0-2]配置驱动开发环境.pdf │ ├── [1-1]配置驱动测试环境.pdf │ ├── [2-3]内核里使用内存.pdf │ ├── [2-4]内核里操作字符串.pdf │ ├── [2-5]内核里操作文件.pdf │ ├── [2-6]内核里操作注册表.pdf │ ├── [2-7]内核里操作进程.pdf │ ├── [5-4]强制结束进程.pdf │ ├── [5-5]强制读写进程内存.pdf │ ├── [5-6]枚举消息钩子.pdf │ ├── [5-7]强制解锁文件.pdf │ ├── 序:编程本来可以看起来有趣.pdf │ ├── [2-8]内核里其他常用的代码.pdf │ ├── [5-1]驱动里实现内嵌汇编.pdf │ ├── [5-3]枚举和隐藏内核模块.pdf │ ├── [7-1]枚举与删除进线程回调.pdf │ ├── [7-2]枚举与删除映像回调.pdf │ ├── [7-3]枚举与删除注册表回调.pdf │ ├── [7-4]枚举与删除对象回调.pdf │ ├── [2-2]驱动程序与应用程序通信.pdf │ ├── [3-3]系统服务描述表结构详解.pdf │ ├── [4-2]无HOOK监控模块加载.pdf │ ├── [4-3]无HOOK监控注册表操作.pdf │ ├── [4-4]无HOOK监控文件操作.pdf │ ├── [4-6]使用对象回调监视文件访问.pdf │ ├── [4-7]无HOOK监控网络访问.pdf │ ├── [4-8]无HOOK监视修改时间.pdf │ ├── [5-2]DKOM隐藏进程+保护进程.pdf │ ├── [5-8]初步探索PE32+格式文件.pdf │ ├── [2-1]WIN64内核编程的基本规则.pdf │ ├── [3-1]系统调用、WOW64与兼容模式.pdf │ ├── [4-1]无HOOK监控进线程启动和退出.pdf │ ├── [4-5]无HOOK监控进线程句柄操作.pdf │ ├── [6-1]RING3注入DLL到系统进程.pdf │ ├── [7-5]枚举与对抗MiniFilter.pdf │ ├── [0-1]学习WIN64驱动开发的硬件准备.pdf │ ├── [1-2]编译和测试内核HelloWorld.pdf │ ├── [3-4]SSDT HOOK和UNHOOK.pdf │ ├── [3-2]编程实现突破WIN7的PatchGuard.pdf │ ├── [3-5]SHADOW SSDT HOOK和UNHOOK.pdf │ ├── [6-3]RING3的IAT HOOK和EAT HOOK.pdf │ ├── [3-6]RING0 INLINE HOOK和UNHOOK.pdf │ └── [6-2]RING3的INLINE HOOK和Anti Hook.pdf ├── LookKernelInject ├── BuildLog.htm ├── KernelInject.c ├── KernelInject.h ├── drvversion.rc ├── makefile ├── sources ├── KernelInject.vsprops └── drvcommon.h ├── .gitattributes └── .gitignore /5-31/Look-MyHookPort/MyHookPort/BUILD: -------------------------------------------------------------------------------- 1 | 153 2 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-7]UnlockFile/lockfile.xxx: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/BUILD: -------------------------------------------------------------------------------- 1 | 86 2 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/复制全部文件到C盘根目录: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/复制全部文件到C盘根目录: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/ddkbldenv.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | :: $Id$ 3 | -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/ddkbldenv.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | :: $Id$ 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/_HookTest/!!复制全部文件到C盘根目录: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/说明.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟游戏/Game.vbw: -------------------------------------------------------------------------------- 1 | Form1 = 44, 44, 971, 584, C, 22, 22, 949, 562, C 2 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟盗号/PlugIn.vbw: -------------------------------------------------------------------------------- 1 | Form1 = 44, 44, 971, 584, Z, 22, 22, 949, 562, C 2 | -------------------------------------------------------------------------------- /LookKernelInject/BuildLog.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/LookKernelInject/BuildLog.htm -------------------------------------------------------------------------------- /LookKernelInject/KernelInject.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/LookKernelInject/KernelInject.c -------------------------------------------------------------------------------- /LookKernelInject/KernelInject.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/LookKernelInject/KernelInject.h -------------------------------------------------------------------------------- /LookKernelInject/drvversion.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/LookKernelInject/drvversion.rc -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/福利/免签名加载驱动SDK.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/福利/免签名加载驱动SDK.rar -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/鄙视一些没道德的人/说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/鄙视一些没道德的人/说明.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[0-2]配置驱动开发环境.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[0-2]配置驱动开发环境.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[1-1]配置驱动测试环境.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[1-1]配置驱动测试环境.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[2-3]内核里使用内存.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[2-3]内核里使用内存.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[2-4]内核里操作字符串.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[2-4]内核里操作字符串.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[2-5]内核里操作文件.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[2-5]内核里操作文件.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[2-6]内核里操作注册表.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[2-6]内核里操作注册表.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[2-7]内核里操作进程.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[2-7]内核里操作进程.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[5-4]强制结束进程.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[5-4]强制结束进程.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[5-5]强制读写进程内存.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[5-5]强制读写进程内存.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[5-6]枚举消息钩子.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[5-6]枚举消息钩子.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[5-7]强制解锁文件.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[5-7]强制解锁文件.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/序:编程本来可以看起来有趣.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/序:编程本来可以看起来有趣.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/福利/WINIO3数字签名版.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/福利/WINIO3数字签名版.rar -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/鄙视一些没道德的人/侵权证据.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/鄙视一些没道德的人/侵权证据.JPG -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/buildnumber.h: -------------------------------------------------------------------------------- 1 | // Automatically created file! 2 | #define _FILE_VERSION_BUILD 153 3 | 4 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/test.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void nullproc() 4 | { 5 | DbgPrint("nullproc\n"); 6 | } -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/兼容模式相关测试代码/_VB_CODE/CCM.vbw: -------------------------------------------------------------------------------- 1 | Form1 = 109, 109, 1039, 653, , 21, 21, 951, 565, C 2 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[2-8]内核里其他常用的代码.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[2-8]内核里其他常用的代码.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[5-1]驱动里实现内嵌汇编.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[5-1]驱动里实现内嵌汇编.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[5-3]枚举和隐藏内核模块.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[5-3]枚举和隐藏内核模块.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[7-1]枚举与删除进线程回调.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[7-1]枚举与删除进线程回调.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[7-2]枚举与删除映像回调.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[7-2]枚举与删除映像回调.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[7-3]枚举与删除注册表回调.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[7-3]枚举与删除注册表回调.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[7-4]枚举与删除对象回调.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[7-4]枚举与删除对象回调.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-8]TimeChangeCallback/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=TimeNotify 2 | TARGETPATH=. 3 | TARGETTYPE=DRIVER 4 | SOURCES=main.c 5 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-8]PE32+/PE32结构图.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-8]PE32+/PE32结构图.jpg -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-8]PE32+/PE64结构图.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-8]PE32+/PE64结构图.jpg -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[2-2]驱动程序与应用程序通信.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[2-2]驱动程序与应用程序通信.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[3-3]系统服务描述表结构详解.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[3-3]系统服务描述表结构详解.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[4-2]无HOOK监控模块加载.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[4-2]无HOOK监控模块加载.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[4-3]无HOOK监控注册表操作.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[4-3]无HOOK监控注册表操作.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[4-4]无HOOK监控文件操作.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[4-4]无HOOK监控文件操作.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[4-6]使用对象回调监视文件访问.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[4-6]使用对象回调监视文件访问.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[4-7]无HOOK监控网络访问.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[4-7]无HOOK监控网络访问.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[4-8]无HOOK监视修改时间.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[4-8]无HOOK监视修改时间.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[5-2]DKOM隐藏进程+保护进程.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[5-2]DKOM隐藏进程+保护进程.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[5-8]初步探索PE32+格式文件.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[5-8]初步探索PE32+格式文件.pdf -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/Module.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/5-31/Look-MyHookPort/MyHookPort/Module.h -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/SSDT.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/5-31/Look-MyHookPort/MyHookPort/SSDT.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-3]MemoryOperationTest/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=SYS_FILE_NAME 2 | TARGETPATH=obj 3 | TARGETTYPE=DRIVER 4 | SOURCES=main.c 5 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-4]StringOperationTest/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=SYS_FILE_NAME 2 | TARGETPATH=obj 3 | TARGETTYPE=DRIVER 4 | SOURCES=main.c 5 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-7]UnlockFile/测试说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-7]UnlockFile/测试说明.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[2-1]WIN64内核编程的基本规则.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[2-1]WIN64内核编程的基本规则.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[3-1]系统调用、WOW64与兼容模式.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[3-1]系统调用、WOW64与兼容模式.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[4-1]无HOOK监控进线程启动和退出.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[4-1]无HOOK监控进线程启动和退出.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[4-5]无HOOK监控进线程句柄操作.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[4-5]无HOOK监控进线程句柄操作.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[6-1]RING3注入DLL到系统进程.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[6-1]RING3注入DLL到系统进程.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[7-5]枚举与对抗MiniFilter.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[7-5]枚举与对抗MiniFilter.pdf -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/Module.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/5-31/Look-MyHookPort/MyHookPort/Module.cpp -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/buildnumber.h: -------------------------------------------------------------------------------- 1 | // Automatically created file! 2 | #define _FILE_VERSION_BUILD 86 3 | 4 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-1]AboutKPP&DSE/禁用DSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-1]AboutKPP&DSE/禁用DSE.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-1]AboutKPP&DSE/禁用KPP.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-1]AboutKPP&DSE/禁用KPP.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-6]RegistryOperationTest/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=SYS_FILE_NAME 2 | TARGETPATH=obj 3 | TARGETTYPE=DRIVER 4 | SOURCES=main.c 5 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-7]ProcessOperationTest/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=SYS_FILE_NAME 2 | TARGETPATH=obj 3 | TARGETTYPE=DRIVER 4 | SOURCES=main.c 5 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/测试说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/测试说明.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[0-1]学习WIN64驱动开发的硬件准备.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[0-1]学习WIN64驱动开发的硬件准备.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[1-2]编译和测试内核HelloWorld.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[1-2]编译和测试内核HelloWorld.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[3-4]SSDT HOOK和UNHOOK.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[3-4]SSDT HOOK和UNHOOK.pdf -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/MyHookPort.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/5-31/Look-MyHookPort/MyHookPort/MyHookPort.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-1]SetupTestEnv/软件下载地址.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[1-1]SetupTestEnv/软件下载地址.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-8]OtherFunction/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-8]OtherFunction/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟游戏.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟游戏.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟盗号.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟盗号.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-7]UnlockFile/LockFile.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-7]UnlockFile/LockFile.exe -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/ddkprebld.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | :: $Id$ 3 | setlocal 4 | :: Perform any pre-build steps 5 | call .\buildinc.cmd 6 | endlocal -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=KrnlHW64 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-3]CalcSSDTFuncAddr/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-3]CalcSSDTFuncAddr/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/说明.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_sys/buildfre_win7_amd64.wrn: -------------------------------------------------------------------------------- 1 | warnings in directory z:\ 2 | mydriver.c and ..\mydriver.c exist 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/HideKM64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/HideKM64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/FKP64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/FKP64.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/exe/exe.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/exe/exe.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-7]UnlockFile/UnlockFile.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-7]UnlockFile/UnlockFile.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-8]PE32+/SimplePE64Viewer.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-8]PE32+/SimplePE64Viewer.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[3-2]编程实现突破WIN7的PatchGuard.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[3-2]编程实现突破WIN7的PatchGuard.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[3-5]SHADOW SSDT HOOK和UNHOOK.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[3-5]SHADOW SSDT HOOK和UNHOOK.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[6-3]RING3的IAT HOOK和EAT HOOK.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[6-3]RING3的IAT HOOK和EAT HOOK.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-2]ScmDrvLoader/ScmDrvLoader.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-2]ScmDrvLoader/ScmDrvLoader.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-5]FileOperationTest/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-5]FileOperationTest/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-5]FileOperationTest/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=MyDriver 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-8]OtherFunction/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=MyDriver 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-2]DisableWin7KPP&DSE/VC/说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-2]DisableWin7KPP&DSE/VC/说明.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-3]CalcSSDTFuncAddr/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=MyDriver 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-2]DkomHideProtect/MyDriver.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-2]DkomHideProtect/MyDriver.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/EnumDriver.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/EnumDriver.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/KRWProcess.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/KRWProcess.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟游戏/Form1.frm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟游戏/Form1.frm -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟游戏/Game.vbp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟游戏/Game.vbp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟盗号/Form1.frm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟盗号/Form1.frm -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/EnumMsgHook64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/EnumMsgHook64.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/EnumMsgHook64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/EnumMsgHook64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/exe/DrvCtrl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/exe/DrvCtrl.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/exe/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/exe/main.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[3-6]RING0 INLINE HOOK和UNHOOK.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[3-6]RING0 INLINE HOOK和UNHOOK.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-2]DisableWin7KPP&DSE/ASM/patch.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-2]DisableWin7KPP&DSE/ASM/patch.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/LoadDrv.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/LoadDrv.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-3]MonitorRegistryOperation/说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-3]MonitorRegistryOperation/说明.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/MFTest.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/MFTest.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/readme.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-1]DrvInlineASM/Win64InlineASM.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-1]DrvInlineASM/Win64InlineASM.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-2]DkomHideProtect/src/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-2]DkomHideProtect/src/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-2]DkomHideProtect/src/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=MyDriver 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/Win7x64Drv.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/Win7x64Drv.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/exe/form1.frm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/exe/form1.frm -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟盗号/PlugIn.vbp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/模拟盗号/PlugIn.vbp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级游戏保护/下载地址.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级游戏保护/下载地址.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/sys/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/sys/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-8]PE32+/SimplePE64Viewer/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-8]PE32+/SimplePE64Viewer/main.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-2]EnumRemoveImageNotify/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[7-2]EnumRemoveImageNotify/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-3]EnumRemoveCmpCallback/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[7-3]EnumRemoveCmpCallback/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/教程/[6-2]RING3的INLINE HOOK和Anti Hook.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/教程/[6-2]RING3的INLINE HOOK和Anti Hook.pdf -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/鄙视一些没道德的人/侵权文件(fuck_pgds_win7_by_TA).rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/鄙视一些没道德的人/侵权文件(fuck_pgds_win7_by_TA).rar -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/Module.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/5-31/Look-ReloadKernelDriver/ReloadKernelDriver/Module.h -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/SSDT.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/5-31/Look-ReloadKernelDriver/ReloadKernelDriver/SSDT.cpp -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/ddkprebld.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | :: $Id$ 3 | setlocal 4 | :: Perform any pre-build steps 5 | call .\buildinc.cmd 6 | endlocal -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/src/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/src/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/src/hookssdt.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/src/hookssdt.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/src/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=hookssdt_x64 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/emSSDT64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/emSSDT64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/Fuck3SDT.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/Fuck3SDT.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/MyDriver.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/MyDriver.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/sys/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=SSSDTx64 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/hook_ps.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/hook_ps.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/hook_ps.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/hook_ps.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/sys/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=hook_ps 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/sys/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=ClrKIH64 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-5]MonitorProcessThreadHandle/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=MyDriver 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-1]DrvInlineASM/x64asm_to_x64bin.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-1]DrvInlineASM/x64asm_to_x64bin.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/EnumDriver/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/EnumDriver/main.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/HideDriver/HideKM.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/HideDriver/HideKM.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/HideDriver/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=HideKM64 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = HideKM.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/exe/MSSCCPRJ.SCC: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/exe/MSSCCPRJ.SCC -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/sys/Win7x64Drv.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/sys/Win7x64Drv.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/sys/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=EnumMsgHook64 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/Module.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/5-31/Look-ReloadKernelDriver/ReloadKernelDriver/Module.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-2]ScmDrvLoader/x64/Release/KrnlHW64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-2]ScmDrvLoader/x64/Release/KrnlHW64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/hookssdt_x64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/hookssdt_x64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/SSSDTx64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/SSSDTx64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/exe/DrvCtrl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/exe/DrvCtrl.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/exe/EnumDrv.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/exe/EnumDrv.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/exe/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/exe/main.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/sys/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/sys/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/sys/HookFunc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/sys/HookFunc.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/sys/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/sys/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/ClrKIH64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/ClrKIH64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/exe/DrvCtrl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/exe/DrvCtrl.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/exe/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/exe/main.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-2]MonitorLoadUnloadDllDriver/测试说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-2]MonitorLoadUnloadDllDriver/测试说明.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-3]MonitorRegistryOperation/src/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=CmRegMonitor 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/WdmDrvLoader.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/WdmDrvLoader.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-1]DrvInlineASM/src/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=Win64InlineASM 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | 6 | INCLUDES=.\ 7 | 8 | SOURCES = Win7x64Drv.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/exe/Mod_MemClr.bas: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/exe/Mod_MemClr.bas -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/exe/cls_Driver.cls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/exe/cls_Driver.cls -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/sys/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=Win7x64Drv 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | 6 | INCLUDES=.\ 7 | 8 | SOURCES = Win7x64Drv.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/exe/form1.frm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/exe/form1.frm -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-7]UnlockFile/src/UnlockFile/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=UnlockFile 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = EnumHandle.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-4]EnumRemoveObCallback/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=EnumRemoveObCallback 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/含有多个C文件时用的source: -------------------------------------------------------------------------------- 1 | TARGETNAME=KrnlHW64 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c \ 8 | test.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/EnumSSSDT64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/EnumSSSDT64.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/exe/MSSCCPRJ.SCC: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/exe/MSSCCPRJ.SCC -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/exe/MyDriver.vbp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/exe/MyDriver.vbp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/exe/frm_Main.frm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/exe/frm_Main.frm -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/sys/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/sys/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-1]MonitorCreateExitProcessThread/使用说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-1]MonitorCreateExitProcessThread/使用说明.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-3]MonitorRegistryOperation/src/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-3]MonitorRegistryOperation/src/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-3]MonitorRegistryOperation/src/testcode.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-3]MonitorRegistryOperation/src/testcode.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-8]TimeChangeCallback/amd64/TimeNotify.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-8]TimeChangeCallback/amd64/TimeNotify.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/exe/MSSCCPRJ.SCC: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/exe/MSSCCPRJ.SCC -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/sys/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=KRWProcess 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | 6 | INCLUDES=.\ 7 | 8 | SOURCES = Win7x64Drv.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-7]UnlockFile/src/UnlockFile/EnumHandle.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-7]UnlockFile/src/UnlockFile/EnumHandle.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll.dll -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-2]EnumRemoveImageNotify/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=EnumRemoveImageNotify 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-3]EnumRemoveCmpCallback/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=EnumRemoveCmpCallback 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/KernelInternal.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/5-31/Look-ReloadKernelDriver/ReloadKernelDriver/KernelInternal.h -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/ReloadKernel.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/5-31/Look-ReloadKernelDriver/ReloadKernelDriver/ReloadKernel.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/calc_ctl_code/calc_ctl_code.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/calc_ctl_code/calc_ctl_code.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-2]ScmDrvLoader/x64/Release/ScmDrvLoader.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-2]ScmDrvLoader/x64/Release/ScmDrvLoader.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_sys/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=emSSDT64 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/exe/EnumSSSDT64.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/exe/EnumSSSDT64.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/exe/cls_Driver.cls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/exe/cls_Driver.cls -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/exe/mod_DrvFunc.bas: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/exe/mod_DrvFunc.bas -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-2]MonitorLoadUnloadDllDriver/src/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-2]MonitorLoadUnloadDllDriver/src/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-2]MonitorLoadUnloadDllDriver/src/MyDriver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-2]MonitorLoadUnloadDllDriver/src/MyDriver.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-2]MonitorLoadUnloadDllDriver/src/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=LoadImageNotifyX64 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/driver/MFTest.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/driver/MFTest.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-6]MonitorFileOperationByCallback/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-6]MonitorFileOperationByCallback/readme.txt -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-6]MonitorFileOperationByCallback/src/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-6]MonitorFileOperationByCallback/src/main.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/EnumDriver/EnumDriver.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/EnumDriver/EnumDriver.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/exe/cls_Driver.cls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/exe/cls_Driver.cls -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll.dll -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-1]EnumRemoveProcessThreadNotify/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[7-1]EnumRemoveProcessThreadNotify/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-1]EnumRemoveProcessThreadNotify/ProcNotify.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[7-1]EnumRemoveProcessThreadNotify/ProcNotify.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/GetKernelOriCode.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/GetKernelOriCode.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/exe/Win7x64Drv.vbw: -------------------------------------------------------------------------------- 1 | Form1 = 50, 50, 969, 583, C, 25, 25, 944, 558, C 2 | cls_Driver = 25, 25, 944, 558, C 3 | Mod_MemClr = 110, 110, 1049, 649, C 4 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/sys/buildfre_win7_amd64.wrn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/sys/buildfre_win7_amd64.wrn -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-8]PE32+/SimplePE64Viewer/SimplePE64Viewer.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[5-8]PE32+/SimplePE64Viewer/SimplePE64Viewer.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/stdafx.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/stdafx.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/Calculator.lnk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/Calculator.lnk -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-3]Ring3EatIatHook/EAT_IAT_HOOK_TEST32/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-3]Ring3EatIatHook/EAT_IAT_HOOK_TEST32/main.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-3]Ring3EatIatHook/EAT_IAT_HOOK_TEST32/test.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-3]Ring3EatIatHook/EAT_IAT_HOOK_TEST32/test.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-3]Ring3EatIatHook/EAT_IAT_HOOK_TEST64/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-3]Ring3EatIatHook/EAT_IAT_HOOK_TEST64/main.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-3]Ring3EatIatHook/EAT_IAT_HOOK_TEST64/test.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-3]Ring3EatIatHook/EAT_IAT_HOOK_TEST64/test.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-1]EnumRemoveProcessThreadNotify/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=EnumProcessThreadNotify64 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/ReloadKernel.h: -------------------------------------------------------------------------------- 1 | #ifndef _RELOADKERNEL_H_ 2 | #define _RELOADKERNEL_H_ 3 | 4 | #include 5 | 6 | NTSTATUS ReloadKernel(); 7 | 8 | #endif -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/sys/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=Fuck3SDT 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | 5 | INCLUDES=.\ 6 | 7 | SOURCES = MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/exe/MyDriver.vbw: -------------------------------------------------------------------------------- 1 | cls_Driver = 46, 45, 629, 474, C 2 | frm_Main = 69, 69, 656, 497, , 46, 46, 633, 474, C 3 | mod_DrvFunc = 23, 23, 610, 451, C 4 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-1]MonitorCreateExitProcessThread/src/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-1]MonitorCreateExitProcessThread/src/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-3]MonitorRegistryOperation/CmRegMonitor_x64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-3]MonitorRegistryOperation/CmRegMonitor_x64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/exe/Win7x64Drv.vbw: -------------------------------------------------------------------------------- 1 | Form1 = 50, 50, 969, 583, C, 25, 25, 944, 558, C 2 | cls_Driver = 25, 25, 944, 558, C 3 | Mod_MemClr = 110, 110, 1049, 649, C 4 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/SuperInsertDll.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/SuperInsertDll.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/TestDll.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/TestDll.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/TestDll.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/TestDll.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/dllmain.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/dllmain.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/stdafx.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/stdafx.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/targetver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/targetver.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookDll.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookDll.dll -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/stdafx.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/stdafx.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/stdafx.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/stdafx.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/InjectDllx64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/InjectDllx64.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/NtHookEngine.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/NtHookEngine.dll -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/objfre_win7_amd64/amd64/KrnlHW64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/objfre_win7_amd64/amd64/KrnlHW64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/兼容模式相关测试代码/_VB_CODE/CCM.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/兼容模式相关测试代码/_VB_CODE/CCM.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/兼容模式相关测试代码/_VB_CODE/CCM.vbp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/兼容模式相关测试代码/_VB_CODE/CCM.vbp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_sys/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_sys/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/KillProcessByPostMessage.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/KillProcessByPostMessage.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/sys/buildfre_win7_amd64.wrn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/sys/buildfre_win7_amd64.wrn -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/exe/GetKernelOriCode.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/exe/GetKernelOriCode.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-2]MonitorLoadUnloadDllDriver/LoadImageNotifyX64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-2]MonitorLoadUnloadDllDriver/LoadImageNotifyX64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/Calculator.lnk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/Calculator.lnk -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/HookDll.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/HookDll.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/HookDll.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/HookDll.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/dllmain.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/dllmain.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/targetver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/targetver.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/calc_ctl_code/x64/Release/calc_ctl_code.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/calc_ctl_code/x64/Release/calc_ctl_code.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/objfre_win7_amd64/amd64/KmdManager.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/objfre_win7_amd64/amd64/KmdManager.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/兼容模式相关测试代码/_VB_CODE/Form1.frm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/兼容模式相关测试代码/_VB_CODE/Form1.frm -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/兼容模式相关测试代码/bin/Release/CCM.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/兼容模式相关测试代码/bin/Release/CCM.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-2]DisableWin7KPP&DSE/VC/x64/Release/disable_pgds.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-2]DisableWin7KPP&DSE/VC/x64/Release/disable_pgds.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-1]MonitorCreateExitProcessThread/src/ProcessNotify.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-1]MonitorCreateExitProcessThread/src/ProcessNotify.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/WdmDrvLoader/VB6StrFunc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/WdmDrvLoader/VB6StrFunc.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-6]MonitorFileOperationByCallback/file_monitor_x64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-6]MonitorFileOperationByCallback/file_monitor_x64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/SuperInsertDll/ntdll.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/SuperInsertDll/ntdll.lib -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/stdafx.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/stdafx.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/InjectDllx64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/InjectDllx64.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/NtHookEngine.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/NtHookEngine.dll -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/objfre_win7_amd64/amd64/calc_ctl_code.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/objfre_win7_amd64/amd64/calc_ctl_code.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-2]ScmDrvLoader/ScmDrvLoader.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-5]FileOperationTest/objfre_win7_amd64/amd64/MyDriver.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-5]FileOperationTest/objfre_win7_amd64/amd64/MyDriver.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-3]CalcSSDTFuncAddr/objfre_win7_amd64/amd64/MyDriver.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-3]CalcSSDTFuncAddr/objfre_win7_amd64/amd64/MyDriver.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/WdmDrvLoader/WdmDrvLoader.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/WdmDrvLoader/WdmDrvLoader.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/exe/exe.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/stdafx.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/stdafx.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/targetver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/targetver.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-2]DisableWin7KPP&DSE/ASM/编译.bat: -------------------------------------------------------------------------------- 1 | set fasmbin=\asm\fasm\bin 2 | set fasminc=\asm\fasm\include 3 | @echo off 4 | if exist patch.exe del patch.exe 5 | %fasmbin%\fasm.exe patch.asm 6 | pause 7 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/AntiHook.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/AntiHook.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/AntiHook.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/AntiHook.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/stdafx.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/stdafx.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/calc_ctl_code/calc_ctl_code.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/WOW64相关测试代码/bin/Release/TestWow64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/WOW64相关测试代码/bin/Release/TestWow64.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-2]DisableWin7KPP&DSE/VC/disable_pgds.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe/EnumSSDT_x64_exe.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe/EnumSSDT_x64_exe.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/exe/MyDriver.vbw: -------------------------------------------------------------------------------- 1 | cls_Driver = 46, 45, 629, 474, C 2 | frm_Main = 69, 69, 656, 497, Z, 46, 46, 633, 474, C 3 | mod_DrvFunc = 23, 23, 610, 451, C 4 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/EnumDriver/EnumDriver.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/stdafx.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/stdafx.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/InjectDllx64/InjectDllx64.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/InjectDllx64/InjectDllx64.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-3]MemoryOperationTest/objfre_win7_amd64/amd64/SYS_FILE_NAME.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-3]MemoryOperationTest/objfre_win7_amd64/amd64/SYS_FILE_NAME.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-4]StringOperationTest/objfre_win7_amd64/amd64/SYS_FILE_NAME.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-4]StringOperationTest/objfre_win7_amd64/amd64/SYS_FILE_NAME.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-7]ProcessOperationTest/objfre_win7_amd64/amd64/SYS_FILE_NAME.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-7]ProcessOperationTest/objfre_win7_amd64/amd64/SYS_FILE_NAME.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/exe/EnumSSSDT64.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-1]MonitorCreateExitProcessThread/monitor_create_process_x64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-1]MonitorCreateExitProcessThread/monitor_create_process_x64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-8]PE32+/SimplePE64Viewer/SimplePE64Viewer.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/SuperInsertDll/SuperInsertDll.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/SuperInsertDll/SuperInsertDll.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/HookDll.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/HookDll.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/HookDll.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/HookDll.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/dllmain.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/dllmain.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/targetver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/targetver.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-6]RegistryOperationTest/objfre_win7_amd64/amd64/SYS_FILE_NAME.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[2-6]RegistryOperationTest/objfre_win7_amd64/amd64/SYS_FILE_NAME.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe/EnumSSDT_x64_exe/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe/EnumSSDT_x64_exe/main.cpp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/sys/MyDriver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/sys/MyDriver.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/sys/hook3sdt.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/sys/hook3sdt.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/exe/GetKernelOriCode.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-7]MonitorInternetAccessByWFP/objfre_win7_amd64/amd64/WFP_TEST.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[4-7]MonitorInternetAccessByWFP/objfre_win7_amd64/amd64/WFP_TEST.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/TestDll.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/_HookTest/HookDll.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/_HookTest/HookDll.dll -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/HookDll.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe/EnumSSDT_x64_exe/DrvCtrl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe/EnumSSDT_x64_exe/DrvCtrl.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe/EnumSSDT_x64_exe/GetNtos.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe/EnumSSDT_x64_exe/GetNtos.h -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/exe/MSSCCPRJ.SCC: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/exe/MSSCCPRJ.SCC -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/exe/cls_Driver.cls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/exe/cls_Driver.cls -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/exe/frm_Main.frm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/exe/frm_Main.frm -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-1]MonitorCreateExitProcessThread/src/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=monitor_create_process_x64 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | LINKER_FLAGS=/INTEGRITYCHECK 5 | 6 | INCLUDES=.\ 7 | 8 | SOURCES = MyDriver.c 9 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/WdmDrvLoader/WdmDrvLoader.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/AntiHook.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/_HookTest/AntiHook.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/_HookTest/AntiHook.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/_HookTest/Calculator.lnk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/_HookTest/Calculator.lnk -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-5]EnumAntiMiniFilter/objfre_win7_amd64/amd64/EnumAntiMiniFilter.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[7-5]EnumAntiMiniFilter/objfre_win7_amd64/amd64/EnumAntiMiniFilter.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/SuperInsertDll/SuperInsertDll.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/_HookTest/InjectDllx64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/_HookTest/InjectDllx64.exe -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/_HookTest/NtHookEngine.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/_HookTest/NtHookEngine.dll -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/HookDll.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/InjectDllx64/InjectDllx64.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-4]EnumRemoveObCallback/objfre_win7_amd64/amd64/EnumRemoveObCallback.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[7-4]EnumRemoveObCallback/objfre_win7_amd64/amd64/EnumRemoveObCallback.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-2]EnumRemoveImageNotify/objfre_win7_amd64/amd64/EnumRemoveImageNotify.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[7-2]EnumRemoveImageNotify/objfre_win7_amd64/amd64/EnumRemoveImageNotify.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-3]EnumRemoveCmpCallback/objfre_win7_amd64/amd64/EnumRemoveCmpCallback.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[7-3]EnumRemoveCmpCallback/objfre_win7_amd64/amd64/EnumRemoveCmpCallback.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe/EnumSSDT_x64_exe/EnumSSDT_x64_exe.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/release/NtHookEngine.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/release/NtHookEngine.dll -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/release/NtHookEngine.exp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/release/NtHookEngine.exp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/release/NtHookEngine.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/release/NtHookEngine.lib -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/NtHookEngine.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/NtHookEngine.rc -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/NtHookEngine.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/NtHookEngine.suo -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/NtHookEngine.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/distorm_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/distorm_x64.lib -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/distorm_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/distorm_x86.lib -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/x64/release/NtHookEngine.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/x64/release/NtHookEngine.dll -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/x64/release/NtHookEngine.exp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/x64/release/NtHookEngine.exp -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/x64/release/NtHookEngine.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/x64/release/NtHookEngine.lib -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-1]EnumRemoveProcessThreadNotify/objfre_win7_amd64/amd64/EnumProcessThreadNotify64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FoundSol/Anti-Hook-/HEAD/WIN64驱动编程基础教程/代码/[7-1]EnumRemoveProcessThreadNotify/objfre_win7_amd64/amd64/EnumProcessThreadNotify64.sys -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-5]MonitorProcessThreadHandle/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\MyDriver" 6 | #define LINK_NAME L"\\DosDevices\\MyDriver" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\MyDriver" 8 | -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/ddkpostbld.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | :: $Id$ 3 | setlocal 4 | :: Perform post-build steps 5 | :: An example follows on the next two lines ... 6 | :: xcopy /y ".\obj%BUILD_ALT_DIR%\i386\*.sys" "..\" 7 | :: xcopy /y ".\obj%BUILD_ALT_DIR%\i386\*.pdb" "..\" 8 | endlocal -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/driver/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME = MFTest 2 | TARGETTYPE = DRIVER 3 | DRIVERTYPE = FS 4 | TARGETPATH = obj 5 | 6 | INCLUDES=.\ 7 | 8 | TARGETLIBS = $(TARGETLIBS) \ 9 | $(IFSKIT_LIB_PATH)\fltMgr.lib 10 | 11 | SOURCES = MFTest.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/sys/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-3]MonitorRegistryOperation/src/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf if (DBG) DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\CmRegMonitor" 6 | #define LINK_NAME L"\\DosDevices\\CmRegMonitor" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\CmRegMonitor" -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/ddkpostbld.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | :: $Id$ 3 | setlocal 4 | :: Perform post-build steps 5 | :: An example follows on the next two lines ... 6 | :: xcopy /y ".\obj%BUILD_ALT_DIR%\i386\*.sys" "..\" 7 | :: xcopy /y ".\obj%BUILD_ALT_DIR%\i386\*.pdb" "..\" 8 | endlocal -------------------------------------------------------------------------------- /LookKernelInject/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def 8 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-5]FileOperationTest/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-8]OtherFunction/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-3]CalcSSDTFuncAddr/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-1]DrvInlineASM/src/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def 7 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-2]DkomHideProtect/src/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/sys/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-2]EnumRemoveImageNotify/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-3]EnumRemoveCmpCallback/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-4]EnumRemoveObCallback/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/src/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/sys/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/sys/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/sys/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-5]MonitorProcessThreadHandle/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/sys/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def 7 | -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def 8 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-2]MonitorLoadUnloadDllDriver/src/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-3]MonitorRegistryOperation/src/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/sys/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def 7 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-1]EnumRemoveProcessThreadNotify/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-1]MonitorCreateExitProcessThread/src/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-1]DrvInlineASM/src/dbghelp.h: -------------------------------------------------------------------------------- 1 | #ifndef _DBGHELP_H 2 | #define _DBGHELP_H 1 3 | 4 | #include 5 | 6 | #define dprintf DbgPrint 7 | #define nprintf DbgPrint 8 | 9 | #define kmalloc(_s) ExAllocatePoolWithTag(NonPagedPool, _s, 'SYSQ') 10 | #define kfree(_p) ExFreePool(_p) 11 | 12 | #endif -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-3]MemoryOperationTest/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-4]StringOperationTest/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_sys/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-8]TimeChangeCallback/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-5]EnumAntiMiniFilter/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def 8 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-6]RegistryOperationTest/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-7]ProcessOperationTest/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-1]MonitorCreateExitProcessThread/src/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf DbgPrint 4 | #define DEVICE_NAME L"\\Device\\monitor_create_process_x64" 5 | #define LINK_NAME L"\\DosDevices\\monitor_create_process_x64" 6 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\monitor_create_process_x64" -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/sys/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def -------------------------------------------------------------------------------- /LookKernelInject/sources: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | TARGETNAME=KernelInject 3 | TARGETPATH=obj 4 | TARGETTYPE=DRIVER 5 | 6 | 7 | # Create browse info 8 | #BROWSER_INFO=1 9 | #BROWSERFILE= 10 | 11 | # Additional defines for the C/C++ preprocessor 12 | C_DEFINES=$(C_DEFINES) 13 | 14 | SOURCES=KernelInject.c \ 15 | drvversion.rc 16 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/HideDriver/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def 7 | 8 | # MSC_WARNING_LEVEL=/W1 -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-7]UnlockFile/src/UnlockFile/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def 7 | 8 | # MSC_WARNING_LEVEL=/W1 -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-6]MonitorFileOperationByCallback/src/MAKEFILE: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def 8 | 9 | -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/MyHookPort.vsprops: -------------------------------------------------------------------------------- 1 | 2 | 7 | 12 | 13 | -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/ReloadKernelDriver.vsprops: -------------------------------------------------------------------------------- 1 | 2 | 7 | 12 | 13 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-2]DkomHideProtect/src/buildfre_win7_amd64.log: -------------------------------------------------------------------------------- 1 | BUILD: corrupt database (Directory error) 2 | BUILD: Computing Include file dependencies: 3 | BUILD: Examining i:\sellcode\win64oacr invalidate root:amd64fre /autocleanqueue 4 | 1>Compiling and Linking i:\sellcode\win641>'nmake.exe /nologo BUILDMSG=Stop. -i BUILD_PASS=PASS2 LINKONLY=1 NOPASS0=1 MAKEDIR_RELATIVE_TO_BASEDIR=' 5 | 1>i:\sellcode\win64 -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // NtHookEngine.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-2]EnumRemoveImageNotify/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\EnumRemoveImageNotify" 6 | #define LINK_NAME L"\\DosDevices\\EnumRemoveImageNotify" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\EnumRemoveImageNotify" 8 | 9 | //#define IOCTL_ULR3IN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) //In LONG -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-3]EnumRemoveCmpCallback/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\EnumRemoveCmpCallback" 6 | #define LINK_NAME L"\\DosDevices\\EnumRemoveCmpCallback" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\EnumRemoveCmpCallback" 8 | 9 | //#define IOCTL_ULR3IN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) //In LONG -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/driver/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components of NT OS/2 5 | # 6 | !INCLUDE $(NTMAKEENV)\makefile.def 7 | 8 | !if $(FREEBUILD) 9 | MSC_WARNING_LEVEL=/W1 10 | !else 11 | MSC_WARNING_LEVEL=/W3 12 | !endif -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/sources: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | TARGETNAME=MyHookPort 3 | TARGETPATH=obj 4 | TARGETTYPE=DRIVER 5 | 6 | 7 | # Create browse info 8 | #BROWSER_INFO=1 9 | #BROWSERFILE= 10 | 11 | # Additional defines for the C/C++ preprocessor 12 | C_DEFINES=$(C_DEFINES) 13 | 14 | SOURCES=MyHookPort.cpp \ 15 | drvversion.rc \ 16 | Common.cpp \ 17 | Module.cpp \ 18 | SSDT.cpp 19 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-6]MonitorFileOperationByCallback/src/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=file_monitor_x64 2 | TARGETTYPE=DRIVER 3 | 4 | MSC_WARNING_LEVEL=/W4 /WX 5 | 6 | #pragma warning( disable: 4201 ) // nonstandard extension used : nameless struct/union 7 | #pragma warning( disable: 4214 ) // nonstandard extension used : bit field types other than int 8 | MSC_WARNING_LEVEL=$(MSC_WARNING_LEVEL) /wd4201 /wd4214 9 | 10 | SOURCES=main.c -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-5]EnumAntiMiniFilter/MyDriver.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "mydriver.h" 3 | 4 | VOID DriverUnload(IN PDRIVER_OBJECT DriverObject) 5 | { 6 | DbgPrint("EnumAntiMiniFilter unload\n"); 7 | } 8 | 9 | NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) 10 | { 11 | DriverObject->DriverUnload = DriverUnload; 12 | EnumMiniFilter(); 13 | return STATUS_SUCCESS; 14 | } -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-1]EnumRemoveProcessThreadNotify/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\EnumProcessThreadNotify64" 6 | #define LINK_NAME L"\\DosDevices\\EnumProcessThreadNotify64" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\EnumProcessThreadNotify64" 8 | 9 | //#define IOCTL_ULR3IN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) //In LONG -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-7]MonitorInternetAccessByWFP/sources: -------------------------------------------------------------------------------- 1 | 2 | TARGETNAME=WFP_TEST 3 | TARGETTYPE=DRIVER 4 | 5 | INCLUDES=\ 6 | $(DDK_INC_PATH); 7 | 8 | TARGETLIBS=\ 9 | $(DDK_LIB_PATH)\ntoskrnl.lib \ 10 | $(DDK_LIB_PATH)\ndis.lib \ 11 | $(DDK_LIB_PATH)\fwpkclnt.lib \ 12 | $(SDK_LIB_PATH)\uuid.lib 13 | 14 | C_DEFINES=$(C_DEFINES) -DBINARY_COMPATIBLE=0 -DNT -DUNICODE -D_UNICODE -DNDIS60 -DNDIS_SUPPORT_NDIS6 15 | 16 | SOURCES= denyip.c -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/sources: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | TARGETNAME=ReloadKernelDriver 3 | TARGETPATH=obj 4 | TARGETTYPE=DRIVER 5 | 6 | 7 | # Create browse info 8 | #BROWSER_INFO=1 9 | #BROWSERFILE= 10 | 11 | # Additional defines for the C/C++ preprocessor 12 | C_DEFINES=$(C_DEFINES) 13 | 14 | SOURCES=ReloadKernelDriver.cpp \ 15 | ReloadKernel.cpp \ 16 | Common.cpp \ 17 | Module.cpp \ 18 | SSDT.cpp \ 19 | drvversion.rc 20 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/driver/buildfre_win7_amd64.log: -------------------------------------------------------------------------------- 1 | 0>Bad Path string: L'i:\sellcode\win64 F ' 2 | 3 | BUILD: corrupt database (bad entry type) 4 | BUILD: Computing Include file dependencies: 5 | BUILD: Examining i:\sellcode\win64oacr invalidate root:amd64fre /autocleanqueue 6 | 1>Compiling and Linking i:\sellcode\win641>'nmake.exe /nologo BUILDMSG=Stop. -i BUILD_PASS=PASS2 LINKONLY=1 NOPASS0=1 MAKEDIR_RELATIVE_TO_BASEDIR=' 7 | 1>i:\sellcode\win64 -------------------------------------------------------------------------------- /LookKernelInject/KernelInject.vsprops: -------------------------------------------------------------------------------- 1 | 2 | 7 | 12 | 17 | 18 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-4]StringOperationTest/buildfre_win7_amd64.log: -------------------------------------------------------------------------------- 1 | 0>Bad Path string: L'f:\programming\class\win64 F ' 2 | 3 | 0>Bad Path string: L'f:\programming\class\win64 F ' 4 | 5 | BUILD: Computing Include file dependencies: 6 | BUILD: Examining f:\programming\class\win64oacr invalidate root:amd64fre /autocleanqueue 7 | 1>Compiling and Linking f:\programming\class\win641>'nmake.exe /nologo BUILDMSG=Stop. -i BUILD_PASS=PASS2 LINKONLY=1 NOPASS0=1 MAKEDIR_RELATIVE_TO_BASEDIR=' 8 | 1>f:\programming\class\win64 -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/sys/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf if (DBG) DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\Fuck3SDT" 6 | #define LINK_NAME L"\\DosDevices\\Fuck3SDT" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\Fuck3SDT" 8 | 9 | #define IOCTL_HOOK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) //In LONG 10 | #define IOCTL_UNHOOK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS) //In BSTR -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/sys/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\ClrKIH64" 6 | #define LINK_NAME L"\\DosDevices\\ClrKIH64" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\ClrKIH64" 8 | 9 | #define IOCTL_GET_CUR_CODE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) //get current code 10 | #define IOCTL_SET_ORI_CODE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS) //clear inline hook -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/buildinc.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set WORKPATH=%1 4 | if {%WORKPATH%}=={} set WORKPATH=. 5 | set BUILD=%WORKPATH%\BUILD 6 | set outfile=%WORKPATH%\buildnumber.h 7 | for /f "" %%i in ('type "%BUILD%"') do ( 8 | set BUILDNR=%%i 9 | ) 10 | set /a BUILDNR=%BUILDNR%+1 11 | echo New build number is %BUILDNR% ... 12 | echo // Automatically created file! > %outfile% 13 | echo #define _FILE_VERSION_BUILD %BUILDNR% >> %outfile% 14 | echo. >> %outfile% 15 | echo %BUILDNR% > %BUILD% 16 | endlocal 17 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-5]EnumAntiMiniFilter/sources: -------------------------------------------------------------------------------- 1 | TARGETNAME=EnumAntiMiniFilter 2 | TARGETTYPE=DRIVER 3 | TARGETPATH=obj 4 | LINKER_FLAGS=/INTEGRITYCHECK 5 | 6 | INCLUDES=.\ 7 | 8 | SOURCES = MyDriver.c 9 | 10 | C_DEFINES=$(C_DEFINES) -DBINARY_COMPATIBLE=0 -DNT -DUNICODE -D_UNICODE -DNDIS60 -DNDIS_SUPPORT_NDIS6 11 | 12 | TARGETLIBS=\ 13 | $(DDK_LIB_PATH)\fltmgr.lib \ 14 | $(DDK_LIB_PATH)\ntoskrnl.lib \ 15 | $(DDK_LIB_PATH)\ndis.lib \ 16 | $(DDK_LIB_PATH)\fwpkclnt.lib \ 17 | $(SDK_LIB_PATH)\uuid.lib \ 18 | $(IFSKIT_LIB_PATH)\fltMgr.lib -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/buildinc.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set WORKPATH=%1 4 | if {%WORKPATH%}=={} set WORKPATH=. 5 | set BUILD=%WORKPATH%\BUILD 6 | set outfile=%WORKPATH%\buildnumber.h 7 | for /f "" %%i in ('type "%BUILD%"') do ( 8 | set BUILDNR=%%i 9 | ) 10 | set /a BUILDNR=%BUILDNR%+1 11 | echo New build number is %BUILDNR% ... 12 | echo // Automatically created file! > %outfile% 13 | echo #define _FILE_VERSION_BUILD %BUILDNR% >> %outfile% 14 | echo. >> %outfile% 15 | echo %BUILDNR% > %BUILD% 16 | endlocal 17 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by NtHookEngine.rc 4 | 5 | // Next default values for new objects 6 | // 7 | #ifdef APSTUDIO_INVOKED 8 | #ifndef APSTUDIO_READONLY_SYMBOLS 9 | #define _APS_NEXT_RESOURCE_VALUE 101 10 | #define _APS_NEXT_COMMAND_VALUE 40001 11 | #define _APS_NEXT_CONTROL_VALUE 1001 12 | #define _APS_NEXT_SYMED_VALUE 101 13 | #endif 14 | #endif 15 | -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/Common.cpp: -------------------------------------------------------------------------------- 1 | #include "Common.h" 2 | 3 | ////////////////////////////////////////////////////////////////////////// 4 | // PageProtectOn 5 | VOID PageProtectOn() 6 | { 7 | _asm 8 | { 9 | sti 10 | mov eax, cr0 11 | or eax, 0x10000 12 | mov cr0, eax 13 | } 14 | } 15 | 16 | ////////////////////////////////////////////////////////////////////////// 17 | // PageProtectOff 18 | VOID PageProtectOff() 19 | { 20 | _asm 21 | { 22 | mov eax, cr0 23 | and eax, not 0x10000 24 | mov cr0, eax 25 | cli 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/Common.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #define TAG 'Ddk ' 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | extern NTKERNELAPI ULONG NtBuildNumber; 12 | #ifdef __cplusplus 13 | }; // extern "C" 14 | #endif 15 | 16 | ////////////////////////////////////////////////////////////////////////// 17 | // PageProtectOn 18 | VOID PageProtectOn(); 19 | 20 | ////////////////////////////////////////////////////////////////////////// 21 | // PageProtectOff 22 | VOID PageProtectOff(); 23 | -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/Common.cpp: -------------------------------------------------------------------------------- 1 | #include "Common.h" 2 | 3 | ////////////////////////////////////////////////////////////////////////// 4 | // PageProtectOn 5 | VOID PageProtectOn() 6 | { 7 | _asm 8 | { 9 | sti 10 | mov eax, cr0 11 | or eax, 0x10000 12 | mov cr0, eax 13 | } 14 | } 15 | 16 | ////////////////////////////////////////////////////////////////////////// 17 | // PageProtectOff 18 | VOID PageProtectOff() 19 | { 20 | _asm 21 | { 22 | mov eax, cr0 23 | and eax, not 0x10000 24 | mov cr0, eax 25 | cli 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/Common.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #define TAG 'Ddk ' 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | extern NTKERNELAPI ULONG NtBuildNumber; 12 | #ifdef __cplusplus 13 | }; // extern "C" 14 | #endif 15 | 16 | ////////////////////////////////////////////////////////////////////////// 17 | // PageProtectOn 18 | VOID PageProtectOn(); 19 | 20 | ////////////////////////////////////////////////////////////////////////// 21 | // PageProtectOff 22 | VOID PageProtectOff(); 23 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/sys/Win7x64Drv.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #ifndef _Win7x64Drv_H 4 | #define _Win7x64Drv_H 1 5 | 6 | #define DEVICE_NAME L"\\Device\\devWin7x64Drv" //Driver Name 7 | #define LINK_NAME L"\\DosDevices\\Win7x64Drv" //Link Name 8 | 9 | #define IOCTL_BASE 0x800 10 | #define MY_CTL_CODE(i) CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASE+i, METHOD_BUFFERED, FILE_ANY_ACCESS) 11 | 12 | #define IOCTL_PsKillProcess64 MY_CTL_CODE(6) 13 | #define IOCTL_PsSuspendProcess64 MY_CTL_CODE(7) 14 | #define IOCTL_PsResumeProcess64 MY_CTL_CODE(8) 15 | 16 | #endif -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | *.sln merge=union 7 | *.csproj merge=union 8 | *.vbproj merge=union 9 | *.fsproj merge=union 10 | *.dbproj merge=union 11 | 12 | # Standard to msysgit 13 | *.doc diff=astextplain 14 | *.DOC diff=astextplain 15 | *.docx diff=astextplain 16 | *.DOCX diff=astextplain 17 | *.dot diff=astextplain 18 | *.DOT diff=astextplain 19 | *.pdf diff=astextplain 20 | *.PDF diff=astextplain 21 | *.rtf diff=astextplain 22 | *.RTF diff=astextplain 23 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/sys/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf if (DBG) DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\SSSDTx64" 6 | #define LINK_NAME L"\\DosDevices\\SSSDTx64" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\SSSDTx64" 8 | 9 | #define IOCTL_GET_W32PSRVT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x806, METHOD_BUFFERED, FILE_ANY_ACCESS) 10 | #define IOCTL_GET_3SDTADDR CTL_CODE(FILE_DEVICE_UNKNOWN, 0x807, METHOD_BUFFERED, FILE_ANY_ACCESS) 11 | #define IOCTL_UNHOOK_SSSDT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x808, METHOD_BUFFERED, FILE_ANY_ACCESS) -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/calc_ctl_code/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | DWORD CTL_CODE_GEN(DWORD lngFunction) 5 | { 6 | //const DWORD FILE_DEVICE_UNKNOWN = 0x22; 7 | //const DWORD METHOD_BUFFERED = 0; 8 | //const DWORD FILE_ANY_ACCESS = 0; 9 | return (FILE_DEVICE_UNKNOWN * 65536) | (FILE_ANY_ACCESS * 16384) | (lngFunction * 4) | METHOD_BUFFERED; 10 | } 11 | 12 | int main() 13 | { 14 | _s: 15 | DWORD dw; 16 | printf("Input HEX CTL_CODE: ");scanf("%x",&dw); 17 | printf("Output: %ld(0x%X)\n\n",CTL_CODE_GEN(dw),CTL_CODE_GEN(dw)); 18 | getchar(); 19 | goto _s; 20 | } -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Windows image file caches 2 | Thumbs.db 3 | ehthumbs.db 4 | 5 | # Folder config file 6 | Desktop.ini 7 | 8 | # Recycle Bin used on file shares 9 | $RECYCLE.BIN/ 10 | 11 | # Windows Installer files 12 | *.cab 13 | *.msi 14 | *.msm 15 | *.msp 16 | 17 | # ========================= 18 | # Operating System Files 19 | # ========================= 20 | 21 | # OSX 22 | # ========================= 23 | 24 | .DS_Store 25 | .AppleDouble 26 | .LSOverride 27 | 28 | # Icon must ends with two \r. 29 | Icon 30 | 31 | # Thumbnails 32 | ._* 33 | 34 | # Files that might appear on external disk 35 | .Spotlight-V100 36 | .Trashes 37 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_sys/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf if (DBG) DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\emSSDT64" 6 | #define LINK_NAME L"\\DosDevices\\emSSDT64" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\emSSDT64" 8 | 9 | #define IOCTL_ClrSSDTHOOK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) //Clear ssdt hook 10 | #define IOCTL_GetKiSrvTab CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS) //Get KiServiceTable 11 | #define IOCTL_GetFuncAddr CTL_CODE(FILE_DEVICE_UNKNOWN, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS) //Get function address -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/exe/mod_DrvFunc.bas: -------------------------------------------------------------------------------- 1 | Attribute VB_Name = "mod_DrvFunc" 2 | Option Explicit 3 | 4 | Public DrvController As New cls_Driver 5 | 6 | Public Declare Sub CopyMemory Lib "ntdll" Alias "RtlMoveMemory" (ByVal pDst As Long, ByVal pSrc As Long, ByVal BLen As Long) 7 | Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long 8 | 9 | Public Sub HOOK_SSSDT() 10 | With DrvController 11 | .IoControl .CTL_CODE_GEN(&H800), 0, 0, 0, 0 12 | End With 13 | End Sub 14 | 15 | Public Sub UNHOOK_SSSDT() 16 | With DrvController 17 | .IoControl .CTL_CODE_GEN(&H801), 0, 0, 0, 0 18 | End With 19 | End Sub 20 | 21 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/sys/Win7x64Drv.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #ifndef _Win7x64Drv_H 4 | #define _Win7x64Drv_H 1 5 | 6 | #define DEVICE_NAME L"\\Device\\devKRWProcess" //Driver Name 7 | #define LINK_NAME L"\\DosDevices\\KRWProcess" //Link Name 8 | 9 | #define IOCTL_BASE 0x800 10 | #define MY_CTL_CODE(i) CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASE+i, METHOD_BUFFERED, FILE_ANY_ACCESS) 11 | #define IOCTL_InputProcessId MY_CTL_CODE(1) 12 | #define IOCTL_InputBaseAddress MY_CTL_CODE(2) 13 | #define IOCTL_InputReadWriteLen MY_CTL_CODE(3) 14 | #define IOCTL_KReadProcessMemory MY_CTL_CODE(4) 15 | #define IOCTL_KWriteProcessMemory MY_CTL_CODE(5) 16 | #define IOCTL_MmKillProcess64 MY_CTL_CODE(6) //PVASE 17 | 18 | #endif -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/KillProcessByPostMessage/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | int main() 6 | { 7 | DWORD pid,wpid,i,j; 8 | HWND hWnd; 9 | st: 10 | system("cls"); 11 | printf("Input pid: "); 12 | scanf("%ld",&pid); 13 | for(i=100; i<0xffffff; i+=2) 14 | { 15 | GetWindowThreadProcessId(i,&wpid); 16 | if(wpid==pid && IsWindowVisible((HWND)i)==1) 17 | { 18 | hWnd=i; 19 | for(j=0; j<0x10000; j++) 20 | { 21 | PostMessage(hWnd,j,0,0); 22 | } 23 | } 24 | } 25 | printf("OK!"); 26 | getchar(); 27 | getchar(); 28 | goto st; 29 | return 0; 30 | } 31 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/SuperInsertDll/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "main.h" 4 | 5 | typedef long (__fastcall *RTLADJUSTPRIVILEGE64)(ULONG,ULONG,ULONG,PVOID); 6 | RTLADJUSTPRIVILEGE64 RtlAdjustPrivilege; 7 | 8 | int main() 9 | { 10 | WCHAR dllname[MAX_PATH]={0};//L"c:\\testdll.DLL"; 11 | DWORD dwPID=0,dwRetVal=0; 12 | RtlAdjustPrivilege=(RTLADJUSTPRIVILEGE64)GetProcAddress(LoadLibraryW(L"ntdll.dll"),"RtlAdjustPrivilege"); 13 | RtlAdjustPrivilege(20,1,0,&dwRetVal);//debug 14 | printf("input pid: ");scanf("%ld",&dwPID); 15 | printf("input dll full path: ");scanf("%ws",dllname); 16 | InjectDllExW(dwPID,dllname); 17 | getchar(); 18 | printf("inject over!"); 19 | getchar(); 20 | return 0; 21 | } -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-1]Wow64&CompatibleMode/兼容模式相关测试代码/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | typedef long (__stdcall *RTLGETVERSION)(POSVERSIONINFO); 6 | 7 | int main() 8 | { 9 | RTLGETVERSION RtlGetVersion=(RTLGETVERSION)GetProcAddress(GetModuleHandleA("ntdll.dll"),"RtlGetVersion"); 10 | OSVERSIONINFO osv1={0},osv2={0}; 11 | //way 1 12 | osv1.dwOSVersionInfoSize=sizeof(OSVERSIONINFO); 13 | GetVersionEx(&osv1); 14 | printf("Get Build Number by GetVersionEx: %ld\n",osv1.dwBuildNumber); 15 | //way 2 16 | osv2.dwOSVersionInfoSize=sizeof(OSVERSIONINFO); 17 | RtlGetVersion(&osv2); 18 | printf("Get Build Number by RtlGetVersion: %ld\n",osv2.dwBuildNumber); 19 | //show info 20 | getchar(); 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-1]DrvInlineASM/src/Win7x64Drv.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #ifndef _Win7x64Drv_H 4 | #define _Win7x64Drv_H 1 5 | //============================================ 6 | #define DEVICE_NAME L"\\Device\\devWin64InlineASM" //Driver Name 7 | #define LINK_NAME L"\\DosDevices\\Win64InlineASM" //Link Name 8 | //============================================ 9 | #define IOCTL_BASE 0x800 10 | #define MY_CTL_CODE(i) \ 11 | CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASE+i, METHOD_BUFFERED, FILE_ANY_ACCESS) 12 | #define IOCTL_PauseThrdProtect MY_CTL_CODE(1) 13 | #define IOCTL_ResumeThrdProtect MY_CTL_CODE(2) 14 | #define IOCTL_ProtectProcess MY_CTL_CODE(3) 15 | #define IOCTL_UnprotectProcess MY_CTL_CODE(4) 16 | #define IOCTL_ProtectThread MY_CTL_CODE(5) 17 | //============================================ 18 | #endif -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-7]MonitorInternetAccessByWFP/makefile: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the components. 5 | # 6 | 7 | # Ensure that build environment is at least Windows Vista 8 | # 0x500 == Windows 2000 9 | # 0x501 == Windows XP 10 | # 0x600 == Windows Vista 11 | 12 | !IF DEFINED(_NT_TARGET_VERSION) 13 | ! IF $(_NT_TARGET_VERSION)>=0x600 14 | ! INCLUDE $(NTMAKEENV)\makefile.def 15 | ! ELSE 16 | ! INCLUDE $(NTMAKEENV)\makefile.plt 17 | ! IF "$(BUILD_PASS)"=="PASS1" 18 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target. 19 | ! ENDIF 20 | ! ENDIF 21 | !ELSE 22 | ! INCLUDE $(NTMAKEENV)\makefile.def 23 | !ENDIF 24 | 25 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/sys/rwkm.h: -------------------------------------------------------------------------------- 1 | 2 | BOOLEAN VxkCopyMemory( PVOID pDestination, PVOID pSourceAddress, SIZE_T SizeOfCopy ) 3 | { 4 | PMDL pMdl = NULL; 5 | PVOID pSafeAddress = NULL; 6 | pMdl = IoAllocateMdl( pSourceAddress, (ULONG)SizeOfCopy, FALSE, FALSE, NULL ); 7 | if( !pMdl ) return FALSE; 8 | __try 9 | { 10 | MmProbeAndLockPages( pMdl, KernelMode, IoReadAccess ); 11 | } 12 | __except(EXCEPTION_EXECUTE_HANDLER) 13 | { 14 | IoFreeMdl( pMdl ); 15 | return FALSE; 16 | } 17 | pSafeAddress = MmGetSystemAddressForMdlSafe( pMdl, NormalPagePriority ); 18 | if( !pSafeAddress ) return FALSE; 19 | RtlCopyMemory( pDestination, pSafeAddress, SizeOfCopy ); 20 | MmUnlockPages( pMdl ); 21 | IoFreeMdl( pMdl ); 22 | return TRUE; 23 | } 24 | 25 | ULONG64 rwkm_adr=0, rwkm_len=0; -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/sys/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\EnumMsgHook64" 6 | #define LINK_NAME L"\\DosDevices\\EnumMsgHook64" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\EnumMsgHook64" 8 | 9 | #define IOCTL_READ_KRNL_MM CTL_CODE(FILE_DEVICE_UNKNOWN, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS) //read kernel 10 | #define IOCTL_MODIFY_KN_MM CTL_CODE(FILE_DEVICE_UNKNOWN, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS) //write kernel 11 | #define IOCTL_SET_RWKM_ADR CTL_CODE(FILE_DEVICE_UNKNOWN, 0x809, METHOD_BUFFERED, FILE_ANY_ACCESS) //set address 12 | #define IOCTL_SET_RWKM_LEN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x80A, METHOD_BUFFERED, FILE_ANY_ACCESS) //set length 13 | 14 | #define IOCTL_GET_PN_BY_ET CTL_CODE(FILE_DEVICE_UNKNOWN, 0x7FF, METHOD_BUFFERED, FILE_ANY_ACCESS) //set length -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-3]CalcSSDTFuncAddr/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf if (DBG) DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\MyDriver" 6 | #define LINK_NAME L"\\DosDevices\\MyDriver" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\MyDriver" 8 | 9 | #define IOCTL_ULR3IN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) //In LONG 10 | #define IOCTL_USR3IN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS) //In BSTR 11 | #define IOCTL_GetKPEB CTL_CODE(FILE_DEVICE_UNKNOWN, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS) //Out LONG 12 | #define IOCTL_GetBSTR CTL_CODE(FILE_DEVICE_UNKNOWN, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS) //Out BSTR 13 | #define IOCTL_ReInline CTL_CODE(FILE_DEVICE_UNKNOWN, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS) //Test Call Only 14 | #define IOCTL_Struct CTL_CODE(FILE_DEVICE_UNKNOWN, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS) //I+O Struct -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/hook/src/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf DbgPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\hookssdt_x64" 6 | #define LINK_NAME L"\\DosDevices\\hookssdt_x64" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\hookssdt_x64" 8 | 9 | #define IOCTL_ULR3IN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) //In LONG 10 | #define IOCTL_USR3IN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS) //In BSTR 11 | #define IOCTL_GetKPEB CTL_CODE(FILE_DEVICE_UNKNOWN, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS) //Out LONG 12 | #define IOCTL_GetBSTR CTL_CODE(FILE_DEVICE_UNKNOWN, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS) //Out BSTR 13 | #define IOCTL_ReInline CTL_CODE(FILE_DEVICE_UNKNOWN, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS) //Test Call Only 14 | #define IOCTL_Struct CTL_CODE(FILE_DEVICE_UNKNOWN, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS) //I+O Struct -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-2]DkomHideProtect/src/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf DbgPrint //KdPrint 4 | 5 | #define DEVICE_NAME L"\\Device\\Win7x64HideProtect" 6 | #define LINK_NAME L"\\DosDevices\\Win7x64HideProtect" 7 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\Win7x64HideProtect" 8 | 9 | #define IOCTL_ULR3IN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) //In LONG 10 | #define IOCTL_USR3IN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS) //In BSTR 11 | #define IOCTL_GetKPEB CTL_CODE(FILE_DEVICE_UNKNOWN, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS) //Out LONG 12 | #define IOCTL_GetBSTR CTL_CODE(FILE_DEVICE_UNKNOWN, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS) //Out BSTR 13 | #define IOCTL_ReInline CTL_CODE(FILE_DEVICE_UNKNOWN, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS) //Test Call Only 14 | #define IOCTL_Struct CTL_CODE(FILE_DEVICE_UNKNOWN, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS) //I+O Struct -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/hook/SSSDTHook_NtUserPostMessage/exe/MyDriver.vbp: -------------------------------------------------------------------------------- 1 | Type=Exe 2 | Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\SysWOW64\stdole2.tlb#OLE Automation 3 | Class=cls_Driver; cls_Driver.cls 4 | Form=frm_Main.frm 5 | Module=mod_DrvFunc; mod_DrvFunc.bas 6 | Startup="frm_Main" 7 | HelpFile="" 8 | Title="MyDriver" 9 | ExeName32="MyDriver.exe" 10 | Command32="" 11 | Name="MyDriver" 12 | HelpContextID="0" 13 | CompatibleMode="0" 14 | MajorVer=1 15 | MinorVer=0 16 | RevisionVer=0 17 | AutoIncrementVer=0 18 | ServerSupportFiles=0 19 | VersionCompanyName="Tesla.Angela" 20 | CompilationType=0 21 | OptimizationType=0 22 | FavorPentiumPro(tm)=0 23 | CodeViewDebugInfo=0 24 | NoAliasing=0 25 | BoundsCheck=0 26 | OverflowCheck=0 27 | FlPointCheck=0 28 | FDIVCheck=0 29 | UnroundedFP=0 30 | StartMode=0 31 | Unattended=0 32 | Retained=0 33 | ThreadPerObject=0 34 | MaxNumberOfThreads=1 35 | 36 | [MS Transaction Server] 37 | AutoRefresh=1 38 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-4]ForceKillProcess/exe/Win7x64Drv.vbp: -------------------------------------------------------------------------------- 1 | Type=Exe 2 | Form=form1.frm 3 | Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\SysWOW64\stdole2.tlb#OLE Automation 4 | Class=cls_Driver; cls_Driver.cls 5 | Module=Mod_MemClr; Mod_MemClr.bas 6 | IconForm="Form1" 7 | Startup="Form1" 8 | HelpFile="" 9 | Title="Win7x64Drv" 10 | ExeName32="Win7x64Drv.exe" 11 | Command32="" 12 | Name="Win7x64Drv" 13 | HelpContextID="0" 14 | CompatibleMode="0" 15 | MajorVer=1 16 | MinorVer=0 17 | RevisionVer=0 18 | AutoIncrementVer=0 19 | ServerSupportFiles=0 20 | VersionCompanyName="Tesla.Angela" 21 | VersionProductName="Win7x64Drv" 22 | CompilationType=0 23 | OptimizationType=0 24 | FavorPentiumPro(tm)=0 25 | CodeViewDebugInfo=0 26 | NoAliasing=0 27 | BoundsCheck=0 28 | OverflowCheck=0 29 | FlPointCheck=0 30 | FDIVCheck=0 31 | UnroundedFP=0 32 | StartMode=0 33 | Unattended=0 34 | Retained=0 35 | ThreadPerObject=0 36 | MaxNumberOfThreads=1 37 | 38 | [MS Transaction Server] 39 | AutoRefresh=1 40 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/exe/Win7x64Drv.vbp: -------------------------------------------------------------------------------- 1 | Type=Exe 2 | Form=form1.frm 3 | Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\SysWOW64\stdole2.tlb#OLE Automation 4 | Class=cls_Driver; cls_Driver.cls 5 | Module=Mod_MemClr; Mod_MemClr.bas 6 | IconForm="Form1" 7 | Startup="Form1" 8 | HelpFile="" 9 | Title="Win7x64Drv" 10 | ExeName32="KRWProcess.exe" 11 | Path32="..\..\..\Test" 12 | Command32="" 13 | Name="Win7x64Drv" 14 | HelpContextID="0" 15 | CompatibleMode="0" 16 | MajorVer=1 17 | MinorVer=0 18 | RevisionVer=0 19 | AutoIncrementVer=0 20 | ServerSupportFiles=0 21 | VersionCompanyName="Tesla.Angela" 22 | VersionProductName="Win7x64Drv" 23 | CompilationType=0 24 | OptimizationType=0 25 | FavorPentiumPro(tm)=0 26 | CodeViewDebugInfo=0 27 | NoAliasing=0 28 | BoundsCheck=0 29 | OverflowCheck=0 30 | FlPointCheck=0 31 | FDIVCheck=0 32 | UnroundedFP=0 33 | StartMode=0 34 | Unattended=0 35 | Retained=0 36 | ThreadPerObject=0 37 | MaxNumberOfThreads=1 38 | 39 | [MS Transaction Server] 40 | AutoRefresh=1 41 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/calc_ctl_code/calc_ctl_code.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-2]DisableWin7KPP&DSE/VC/disable_pgds.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/EnumDriver/EnumDriver.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-8]PE32+/SimplePE64Viewer/SimplePE64Viewer.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/WdmDrvLoader/WdmDrvLoader.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/InjectDllx64/InjectDllx64.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 头文件 20 | 21 | 22 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-2]DisableWin7KPP&DSE/ASM/一键破解.cmd: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | ECHO. 4 | ECHO Creating patched copies of winload, ntkrnlmp/ntoskrnl... 5 | ECHO. 6 | patch.exe 7 | 8 | ECHO. 9 | ECHO Creating BCD Entry... 10 | ECHO. 11 | set ENTRY_GUID={46595952-454E-4F50-4747-554944FFFFFF} 12 | bcdedit -create %ENTRY_GUID% -d "DriverSigning&PatchGuard Disabled" -application OSLOADER 13 | bcdedit -set %ENTRY_GUID% device partition=%SYSTEMDRIVE% 14 | bcdedit -set %ENTRY_GUID% osdevice partition=%SYSTEMDRIVE% 15 | bcdedit -set %ENTRY_GUID% systemroot \Windows 16 | bcdedit -set %ENTRY_GUID% path \Windows\system32\freeload.exe 17 | bcdedit -set %ENTRY_GUID% kernel goodkrnl.exe 18 | bcdedit -set %ENTRY_GUID% recoveryenabled 0 19 | bcdedit -set %ENTRY_GUID% nx OptOut 20 | bcdedit -set %ENTRY_GUID% nointegritychecks 1 21 | bcdedit -set %ENTRY_GUID% testsigning 1 22 | bcdedit -displayorder %ENTRY_GUID% -addlast 23 | bcdedit -timeout 5 24 | bcdedit -default %ENTRY_GUID% 25 | 26 | ECHO. 27 | ECHO Setting PEAUTH service to manual... (avoid BSOD at login screen) 28 | ECHO. 29 | sc config peauth start= demand 30 | 31 | ECHO. 32 | ECHO Complete! 33 | ECHO. 34 | PAUSE 35 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | 控制台应用程序:AntiHook 项目概述 3 | ======================================================================== 4 | 5 | 应用程序向导已为您创建了此 AntiHook 应用程序。 6 | 7 | 本文件概要介绍组成 AntiHook 应用程序的每个文件的内容。 8 | 9 | 10 | AntiHook.vcxproj 11 | 这是使用应用程序向导生成的 VC++ 项目的主项目文件, 12 | 其中包含生成该文件的 Visual C++ 13 | 的版本信息,以及有关使用应用程序向导选择的平台、配置和项目功能的信息。 14 | 15 | AntiHook.vcxproj.filters 16 | 这是使用“应用程序向导”生成的 VC++ 项目筛选器文件。 17 | 它包含有关项目文件与筛选器之间的关联信息。 在 IDE 18 | 中,通过这种关联,在特定节点下以分组形式显示具有相似扩展名的文件。 19 | 例如,“.cpp”文件与“源文件”筛选器关联。 20 | 21 | AntiHook.cpp 22 | 这是主应用程序源文件。 23 | 24 | ///////////////////////////////////////////////////////////////////////////// 25 | 其他标准文件: 26 | 27 | StdAfx.h,StdAfx.cpp 28 | 这些文件用于生成名为 AntiHook.pch 的预编译头 (PCH) 文件和 29 | 名为 StdAfx.obj 的预编译类型文件。 30 | 31 | ///////////////////////////////////////////////////////////////////////////// 32 | 其他注释: 33 | 34 | 应用程序向导使用“TODO:”注释来指示应添加或自定义的源代码部分。 35 | 36 | ///////////////////////////////////////////////////////////////////////////// 37 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/exe/exe.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | 23 | 24 | 头文件 25 | 26 | 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-2]ScmDrvLoader/ScmDrvLoader.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | 23 | 24 | 头文件 25 | 26 | 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/hook/sys/MyDriver.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define dprintf DbgPrint 4 | #define nprintf DbgPrint 5 | 6 | #define DEVICE_NAME L"\\Device\\hook_ps" 7 | #define LINK_NAME L"\\DosDevices\\hook_ps" 8 | #define LINK_GLOBAL_NAME L"\\DosDevices\\Global\\hook_ps" 9 | 10 | #define IOCTL_TEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS) 11 | 12 | HANDLE FileHandle; 13 | 14 | VOID OccupyTaskhost() 15 | { 16 | NTSTATUS ntStatus; 17 | OBJECT_ATTRIBUTES ObjectAttributes; 18 | UNICODE_STRING UniFileName; 19 | IO_STATUS_BLOCK IoStatusBlock; 20 | PCWSTR FileName = L"\\??\\C:\\WINDOWS\\system32\\taskhost.exe"; 21 | RtlInitUnicodeString(&UniFileName , FileName); 22 | InitializeObjectAttributes(&ObjectAttributes,&UniFileName,OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,NULL,NULL); 23 | ntStatus=ZwCreateFile(&FileHandle,GENERIC_READ,&ObjectAttributes,&IoStatusBlock,0,FILE_ATTRIBUTE_NORMAL,0,FILE_OPEN_IF,FILE_NON_DIRECTORY_FILE,NULL,0); 24 | if(!NT_SUCCESS(ntStatus)) 25 | DbgPrint("[OccupyFile] = %d", ntStatus); 26 | else 27 | DbgPrint("[OccupyFile] Success."); 28 | } -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/exe/GetKernelOriCode.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | 23 | 24 | 头文件 25 | 26 | 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/SuperInsertDll/SuperInsertDll.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | 23 | 24 | 头文件 25 | 26 | 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-5]ForceProcMemRW/驱动级模拟盗号/exe/Mod_MemClr.bas: -------------------------------------------------------------------------------- 1 | Attribute VB_Name = "Mod_MemClr" 2 | Option Explicit 3 | 4 | Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long 5 | Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long 6 | Private Declare Function ZwClose Lib "NTDLL.DLL" (ByVal ObjectHandle As Long) As Long 7 | Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long 8 | Private Declare Function NtUnmapViewOfSection Lib "NTDLL.DLL" (ByVal ProcessHandle As Long, ByVal BaseAddress As Long) As Long 9 | Private Declare Sub Sleep Lib "kernel32.dll" (ByVal dwMilliseconds As Long) 10 | Private Const PAGE_EXECUTE_READWRITE& = &H40 11 | Private Const STANDARD_RIGHTS_REQUIRED = &HF0000 12 | Private Const SYNCHRONIZE = &H100000 13 | Private Const SPECIFIC_RIGHTS_ALL = &HFFFF 14 | Private Const STANDARD_RIGHTS_ALL = &H1F0000 15 | Private Const PROCESS_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF 16 | 17 | Public Type LONGLONG 18 | low As Long 19 | high As Long 20 | End Type 21 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-2]ScmDrvLoader/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "ScmDrvCtrl.h" 4 | 5 | #pragma comment(lib,"user32.lib") 6 | 7 | 8 | void GetAppPath(char *szCurFile) //最后带斜杠 9 | { 10 | GetModuleFileNameA(0,szCurFile,MAX_PATH); 11 | for(SIZE_T i=strlen(szCurFile)-1;i>=0;i--) 12 | { 13 | if(szCurFile[i]=='\\') 14 | { 15 | szCurFile[i+1]='\0'; 16 | break; 17 | } 18 | } 19 | } 20 | 21 | int main() 22 | { 23 | BOOL b; 24 | cDrvCtrl dc; 25 | //设置驱动名称 26 | char szSysFile[MAX_PATH]={0}; 27 | char szSvcLnkName[]="KrnlHW64";; 28 | GetAppPath(szSysFile); 29 | strcat(szSysFile,"KrnlHW64.sys"); 30 | //安装并启动驱动 31 | b=dc.Install(szSysFile,szSvcLnkName,szSvcLnkName); 32 | b=dc.Start(); 33 | printf("LoadDriver=%d\n",b); 34 | //“打开”驱动的符号链接 35 | dc.Open("\\\\.\\KrnlHW64"); 36 | //使用控制码控制驱动(0x800:传入一个数字并返回一个数字) 37 | DWORD x=100,y=0,z=0; 38 | dc.IoControl(0x800,&x,sizeof(x),&y,sizeof(y),&z); 39 | printf("INPUT=%ld\nOUTPUT=%ld\nReturnBytesLength=%ld\n",x,y,z); 40 | //使用控制码控制驱动(0x801:在DBGVIEW里显示HELLOWORLD) 41 | dc.IoControl(0x801,0,0,0,0,0); 42 | //关闭符号链接句柄 43 | CloseHandle(dc.m_hDriver); 44 | //停止并卸载驱动 45 | b=dc.Stop(); 46 | b=dc.Remove(); 47 | printf("UnloadDriver=%d\n",b); 48 | getchar(); 49 | return 0; 50 | } -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/exe/EnumSSSDT64.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 头文件 20 | 21 | 22 | 头文件 23 | 24 | 25 | 26 | 27 | 源文件 28 | 29 | 30 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[7-2]EnumRemoveImageNotify/ImgNotify.h: -------------------------------------------------------------------------------- 1 | 2 | ULONG64 FindPspLoadImageNotifyRoutine() 3 | { 4 | ULONG64 i=0,pCheckArea=0; 5 | UNICODE_STRING unstrFunc; 6 | RtlInitUnicodeString(&unstrFunc, L"PsSetLoadImageNotifyRoutine"); 7 | pCheckArea = (ULONG64)MmGetSystemRoutineAddress (&unstrFunc); 8 | DbgPrint("PsSetLoadImageNotifyRoutine: %llx",pCheckArea); 9 | for(i=pCheckArea;i 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | 23 | 24 | 头文件 25 | 26 | 27 | 头文件 28 | 29 | 30 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-6]EnumMsgHook/src/exe/exe.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "exe", "exe.vcxproj", "{3DBC5DEC-A3DB-4DA7-A494-1A867528C281}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {3DBC5DEC-A3DB-4DA7-A494-1A867528C281}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {3DBC5DEC-A3DB-4DA7-A494-1A867528C281}.Debug|Win32.Build.0 = Debug|Win32 16 | {3DBC5DEC-A3DB-4DA7-A494-1A867528C281}.Debug|x64.ActiveCfg = Debug|x64 17 | {3DBC5DEC-A3DB-4DA7-A494-1A867528C281}.Debug|x64.Build.0 = Debug|x64 18 | {3DBC5DEC-A3DB-4DA7-A494-1A867528C281}.Release|Win32.ActiveCfg = Release|Win32 19 | {3DBC5DEC-A3DB-4DA7-A494-1A867528C281}.Release|Win32.Build.0 = Release|Win32 20 | {3DBC5DEC-A3DB-4DA7-A494-1A867528C281}.Release|x64.ActiveCfg = Release|x64 21 | {3DBC5DEC-A3DB-4DA7-A494-1A867528C281}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | 动态链接库:TestDll 项目概述 3 | ======================================================================== 4 | 5 | 应用程序向导已为您创建了此 TestDll DLL。 6 | 7 | 本文件概要介绍组成 TestDll 应用程序的每个文件的内容。 8 | 9 | 10 | TestDll.vcxproj 11 | 这是使用应用程序向导生成的 VC++ 项目的主项目文件, 12 | 其中包含生成该文件的 Visual C++ 13 | 的版本信息,以及有关使用应用程序向导选择的平台、配置和项目功能的信息。 14 | 15 | TestDll.vcxproj.filters 16 | 这是使用“应用程序向导”生成的 VC++ 项目筛选器文件。 17 | 它包含有关项目文件与筛选器之间的关联信息。 在 IDE 18 | 中,通过这种关联,在特定节点下以分组形式显示具有相似扩展名的文件。 19 | 例如,“.cpp”文件与“源文件”筛选器关联。 20 | 21 | TestDll.cpp 22 | 这是主 DLL 源文件。 23 | 24 | 此 DLL 在创建时不导出任何符号。 因此,在生成此 DLL 时 25 | 生成时不会产生 .lib 文件。 如果希望此项目 26 | 成为其他某个项目的项目依赖项,则需要 27 | 添加代码以从 DLL 导出某些符号, 28 | 以便产生一个导出库,或者,也可以在项目“属性页”对话框中的 29 | “链接器”文件夹中,将“常规”属性页上的 30 | “忽略输入库”属性设置为“是”。 31 | 32 | ///////////////////////////////////////////////////////////////////////////// 33 | 其他标准文件: 34 | 35 | StdAfx.h,StdAfx.cpp 36 | 这些文件用于生成名为 TestDll.pch 的预编译头 (PCH) 文件和 37 | 名为 StdAfx.obj 的预编译类型文件。 38 | 39 | ///////////////////////////////////////////////////////////////////////////// 40 | 其他注释: 41 | 42 | 应用程序向导使用“TODO:”注释来指示应添加或自定义的源代码部分。 43 | 44 | ///////////////////////////////////////////////////////////////////////////// 45 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | 动态链接库:HookDll 项目概述 3 | ======================================================================== 4 | 5 | 应用程序向导已为您创建了此 HookDll DLL。 6 | 7 | 本文件概要介绍组成 HookDll 应用程序的每个文件的内容。 8 | 9 | 10 | HookDll.vcxproj 11 | 这是使用应用程序向导生成的 VC++ 项目的主项目文件, 12 | 其中包含生成该文件的 Visual C++ 13 | 的版本信息,以及有关使用应用程序向导选择的平台、配置和项目功能的信息。 14 | 15 | HookDll.vcxproj.filters 16 | 这是使用“应用程序向导”生成的 VC++ 项目筛选器文件。 17 | 它包含有关项目文件与筛选器之间的关联信息。 在 IDE 18 | 中,通过这种关联,在特定节点下以分组形式显示具有相似扩展名的文件。 19 | 例如,“.cpp”文件与“源文件”筛选器关联。 20 | 21 | HookDll.cpp 22 | 这是主 DLL 源文件。 23 | 24 | 此 DLL 在创建时不导出任何符号。 因此,在生成此 DLL 时 25 | 生成时不会产生 .lib 文件。 如果希望此项目 26 | 成为其他某个项目的项目依赖项,则需要 27 | 添加代码以从 DLL 导出某些符号, 28 | 以便产生一个导出库,或者,也可以在项目“属性页”对话框中的 29 | “链接器”文件夹中,将“常规”属性页上的 30 | “忽略输入库”属性设置为“是”。 31 | 32 | ///////////////////////////////////////////////////////////////////////////// 33 | 其他标准文件: 34 | 35 | StdAfx.h,StdAfx.cpp 36 | 这些文件用于生成名为 HookDll.pch 的预编译头 (PCH) 文件和 37 | 名为 StdAfx.obj 的预编译类型文件。 38 | 39 | ///////////////////////////////////////////////////////////////////////////// 40 | 其他注释: 41 | 42 | 应用程序向导使用“TODO:”注释来指示应添加或自定义的源代码部分。 43 | 44 | ///////////////////////////////////////////////////////////////////////////// 45 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[2-2]ScmDrvLoader/ScmDrvLoader.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ScmDrvLoader", "ScmDrvLoader.vcxproj", "{AB7B78FA-C353-44BD-ADDC-4810A996B64F}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {AB7B78FA-C353-44BD-ADDC-4810A996B64F}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {AB7B78FA-C353-44BD-ADDC-4810A996B64F}.Debug|Win32.Build.0 = Debug|Win32 16 | {AB7B78FA-C353-44BD-ADDC-4810A996B64F}.Debug|x64.ActiveCfg = Debug|x64 17 | {AB7B78FA-C353-44BD-ADDC-4810A996B64F}.Debug|x64.Build.0 = Debug|x64 18 | {AB7B78FA-C353-44BD-ADDC-4810A996B64F}.Release|Win32.ActiveCfg = Release|Win32 19 | {AB7B78FA-C353-44BD-ADDC-4810A996B64F}.Release|Win32.Build.0 = Release|Win32 20 | {AB7B78FA-C353-44BD-ADDC-4810A996B64F}.Release|x64.ActiveCfg = Release|x64 21 | {AB7B78FA-C353-44BD-ADDC-4810A996B64F}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | 动态链接库:HookDll 项目概述 3 | ======================================================================== 4 | 5 | 应用程序向导已为您创建了此 HookDll DLL。 6 | 7 | 本文件概要介绍组成 HookDll 应用程序的每个文件的内容。 8 | 9 | 10 | HookDll.vcxproj 11 | 这是使用应用程序向导生成的 VC++ 项目的主项目文件, 12 | 其中包含生成该文件的 Visual C++ 13 | 的版本信息,以及有关使用应用程序向导选择的平台、配置和项目功能的信息。 14 | 15 | HookDll.vcxproj.filters 16 | 这是使用“应用程序向导”生成的 VC++ 项目筛选器文件。 17 | 它包含有关项目文件与筛选器之间的关联信息。 在 IDE 18 | 中,通过这种关联,在特定节点下以分组形式显示具有相似扩展名的文件。 19 | 例如,“.cpp”文件与“源文件”筛选器关联。 20 | 21 | HookDll.cpp 22 | 这是主 DLL 源文件。 23 | 24 | 此 DLL 在创建时不导出任何符号。 因此,在生成此 DLL 时 25 | 生成时不会产生 .lib 文件。 如果希望此项目 26 | 成为其他某个项目的项目依赖项,则需要 27 | 添加代码以从 DLL 导出某些符号, 28 | 以便产生一个导出库,或者,也可以在项目“属性页”对话框中的 29 | “链接器”文件夹中,将“常规”属性页上的 30 | “忽略输入库”属性设置为“是”。 31 | 32 | ///////////////////////////////////////////////////////////////////////////// 33 | 其他标准文件: 34 | 35 | StdAfx.h,StdAfx.cpp 36 | 这些文件用于生成名为 HookDll.pch 的预编译头 (PCH) 文件和 37 | 名为 StdAfx.obj 的预编译类型文件。 38 | 39 | ///////////////////////////////////////////////////////////////////////////// 40 | 其他注释: 41 | 42 | 应用程序向导使用“TODO:”注释来指示应添加或自定义的源代码部分。 43 | 44 | ///////////////////////////////////////////////////////////////////////////// 45 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-2]DisableWin7KPP&DSE/VC/disable_pgds.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "disable_pgds", "disable_pgds.vcxproj", "{A4335429-5109-4198-B541-E3AC53E11C91}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {A4335429-5109-4198-B541-E3AC53E11C91}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {A4335429-5109-4198-B541-E3AC53E11C91}.Debug|Win32.Build.0 = Debug|Win32 16 | {A4335429-5109-4198-B541-E3AC53E11C91}.Debug|x64.ActiveCfg = Debug|x64 17 | {A4335429-5109-4198-B541-E3AC53E11C91}.Debug|x64.Build.0 = Debug|x64 18 | {A4335429-5109-4198-B541-E3AC53E11C91}.Release|Win32.ActiveCfg = Release|Win32 19 | {A4335429-5109-4198-B541-E3AC53E11C91}.Release|Win32.Build.0 = Release|Win32 20 | {A4335429-5109-4198-B541-E3AC53E11C91}.Release|x64.ActiveCfg = Release|x64 21 | {A4335429-5109-4198-B541-E3AC53E11C91}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-5]SSSDTHookUnhook/unhook/exe/EnumSSSDT64.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "EnumSSSDT64", "EnumSSSDT64.vcxproj", "{EEBD7B47-9840-4445-8E53-72EF7248F82E}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {EEBD7B47-9840-4445-8E53-72EF7248F82E}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {EEBD7B47-9840-4445-8E53-72EF7248F82E}.Debug|Win32.Build.0 = Debug|Win32 16 | {EEBD7B47-9840-4445-8E53-72EF7248F82E}.Debug|x64.ActiveCfg = Debug|x64 17 | {EEBD7B47-9840-4445-8E53-72EF7248F82E}.Debug|x64.Build.0 = Debug|x64 18 | {EEBD7B47-9840-4445-8E53-72EF7248F82E}.Release|Win32.ActiveCfg = Release|Win32 19 | {EEBD7B47-9840-4445-8E53-72EF7248F82E}.Release|Win32.Build.0 = Release|Win32 20 | {EEBD7B47-9840-4445-8E53-72EF7248F82E}.Release|x64.ActiveCfg = Release|x64 21 | {EEBD7B47-9840-4445-8E53-72EF7248F82E}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-3]DriverEnumHide/EnumDriver/EnumDriver.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "EnumDriver", "EnumDriver.vcxproj", "{6D8CF73B-DB93-4B72-B15A-4ADF57697195}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {6D8CF73B-DB93-4B72-B15A-4ADF57697195}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {6D8CF73B-DB93-4B72-B15A-4ADF57697195}.Debug|Win32.Build.0 = Debug|Win32 16 | {6D8CF73B-DB93-4B72-B15A-4ADF57697195}.Debug|x64.ActiveCfg = Debug|x64 17 | {6D8CF73B-DB93-4B72-B15A-4ADF57697195}.Debug|x64.Build.0 = Debug|x64 18 | {6D8CF73B-DB93-4B72-B15A-4ADF57697195}.Release|Win32.ActiveCfg = Release|Win32 19 | {6D8CF73B-DB93-4B72-B15A-4ADF57697195}.Release|Win32.Build.0 = Release|Win32 20 | {6D8CF73B-DB93-4B72-B15A-4ADF57697195}.Release|x64.ActiveCfg = Release|x64 21 | {6D8CF73B-DB93-4B72-B15A-4ADF57697195}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/TestDll.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TestDll", "TestDll.vcxproj", "{1F5E7610-AB49-4309-9A73-48A4407A9C71}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {1F5E7610-AB49-4309-9A73-48A4407A9C71}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {1F5E7610-AB49-4309-9A73-48A4407A9C71}.Debug|Win32.Build.0 = Debug|Win32 16 | {1F5E7610-AB49-4309-9A73-48A4407A9C71}.Debug|x64.ActiveCfg = Debug|x64 17 | {1F5E7610-AB49-4309-9A73-48A4407A9C71}.Debug|x64.Build.0 = Debug|x64 18 | {1F5E7610-AB49-4309-9A73-48A4407A9C71}.Release|Win32.ActiveCfg = Release|Win32 19 | {1F5E7610-AB49-4309-9A73-48A4407A9C71}.Release|Win32.Build.0 = Release|Win32 20 | {1F5E7610-AB49-4309-9A73-48A4407A9C71}.Release|x64.ActiveCfg = Release|x64 21 | {1F5E7610-AB49-4309-9A73-48A4407A9C71}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[1-2]KrnlHW64/calc_ctl_code/calc_ctl_code.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "calc_ctl_code", "calc_ctl_code.vcxproj", "{2E142E4E-1FF4-4555-9A11-2651A5D61F5F}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {2E142E4E-1FF4-4555-9A11-2651A5D61F5F}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {2E142E4E-1FF4-4555-9A11-2651A5D61F5F}.Debug|Win32.Build.0 = Debug|Win32 16 | {2E142E4E-1FF4-4555-9A11-2651A5D61F5F}.Debug|x64.ActiveCfg = Debug|x64 17 | {2E142E4E-1FF4-4555-9A11-2651A5D61F5F}.Debug|x64.Build.0 = Debug|x64 18 | {2E142E4E-1FF4-4555-9A11-2651A5D61F5F}.Release|Win32.ActiveCfg = Release|Win32 19 | {2E142E4E-1FF4-4555-9A11-2651A5D61F5F}.Release|Win32.Build.0 = Release|Win32 20 | {2E142E4E-1FF4-4555-9A11-2651A5D61F5F}.Release|x64.ActiveCfg = Release|x64 21 | {2E142E4E-1FF4-4555-9A11-2651A5D61F5F}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/HookDll.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HookDll", "HookDll.vcxproj", "{B26A90D2-84C8-421B-951B-1F155C5AC649}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Debug|Win32.Build.0 = Debug|Win32 16 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Debug|x64.ActiveCfg = Release|x64 17 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Debug|x64.Build.0 = Release|x64 18 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Release|Win32.ActiveCfg = Release|Win32 19 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Release|Win32.Build.0 = Release|Win32 20 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Release|x64.ActiveCfg = Release|x64 21 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[4-4]MonitorFileOperation/src/WdmDrvLoader/WdmDrvLoader.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WdmDrvLoader", "WdmDrvLoader.vcxproj", "{6F744BCD-FB39-4B16-8CB4-E47F1F428B9E}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {6F744BCD-FB39-4B16-8CB4-E47F1F428B9E}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {6F744BCD-FB39-4B16-8CB4-E47F1F428B9E}.Debug|Win32.Build.0 = Debug|Win32 16 | {6F744BCD-FB39-4B16-8CB4-E47F1F428B9E}.Debug|x64.ActiveCfg = Debug|x64 17 | {6F744BCD-FB39-4B16-8CB4-E47F1F428B9E}.Debug|x64.Build.0 = Debug|x64 18 | {6F744BCD-FB39-4B16-8CB4-E47F1F428B9E}.Release|Win32.ActiveCfg = Release|Win32 19 | {6F744BCD-FB39-4B16-8CB4-E47F1F428B9E}.Release|Win32.Build.0 = Release|Win32 20 | {6F744BCD-FB39-4B16-8CB4-E47F1F428B9E}.Release|x64.ActiveCfg = Release|x64 21 | {6F744BCD-FB39-4B16-8CB4-E47F1F428B9E}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[5-8]PE32+/SimplePE64Viewer/SimplePE64Viewer.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SimplePE64Viewer", "SimplePE64Viewer.vcxproj", "{E8CE3E51-D84D-4BC1-A31C-7DCD17EB8CAA}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {E8CE3E51-D84D-4BC1-A31C-7DCD17EB8CAA}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {E8CE3E51-D84D-4BC1-A31C-7DCD17EB8CAA}.Debug|Win32.Build.0 = Debug|Win32 16 | {E8CE3E51-D84D-4BC1-A31C-7DCD17EB8CAA}.Debug|x64.ActiveCfg = Debug|x64 17 | {E8CE3E51-D84D-4BC1-A31C-7DCD17EB8CAA}.Debug|x64.Build.0 = Debug|x64 18 | {E8CE3E51-D84D-4BC1-A31C-7DCD17EB8CAA}.Release|Win32.ActiveCfg = Release|Win32 19 | {E8CE3E51-D84D-4BC1-A31C-7DCD17EB8CAA}.Release|Win32.Build.0 = Release|Win32 20 | {E8CE3E51-D84D-4BC1-A31C-7DCD17EB8CAA}.Release|x64.ActiveCfg = Release|x64 21 | {E8CE3E51-D84D-4BC1-A31C-7DCD17EB8CAA}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/AntiHook.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AntiHook", "AntiHook.vcxproj", "{C637C9FA-AA18-4D34-A3D9-233B445A41C4}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {C637C9FA-AA18-4D34-A3D9-233B445A41C4}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {C637C9FA-AA18-4D34-A3D9-233B445A41C4}.Debug|Win32.Build.0 = Debug|Win32 16 | {C637C9FA-AA18-4D34-A3D9-233B445A41C4}.Debug|x64.ActiveCfg = Release|x64 17 | {C637C9FA-AA18-4D34-A3D9-233B445A41C4}.Debug|x64.Build.0 = Release|x64 18 | {C637C9FA-AA18-4D34-A3D9-233B445A41C4}.Release|Win32.ActiveCfg = Release|Win32 19 | {C637C9FA-AA18-4D34-A3D9-233B445A41C4}.Release|Win32.Build.0 = Release|Win32 20 | {C637C9FA-AA18-4D34-A3D9-233B445A41C4}.Release|x64.ActiveCfg = Release|x64 21 | {C637C9FA-AA18-4D34-A3D9-233B445A41C4}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/HookDll.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HookDll", "HookDll.vcxproj", "{B26A90D2-84C8-421B-951B-1F155C5AC649}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Debug|Win32.Build.0 = Debug|Win32 16 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Debug|x64.ActiveCfg = Release|x64 17 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Debug|x64.Build.0 = Release|x64 18 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Release|Win32.ActiveCfg = Release|Win32 19 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Release|Win32.Build.0 = Release|Win32 20 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Release|x64.ActiveCfg = Release|x64 21 | {B26A90D2-84C8-421B-951B-1F155C5AC649}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-6]InlineHookUnhook/unhook/exe/GetKernelOriCode.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "GetKernelOriCode", "GetKernelOriCode.vcxproj", "{B33670E5-EC6D-4F19-BB7B-4972B82D562B}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {B33670E5-EC6D-4F19-BB7B-4972B82D562B}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {B33670E5-EC6D-4F19-BB7B-4972B82D562B}.Debug|Win32.Build.0 = Debug|Win32 16 | {B33670E5-EC6D-4F19-BB7B-4972B82D562B}.Debug|x64.ActiveCfg = Debug|x64 17 | {B33670E5-EC6D-4F19-BB7B-4972B82D562B}.Debug|x64.Build.0 = Debug|x64 18 | {B33670E5-EC6D-4F19-BB7B-4972B82D562B}.Release|Win32.ActiveCfg = Release|Win32 19 | {B33670E5-EC6D-4F19-BB7B-4972B82D562B}.Release|Win32.Build.0 = Release|Win32 20 | {B33670E5-EC6D-4F19-BB7B-4972B82D562B}.Release|x64.ActiveCfg = Release|x64 21 | {B33670E5-EC6D-4F19-BB7B-4972B82D562B}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/InjectDllx64/InjectDllx64.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "InjectDllx64", "InjectDllx64.vcxproj", "{5CD28E56-0B26-4D9A-B337-D584EE27EB69}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {5CD28E56-0B26-4D9A-B337-D584EE27EB69}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {5CD28E56-0B26-4D9A-B337-D584EE27EB69}.Debug|Win32.Build.0 = Debug|Win32 16 | {5CD28E56-0B26-4D9A-B337-D584EE27EB69}.Debug|x64.ActiveCfg = Debug|x64 17 | {5CD28E56-0B26-4D9A-B337-D584EE27EB69}.Debug|x64.Build.0 = Debug|x64 18 | {5CD28E56-0B26-4D9A-B337-D584EE27EB69}.Release|Win32.ActiveCfg = Release|Win32 19 | {5CD28E56-0B26-4D9A-B337-D584EE27EB69}.Release|Win32.Build.0 = Release|Win32 20 | {5CD28E56-0B26-4D9A-B337-D584EE27EB69}.Release|x64.ActiveCfg = Release|x64 21 | {5CD28E56-0B26-4D9A-B337-D584EE27EB69}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/SuperInsertDll/SuperInsertDll.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SuperInsertDll", "SuperInsertDll.vcxproj", "{45F6A4FE-C8F0-48F0-9030-F898EF3DBD91}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {45F6A4FE-C8F0-48F0-9030-F898EF3DBD91}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {45F6A4FE-C8F0-48F0-9030-F898EF3DBD91}.Debug|Win32.Build.0 = Debug|Win32 16 | {45F6A4FE-C8F0-48F0-9030-F898EF3DBD91}.Debug|x64.ActiveCfg = Debug|x64 17 | {45F6A4FE-C8F0-48F0-9030-F898EF3DBD91}.Debug|x64.Build.0 = Debug|x64 18 | {45F6A4FE-C8F0-48F0-9030-F898EF3DBD91}.Release|Win32.ActiveCfg = Release|Win32 19 | {45F6A4FE-C8F0-48F0-9030-F898EF3DBD91}.Release|Win32.Build.0 = Release|Win32 20 | {45F6A4FE-C8F0-48F0-9030-F898EF3DBD91}.Release|x64.ActiveCfg = Release|x64 21 | {45F6A4FE-C8F0-48F0-9030-F898EF3DBD91}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[3-4]SSDTHookUnhook/unhook/EnumSSDT_x64_exe/EnumSSDT_x64_exe.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "EnumSSDT_x64_exe", "EnumSSDT_x64_exe\EnumSSDT_x64_exe.vcxproj", "{FDD935F0-C907-472B-8671-3B4958AE66E2}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {FDD935F0-C907-472B-8671-3B4958AE66E2}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {FDD935F0-C907-472B-8671-3B4958AE66E2}.Debug|Win32.Build.0 = Debug|Win32 16 | {FDD935F0-C907-472B-8671-3B4958AE66E2}.Debug|x64.ActiveCfg = Debug|x64 17 | {FDD935F0-C907-472B-8671-3B4958AE66E2}.Debug|x64.Build.0 = Debug|x64 18 | {FDD935F0-C907-472B-8671-3B4958AE66E2}.Release|Win32.ActiveCfg = Release|Win32 19 | {FDD935F0-C907-472B-8671-3B4958AE66E2}.Release|Win32.Build.0 = Release|Win32 20 | {FDD935F0-C907-472B-8671-3B4958AE66E2}.Release|x64.ActiveCfg = Release|x64 21 | {FDD935F0-C907-472B-8671-3B4958AE66E2}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NtHookEngine", "NtHookEngine\NtHookEngine.vcxproj", "{99548A9D-3206-4547-90C0-D4120D4DB3B4}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {99548A9D-3206-4547-90C0-D4120D4DB3B4}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {99548A9D-3206-4547-90C0-D4120D4DB3B4}.Debug|Win32.Build.0 = Debug|Win32 16 | {99548A9D-3206-4547-90C0-D4120D4DB3B4}.Debug|x64.ActiveCfg = Debug|x64 17 | {99548A9D-3206-4547-90C0-D4120D4DB3B4}.Debug|x64.Build.0 = Debug|x64 18 | {99548A9D-3206-4547-90C0-D4120D4DB3B4}.Release|Win32.ActiveCfg = Release|Win32 19 | {99548A9D-3206-4547-90C0-D4120D4DB3B4}.Release|Win32.Build.0 = Release|Win32 20 | {99548A9D-3206-4547-90C0-D4120D4DB3B4}.Release|x64.ActiveCfg = Release|x64 21 | {99548A9D-3206-4547-90C0-D4120D4DB3B4}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/AntiHook/AntiHook.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 头文件 23 | 24 | 25 | 头文件 26 | 27 | 28 | 29 | 30 | 源文件 31 | 32 | 33 | 源文件 34 | 35 | 36 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/InjectDllx64/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | BOOL WINAPI InjectProxyW(DWORD dwPID, PCWSTR pwszProxyFile) 5 | { 6 | BOOL ret = FALSE; 7 | HANDLE hToken = NULL; 8 | HANDLE hProcess = NULL; 9 | HANDLE hThread = NULL; 10 | FARPROC pfnThreadRtn = NULL; 11 | PWSTR pwszPara = NULL; 12 | hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE, dwPID); 13 | pfnThreadRtn = GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW"); 14 | size_t iProxyFileLen = wcslen(pwszProxyFile)*sizeof(WCHAR); //May be in your case iProxyFileLen containes invalid value. 15 | pwszPara = (PWSTR)VirtualAllocEx(hProcess, NULL, iProxyFileLen, MEM_COMMIT, PAGE_READWRITE); 16 | WriteProcessMemory(hProcess, pwszPara, (PVOID)pwszProxyFile, iProxyFileLen, NULL); 17 | hThread = CreateRemoteThread(hProcess, NULL, 1024, (LPTHREAD_START_ROUTINE)pfnThreadRtn, pwszPara, 0, NULL); 18 | WaitForSingleObject(hThread, INFINITE); 19 | CloseHandle(hThread); 20 | VirtualFreeEx(hProcess, pwszPara, 0, MEM_RELEASE); 21 | CloseHandle(hProcess); 22 | return(TRUE); 23 | } 24 | 25 | int main() 26 | { 27 | WCHAR dllname[MAX_PATH]; 28 | DWORD dwPID=0; 29 | printf("input pid: ");scanf("%ld",&dwPID); 30 | printf("input dll full path: ");scanf("%ws",dllname); 31 | //InjectProxyW(dwPID,L"C:\\DLL_TEST.DLL"); 32 | InjectProxyW(dwPID,dllname); 33 | getchar(); 34 | printf("inject over!"); 35 | getchar(); 36 | return 0; 37 | } -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-1]RemoteThreadToSystemProcess/TestDll/TestDll.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 头文件 23 | 24 | 25 | 头文件 26 | 27 | 28 | 29 | 30 | 源文件 31 | 32 | 33 | 源文件 34 | 35 | 36 | 源文件 37 | 38 | 39 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/MiniHookEngineForX86X64/NtHookEngine/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | // Modify the following defines if you have to target a platform prior to the ones specified below. 9 | // Refer to MSDN for the latest info on corresponding values for different platforms. 10 | #ifndef WINVER // Allow use of features specific to Windows XP or later. 11 | #define WINVER 0x0501 // Change this to the appropriate value to target other versions of Windows. 12 | #endif 13 | 14 | #ifndef _WIN32_WINNT // Allow use of features specific to Windows XP or later. 15 | #define _WIN32_WINNT 0x0501 // Change this to the appropriate value to target other versions of Windows. 16 | #endif 17 | 18 | #ifndef _WIN32_WINDOWS // Allow use of features specific to Windows 98 or later. 19 | #define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later. 20 | #endif 21 | 22 | #ifndef _WIN32_IE // Allow use of features specific to IE 6.0 or later. 23 | #define _WIN32_IE 0x0600 // Change this to the appropriate value to target other versions of IE. 24 | #endif 25 | 26 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers 27 | // Windows Header Files: 28 | #include 29 | 30 | 31 | 32 | // TODO: reference additional headers your program requires here 33 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/hook/HookDll/HookDll.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 头文件 23 | 24 | 25 | 头文件 26 | 27 | 28 | 29 | 30 | 源文件 31 | 32 | 33 | 源文件 34 | 35 | 36 | 源文件 37 | 38 | 39 | -------------------------------------------------------------------------------- /LookKernelInject/drvcommon.h: -------------------------------------------------------------------------------- 1 | /////////////////////////////////////////////////////////////////////////////// 2 | /// 3 | /// Copyright (c) 2011 - 4 | /// 5 | /// Useful macros 6 | /// 7 | /// (File was in the PUBLIC DOMAIN - Created by: ddkwizard\.assarbad\.net) 8 | /////////////////////////////////////////////////////////////////////////////// 9 | 10 | // $Id$ 11 | 12 | #ifndef __DRVCOMMON_H_VERSION__ 13 | #define __DRVCOMMON_H_VERSION__ 100 14 | 15 | #if defined(_MSC_VER) && (_MSC_VER >= 1020) 16 | #pragma once 17 | #endif 18 | 19 | 20 | #define _ANSISTRING(text) #text 21 | #define ANSISTRING(text) _ANSISTRING(text) 22 | 23 | #define _WIDESTRING(text) L##text 24 | #define WIDESTRING(text) _WIDESTRING(text) 25 | 26 | #define PRESET_UNICODE_STRING(symbol, buffer) \ 27 | UNICODE_STRING symbol = \ 28 | { \ 29 | sizeof(WIDESTRING(buffer)) - sizeof(WCHAR), \ 30 | sizeof(WIDESTRING(buffer)), \ 31 | WIDESTRING(buffer) \ 32 | }; 33 | 34 | #define CREATE_XVER(maj,min,build) maj ## , ## min ## , 0, ## build 35 | #define CREATE_FVER(maj,min,build) maj ## . ## min ## .0. ## build 36 | #define CREATE_PVER(maj,min,build) maj ## . ## min 37 | 38 | #if DBG 39 | #ifdef ADVANCED_DEBUG 40 | #define DebugPrint DbgPrint("[%s] %s (line: %d)\n", __##FILE##__, __##FUNCTION##__, __##LINE##__); DbgPrint 41 | #else 42 | #define DebugPrint DbgPrint 43 | #endif 44 | #else 45 | #define DebugPrint /##/DbgPrint 46 | #endif 47 | 48 | #endif // __DRVCOMMON_H_VERSION__ 49 | -------------------------------------------------------------------------------- /WIN64驱动编程基础教程/代码/[6-2]Ring3InlineHookAntiHook/anti-hook/HookZwReadFile/HookDll.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 头文件 23 | 24 | 25 | 头文件 26 | 27 | 28 | 29 | 30 | 源文件 31 | 32 | 33 | 源文件 34 | 35 | 36 | 源文件 37 | 38 | 39 | -------------------------------------------------------------------------------- /5-31/Look-MyHookPort/MyHookPort/drvcommon.h: -------------------------------------------------------------------------------- 1 | /////////////////////////////////////////////////////////////////////////////// 2 | /// 3 | /// Copyright (c) 2013 - 4 | /// 5 | /// Useful macros 6 | /// 7 | /// (File was in the PUBLIC DOMAIN - Created by: ddkwizard\.assarbad\.net) 8 | /////////////////////////////////////////////////////////////////////////////// 9 | 10 | // $Id$ 11 | 12 | #ifndef __DRVCOMMON_H_VERSION__ 13 | #define __DRVCOMMON_H_VERSION__ 100 14 | 15 | #if defined(_MSC_VER) && (_MSC_VER >= 1020) 16 | #pragma once 17 | #endif 18 | 19 | 20 | #define _ANSISTRING(text) #text 21 | #define ANSISTRING(text) _ANSISTRING(text) 22 | 23 | #define _WIDESTRING(text) L##text 24 | #define WIDESTRING(text) _WIDESTRING(text) 25 | 26 | #define PRESET_UNICODE_STRING(symbol, buffer) \ 27 | UNICODE_STRING symbol = \ 28 | { \ 29 | sizeof(WIDESTRING(buffer)) - sizeof(WCHAR), \ 30 | sizeof(WIDESTRING(buffer)), \ 31 | WIDESTRING(buffer) \ 32 | }; 33 | 34 | #define CREATE_XVER(maj,min,build) maj ## , ## min ## , 0, ## build 35 | #define CREATE_FVER(maj,min,build) maj ## . ## min ## .0. ## build 36 | #define CREATE_PVER(maj,min,build) maj ## . ## min 37 | 38 | #if DBG 39 | #ifdef ADVANCED_DEBUG 40 | #define DebugPrint DbgPrint("[%s] %s (line: %d)\n", __##FILE##__, __##FUNCTION##__, __##LINE##__); DbgPrint 41 | #else 42 | #define DebugPrint DbgPrint 43 | #endif 44 | #else 45 | #define DebugPrint /##/DbgPrint 46 | #endif 47 | 48 | #endif // __DRVCOMMON_H_VERSION__ 49 | -------------------------------------------------------------------------------- /5-31/Look-ReloadKernelDriver/ReloadKernelDriver/drvcommon.h: -------------------------------------------------------------------------------- 1 | /////////////////////////////////////////////////////////////////////////////// 2 | /// 3 | /// Copyright (c) 2013 - 4 | /// 5 | /// Useful macros 6 | /// 7 | /// (File was in the PUBLIC DOMAIN - Created by: ddkwizard\.assarbad\.net) 8 | /////////////////////////////////////////////////////////////////////////////// 9 | 10 | // $Id$ 11 | 12 | #ifndef __DRVCOMMON_H_VERSION__ 13 | #define __DRVCOMMON_H_VERSION__ 100 14 | 15 | #if defined(_MSC_VER) && (_MSC_VER >= 1020) 16 | #pragma once 17 | #endif 18 | 19 | 20 | #define _ANSISTRING(text) #text 21 | #define ANSISTRING(text) _ANSISTRING(text) 22 | 23 | #define _WIDESTRING(text) L##text 24 | #define WIDESTRING(text) _WIDESTRING(text) 25 | 26 | #define PRESET_UNICODE_STRING(symbol, buffer) \ 27 | UNICODE_STRING symbol = \ 28 | { \ 29 | sizeof(WIDESTRING(buffer)) - sizeof(WCHAR), \ 30 | sizeof(WIDESTRING(buffer)), \ 31 | WIDESTRING(buffer) \ 32 | }; 33 | 34 | #define CREATE_XVER(maj,min,build) maj ## , ## min ## , 0, ## build 35 | #define CREATE_FVER(maj,min,build) maj ## . ## min ## .0. ## build 36 | #define CREATE_PVER(maj,min,build) maj ## . ## min 37 | 38 | #if DBG 39 | #ifdef ADVANCED_DEBUG 40 | #define DebugPrint DbgPrint("[%s] %s (line: %d)\n", __##FILE##__, __##FUNCTION##__, __##LINE##__); DbgPrint 41 | #else 42 | #define DebugPrint DbgPrint 43 | #endif 44 | #else 45 | #define DebugPrint /##/DbgPrint 46 | #endif 47 | 48 | #endif // __DRVCOMMON_H_VERSION__ 49 | --------------------------------------------------------------------------------