• 博客访问: 32572
  • 博文数量: 41
  • 用 户 组: 普通用户
  • 注册时间: 1970-01-01 08:00
个人简介

鏆傛棤浠嬬粛

ITPUB论坛APP

ITPUB论坛APP



APP发帖 享双倍积分

文章分类

全部博文(41)

文章存档

2007年(6)

2006年(22)

2005年(13)

我的朋友
最近访客
微信关注

IT168企业级官微



微信号:IT168qiye



系统架构师大会



微信号:SACC2013

发布时间:2006-12-01 11:53:37

lkd> dt _IRP Tail.. +0x040 Tail : +0x000 Overlay : // !thread .... .... IRP List: 86873d90: (0006,0094) Flags: 00000070 Mdl: 00000000[@more@]lkd> dt _IRP Tail.. +0x040 Tail : +0x000 Overlay : // !thread .... .... IRP List: 86873d90: (0006,0094) Flags: 00000070 Mdl: 00000000// +0x000 DeviceQueueEntry : _KDEVICE_QUEUE_ENTRY --->线程的IRP列表 +0x000 DriverContext : [4] Ptr32 Void +0x010 T......【阅读全文】

阅读(973) | 评论(0) | 转发(0)

发布时间:2006-12-01 11:22:42

公文包的跟踪[@more@]Registry:"SoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{AEB6717E-7E19-11d0-97EE-00C04FD91972}CLSID{AEB6717E-7E19-11d0-97EE-00C04FD91972}InProcServer32 ->LoadWithoutCOMSHELL32!CShellExecute::_TryHooks:call SHELL32!TryShellExecuteHooks SHELL32!UEMIsLoaded: "ole32.dll""browseui.dll""SoftwareMicrosoftWindowsCurrentVersionExplorer" -->"MaximizeApps""SoftwareMicrosoftWindowsCurrentVersionExplorerShellExec......【阅读全文】

阅读(1405) | 评论(0) | 转发(0)

发布时间:2006-11-30 17:51:01

IOCTL_DISK_GET_DRIVE_GEOMETRY :70000 IOCTL_DISK_GET_PARTITION_INFO :74004 IOCTL_DISK_SET_PARTITION_INFO :7C008 IOCTL_DISK_GET_DRIVE_LAYOUT :7400C IOCTL_DISK_SET_DRIVE_LAYOUT :7C010 IOCTL_DISK_VERIFY :70014 IOCTL_DISK_FORMAT_TRACKS :7C018 IOCTL_DISK_REASSIGN_BLOCKS :7C01C IOCTL_DISK_PERFORMANCE :70020 IOCTL_DISK_IS_WRITABLE :70024 IOCTL_DISK_LOGGING :70028 IOCTL_DISK_FORMAT_TRACKS_EX :7C02C IOCTL_DISK_HISTOGRAM......【阅读全文】

阅读(1349) | 评论(0) | 转发(0)

发布时间:2006-11-30 17:25:40

IO操作码. IOCTL_STORAGE_CHECK_VERIFY :2D4800 IOCTL_STORAGE_CHECK_VERIFY2 :2D0800 IOCTL_STORAGE_MEDIA_REMOVAL :2D4804 IOCTL_STORAGE_EJECT_MEDIA :2D4808 IOCTL_STORAGE_LOAD_MEDIA :2D480C IOCTL_STORAGE_LOAD_MEDIA2 :2D080C IOCTL_STORAGE_RESERVE :2D4810 IOCTL_STORAGE_RELEASE :2D4814 IOCTL_STORAGE_FIND_NEW_DEVICES :2D4818 IOCTL_STORAGE_EJECTION_CONTROL :2D0940 IOCTL_STORAGE_MCN_C......【阅读全文】

阅读(11536) | 评论(0) | 转发(0)

发布时间:2006-11-30 17:10:43

ZwFsControlFile有关于NTIFS.h里列出的FSCTL的控制码,包括管道,邮槽的操作,还有一些其及操作. 备忘. FSCTL_REQUEST_OPLOCK_LEVEL_1 :90000FSCTL_REQUEST_OPLOCK_LEVEL_2 :90004FSCTL_REQUEST_BATCH_OPLOCK :90008FSCTL_OPLOCK_BREAK_ACKNOWLEDGE :9000CFSCTL_OPBATCH_ACK_CLOSE_PENDING :90010FSCTL_OPLOCK_BREAK_NOTIFY :90014FSCTL_LOCK_VOLUME :90018FSCTL_UNLOCK_VOLUME :9001CFSCTL_DISMOUNT_VOLUME :90020FSCTL_IS_VOLUME_MOUNTED :90028FSCTL_IS_PATHNAME_VALID :9002CFSCTL_MARK_VOLUME_DIRTY :90030FSCTL_QUERY_RETRIEVAL_POINTE......【阅读全文】

阅读(1921) | 评论(0) | 转发(0)
给主人留下些什么吧!~~
留言热议
请登录后留言。

登录 注册