Windows Kernel Programming pdf epub mobi txt 电子书 下载 2025
出版者:CreateSpace Independent Publishing Platform
作者:Pavel Yosifovich
出品人:
页数:398
译者:
出版时间:2019-6-7
价格:45.95
装帧:平装
isbn号码:9781977593375
丛书系列:
图书标签:
- windows
- api
- BooksPDF
- Windows内核
- 内核编程
- 驱动开发
- 系统编程
- Windows
- 底层技术
- C语言
- 调试
- 安全
- 架构
下载链接在页面底部
具体描述
There is nothing like the power of the kernel in Windows - but how do you write kernel drivers to take advantage of that power? This book will show you how.The book describes software kernel drivers programming for Windows. These drivers don't deal with hardware, but rather with the system itself: processes, threads, modules, registry and more. Kernel code can be used for monitoring important events, preventing some from occurring if needed. Various filters can be written that can intercept calls that a driver may be interested in.
作者简介
Pavel is a developer, trainer, author, and speaker. Pavel loves all things software and still sometimes misses his old Commodore 64. He's also a PluralSight author and a former MVP.
目录信息
Chapter 1: Windows Internals Overview
Processes
Virtual Memory
Page States
System Memory
Threads
Thread Stacks
System Services (a.k.a. System Calls)
General System Architecture
Handles and Objects
Object Names
Accessing Existing Objects
Chapter 2: Getting Started with Kernel Development
Installing the Tools
Creating a Driver Project
The DriverEntry and Unload Routines
Deploying the Driver
Simple Tracing
Exercises
Summary
Chapter 3: Kernel Programming Basics
General Kernel Programming Guidelines
Unhandled Exceptions
Termination
Function Return Values
IRQL
C++ Usage
Testing and Debugging
Debug vs. Release Builds
The Kernel API
Functions and Error Codes
Strings
Dynamic Memory Allocation
Lists
The Driver Object
Device Objects
Summary
Chapter 4: Driver from Start to Finish
Introduction
Driver Initialization
Passing Information to the Driver
Client / Driver Communication Protocol
Creating the Device Object
Client Code
The Create and Close Dispatch Routines
The DeviceIoControl Dispatch Routine
Installing and Testing
Summary
Chapter 5: Debugging
Debugging Tools for Windows
Introduction to WinDbg
Tutorial: User mode debugging basics
Kernel Debugging
Local Kernel Debugging
Local kernel Debugging Tutorial
Full Kernel Debugging
Configuring the Target
Configuring the Host
Kernel Driver Debugging Tutorial
Summary
Chapter 6: Kernel Mechanisms
Interrupt Request Level
Raising and Lowering IRQL
Thread Priorities vs. IRQLs
Deferred Procedure Calls
Using DPC with a Timer
Asynchronous Procedure Calls
Critical Regions and Guarded Regions
Structured Exception Handling
Using __try/__except
Using __try/__finally
Using C++ RAII Instead of __try / __finally
System Crash
Crash Dump Information
Analyzing a Dump File
System Hang
Thread Synchronization
Interlocked Operations
Dispatcher Objects
Mutex
Fast Mutex
Semaphore
Event
Executive Resource
High IRQL Synchronization
The Spin Lock
Work Items
Summary
Chapter 7: The I/O Request Packet
Introduction to IRPs
Device Nodes
IRP Flow
IRP and I/O Stack Location
Viewing IRP Information
Dispatch Routines
Completing a Request
Accessing User Buffers
Buffered I/O
Direct I/O
User Buffers for IRP_MJ_DEVICE_CONTROL
Putting it All Together: The Zero Driver
Using a Precompiled Header
The DriverEntry Routine
The Read Dispatch Routine
The Write Dispatch Routine
Test Application
Summary
Chapter 8: Process and Thread Notifications
Process Notifications
Implementing Process Notifications
The DriverEntry Routine
Handling Process Exit Notifications
Handling Process Create Notifications
Providing Data to User Mode
The User Mode Client
Thread Notifications
Image Load Notifications
Exercises
Summary
Chapter 9: Object and Registry Notifications
Object Notifications
Pre-Operation Callback
Post-Operation Callback
The Process Protector Driver
Object Notification Registration
Managing Protected Processes
The Pre-Callback
The Client Application
Registry Notifications
Handling Pre-Notifications
Handling Post-Operations
Performance Considerations
Implementing Registry Notifications
Handling Registry Callback
Modified Client Code
Exercises
Summary
Chapter 10: Introduction to File System Mini-Filters
Introduction
Loading and Unloading
Initialization
Operations Callback Registration
The Altitude
Installation
INF Files
Installing the Driver
Processing I/O Operations
Pre Operation Callbacks
Post Operation Callbacks
The Delete Protector Driver
Handling Pre-Create
Handling Pre-Set Information
Some Refactoring
Generalizing the Driver
Testing the Modified Driver
File Names
File Name Parts
RAII FLT_FILE_NAME_INFORMATION wrapper
The Alternate Delete Protector Driver
Handling Pre-Create and Pre-Set Information
Testing the Driver
Contexts
Managing Contexts
Initiating I/O Requests
The File Backup Driver
The Post Create Callback
The Pre-Write Callback
The Post-Cleanup Callback
Testing the Driver
Restoring Backups
User Mode Communication
Creating the Communication Port
User Mode Connection
Sending and Receiving Messages
Enhanced File Backup Driver
The User Mode Client
Debugging
Exercises
Summary
Chapter 11: Miscellaneous Topics
Driver Signing
Driver Verifier
Example Driver Verifier Sessions
Using the Native API
Filter Drivers
Filter Driver Implementation
Attaching Filters
Attaching Filters at Arbitrary Time
Filter Cleanup
More on Hardware-Based Filter Drivers
Device Monitor
Adding a Device to Filter
Removing a Filter Device
Initialization and Unload
Handling Requests
Testing the Driver
Results of Requests
Driver Hooking
Kernel Libraries
Summary
· · · · · · (收起)
Processes
Virtual Memory
Page States
System Memory
Threads
Thread Stacks
System Services (a.k.a. System Calls)
General System Architecture
Handles and Objects
Object Names
Accessing Existing Objects
Chapter 2: Getting Started with Kernel Development
Installing the Tools
Creating a Driver Project
The DriverEntry and Unload Routines
Deploying the Driver
Simple Tracing
Exercises
Summary
Chapter 3: Kernel Programming Basics
General Kernel Programming Guidelines
Unhandled Exceptions
Termination
Function Return Values
IRQL
C++ Usage
Testing and Debugging
Debug vs. Release Builds
The Kernel API
Functions and Error Codes
Strings
Dynamic Memory Allocation
Lists
The Driver Object
Device Objects
Summary
Chapter 4: Driver from Start to Finish
Introduction
Driver Initialization
Passing Information to the Driver
Client / Driver Communication Protocol
Creating the Device Object
Client Code
The Create and Close Dispatch Routines
The DeviceIoControl Dispatch Routine
Installing and Testing
Summary
Chapter 5: Debugging
Debugging Tools for Windows
Introduction to WinDbg
Tutorial: User mode debugging basics
Kernel Debugging
Local Kernel Debugging
Local kernel Debugging Tutorial
Full Kernel Debugging
Configuring the Target
Configuring the Host
Kernel Driver Debugging Tutorial
Summary
Chapter 6: Kernel Mechanisms
Interrupt Request Level
Raising and Lowering IRQL
Thread Priorities vs. IRQLs
Deferred Procedure Calls
Using DPC with a Timer
Asynchronous Procedure Calls
Critical Regions and Guarded Regions
Structured Exception Handling
Using __try/__except
Using __try/__finally
Using C++ RAII Instead of __try / __finally
System Crash
Crash Dump Information
Analyzing a Dump File
System Hang
Thread Synchronization
Interlocked Operations
Dispatcher Objects
Mutex
Fast Mutex
Semaphore
Event
Executive Resource
High IRQL Synchronization
The Spin Lock
Work Items
Summary
Chapter 7: The I/O Request Packet
Introduction to IRPs
Device Nodes
IRP Flow
IRP and I/O Stack Location
Viewing IRP Information
Dispatch Routines
Completing a Request
Accessing User Buffers
Buffered I/O
Direct I/O
User Buffers for IRP_MJ_DEVICE_CONTROL
Putting it All Together: The Zero Driver
Using a Precompiled Header
The DriverEntry Routine
The Read Dispatch Routine
The Write Dispatch Routine
Test Application
Summary
Chapter 8: Process and Thread Notifications
Process Notifications
Implementing Process Notifications
The DriverEntry Routine
Handling Process Exit Notifications
Handling Process Create Notifications
Providing Data to User Mode
The User Mode Client
Thread Notifications
Image Load Notifications
Exercises
Summary
Chapter 9: Object and Registry Notifications
Object Notifications
Pre-Operation Callback
Post-Operation Callback
The Process Protector Driver
Object Notification Registration
Managing Protected Processes
The Pre-Callback
The Client Application
Registry Notifications
Handling Pre-Notifications
Handling Post-Operations
Performance Considerations
Implementing Registry Notifications
Handling Registry Callback
Modified Client Code
Exercises
Summary
Chapter 10: Introduction to File System Mini-Filters
Introduction
Loading and Unloading
Initialization
Operations Callback Registration
The Altitude
Installation
INF Files
Installing the Driver
Processing I/O Operations
Pre Operation Callbacks
Post Operation Callbacks
The Delete Protector Driver
Handling Pre-Create
Handling Pre-Set Information
Some Refactoring
Generalizing the Driver
Testing the Modified Driver
File Names
File Name Parts
RAII FLT_FILE_NAME_INFORMATION wrapper
The Alternate Delete Protector Driver
Handling Pre-Create and Pre-Set Information
Testing the Driver
Contexts
Managing Contexts
Initiating I/O Requests
The File Backup Driver
The Post Create Callback
The Pre-Write Callback
The Post-Cleanup Callback
Testing the Driver
Restoring Backups
User Mode Communication
Creating the Communication Port
User Mode Connection
Sending and Receiving Messages
Enhanced File Backup Driver
The User Mode Client
Debugging
Exercises
Summary
Chapter 11: Miscellaneous Topics
Driver Signing
Driver Verifier
Example Driver Verifier Sessions
Using the Native API
Filter Drivers
Filter Driver Implementation
Attaching Filters
Attaching Filters at Arbitrary Time
Filter Cleanup
More on Hardware-Based Filter Drivers
Device Monitor
Adding a Device to Filter
Removing a Filter Device
Initialization and Unload
Handling Requests
Testing the Driver
Results of Requests
Driver Hooking
Kernel Libraries
Summary
· · · · · · (收起)
读后感
评分
评分
评分
评分
评分
用户评价
评分
评分
评分
评分
评分
相关图书
本站所有内容均为互联网搜索引擎提供的公开搜索信息,本站不存储任何数据与内容,任何内容与数据均与本站无关,如有需要请联系相关搜索引擎包括但不限于百度,google,bing,sogou 等
© 2025 book.quotespace.org All Rights Reserved. 小美书屋 版权所有