-
-
[分享]什么是系统回调、DPC、过滤驱动等
-
发表于:
2014-9-21 13:27
4433
-
系统回调
指当指定函数触发时由系统执行用户编写的函数,以便实现指定功能,参考内容传送门:
948K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2U0M7$3c8F1i4K6u0W2L8X3g2@1i4K6u0r3M7X3g2V1j5$3S2S2K9i4u0E0j5h3&6Q4x3V1k6S2M7Y4c8A6j5$3I4W2i4K6u0r3k6r3g2@1j5h3W2D9M7#2)9J5c8U0j5#2x3K6x3@1y4e0t1`.
DPC
指延迟过程调用(Deferred Procedure Call),是Windows操作系统中的一种中断调用机制。相关参考治疗如下:
76eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2U0M7$3c8F1i4K6u0W2L8X3g2@1i4K6u0r3K9h3#2I4N6h3g2K6N6r3W2G2L8W2)9J5c8X3q4J5N6r3W2U0L8r3g2Q4x3V1k6V1k6i4c8S2K9h3I4K6i4K6u0r3x3e0t1^5y4U0j5@1x3b7`.`.
过滤驱动
可以修改已有驱动的功能,也可以对数据进行过滤加密。WDM驱动需要通过注册表记录指定加裁的过滤驱动,OS会读取这些值完成加载,其可以是高层过滤,也可以是低层过滤。参考资料:
0dfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6W2L8X3E0#2i4K6u0W2j5X3q4A6k6s2g2Q4x3X3g2U0L8$3#2Q4x3V1k6$3K9h3g2%4i4K6u0r3x3e0M7J5x3U0t1&6j5X3u0X3k6o6m8S2y4K6V1#2y4U0y4U0x3h3f1%4x3X3f1%4i4K6u0W2K9s2c8E0L8l9`.`.
线程池和工作线程队列
e21K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8G2j5K6R3^5i4K6u0W2j5$3!0E0i4K6u0r3M7q4)9J5k6o6t1^5x3e0j5H3y4o6p5I4x3o6p5I4y4#2)9J5k6h3S2@1L8h3H3`.
HAL回调
HAL介绍:
c6bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6W2L8X3E0#2i4K6u0W2j5X3q4A6k6s2g2Q4x3X3g2U0L8$3#2Q4x3V1k6$3K9h3g2%4i4K6u0r3x3X3f1#2y4$3u0T1k6U0m8X3y4U0q4X3j5U0M7K6y4U0m8T1y4r3x3$3y4e0V1K6i4K6u0W2K9s2c8E0L8l9`.`.
hal回调说明
504K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2U0K9r3W2F1j5i4g2F1K9i4S2Q4x3X3g2F1k6i4c8Q4x3V1k6#2K9h3c8Q4x3X3b7J5y4e0f1%4x3o6M7@1z5q4)9J5k6r3W2V1i4K6u0V1x3e0R3@1x3o6V1H3i4K6u0W2K9s2c8E0L8l9`.`.
SSDT(System Services Descriptor Table),系统服务描述符表
fc7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0S2K9h3E0W2i4K6u0W2M7$3!0Q4x3X3g2U0L8$3#2Q4x3V1k6V1L8$3y4Q4x3V1j5I4y4U0R3%4x3K6g2Q4x3X3g2Z5N6r3#2D9
shadowssdt
shadow ssdt学习笔记
8dcK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8W2k6r3W2&6i4K6u0W2j5$3!0E0i4K6u0r3K9%4y4K6k6q4)9J5c8Y4m8W2k6r3W2&6x3o6W2Q4x3V1k6H3k6h3c8A6P5e0l9&6i4K6u0V1x3K6f1H3i4K6u0W2K9s2c8E0
fsd File System Driver文件系统驱动程序,分为本地FSD和远程FSD。
内核钩子
Rootkit技术之内核钩子原理传送门:
1c7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6e0u0U0N6r3!0Q4x3X3g2U0L8$3#2Q4x3V1k6m8M7Y4c8A6j5$3I4W2i4K6u0r3x3U0l9H3z5o6l9@1i4K6u0r3x3U0f1I4x3K6k6Q4x3X3g2Z5N6r3#2D9
object钩子
510K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2U0M7$3c8F1i4K6u0W2L8X3g2@1i4K6u0r3N6$3S2S2N6r3c8S2P5g2)9J5c8X3q4J5N6r3W2U0L8r3g2Q4x3V1k6V1k6i4c8S2K9h3I4K6i4K6u0r3x3e0x3&6z5o6p5^5z5o6f1`.
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
