The course is divided into four major chapters:? 1, beginner, 2, intermediate, 3, Advanced, 4, Senior
Beginner's article
1, vs2003/2008/vc6.0 compiler driver
A, VS2003 Drive compilation environment configuration
B, VS2003 integrated environment to compile a simple drive
2. Create an uninstall routine
A. Understanding the structure of pdriver_object
B, unload routine callback function construction
C, view the Unload routine debugging information
3. Adding device Routines
A, recognize the driving object Driver_object
B, recognize the device object Device_object
C. Adding a routine to create a device
D. View drive and drive equipment with tools
4. Adding a Delete device routine
A. Remove Symbolic Links
B. Remove the device
C. Test Unload Routines
5. Create a dispatch function routine?
A, what is an IRP
B, a simple IRP processing function
C, using the IRP dispatch function to implement the communication between the driver and the application program
6, two-machine debugging settings
A, general Settings
B, Tool assistance configuration
7. Manually loading NT-type drive
? A, enter the load driver's registry
B. Manually run the drive
C, manual Stop Drive
D, auto-start drive
Intermediate article
8, NT-type drive installation
A, OpenSCManager
B, CreateService
C, OpenService
D, StartService
E, Closeservicehandle
9, NT-driven Uninstall
A. Unloading the drive flow
B, DeleteService
C, ControlService
D. Building Unloadsys Functions
E, Virtual machine testing
10, the memory management in the drive
A, physical memory
B, virtual memory
C, RING0 address and RING3 address
D, paging and non-paged memory
11. Memory Operation related Kernel API
A, Rtlcopymemory, Rtlcopybytes, RtlMoveMemory
C, RtlZeroMemory, rtlfillmemory
D, Rtlequalmemory
E, ExAllocatePool and Exfreepool
F, overloaded new and delete operators
12. Understanding linked list structure (EXE)
A, linked list structure
B, the initialization of the list
C. Inserting data into a linked list
D, the traversal of the linked list
13. Use the linked list (SYS) in the drive
A, the initialization of the list
B. Inserting data into a linked list (node)
C, the traversal of the linked list
D, Virtual machine testing
14. Abnormal handling under Drive
A, exception handling try-except
B. Assertions
Advanced article
15, drive the game protection basic Knowledge point
A. Understanding the SSDT structure
B. Gets the current function address by the SSDT index number (16 lessons)???????
C, get the Origin address (17 lessons)
D. How to write your own code to the kernel address
16. Read the current function address of SSDT table
A, reference keservicedescriptortable table
B. Read the current function address by servicetablebase+ offset
C, test Read the value
17. read out SSDT table original function address?
A, mmgetsystemroutineaddress
B, writing getoriginaddr function
C, Virtual machine testing
18. Write code to the specified address (5 bytes before the hook-of Ntopenprocess Bypass)
A, jmp address translation
B, remove recovery page protection
C, write code bypass protection
19. Self-write drive protection
A. Build your own kernel function myopenprocess
Construction of C, Hook and unhook functions
D. Modify EXE and SYS code for protection
E, test results
20. String manipulation
A, ASCII strings, and Unicode strings
B, ansi_string strings and unicode_string strings
C, initialization and destruction of strings
D, string copying, comparison, case/integer/String conversion
E, ansi_string strings and unicode_string strings convert each other
21. File operation
A, the creation of files
B, open the file
C. Get and modify file properties
D. write files and read files
22. IAT Hook Programming
A. Initial knowledge of IAT
B, IAT table related structure
C. Read the IAT entry
D, write code test analysis??
E, HOOK IAT
F, test analysis
23. Application Layer Inline HOOK
A, InLine HOOK principle Analysis
B, InLine HOOK code writing
C, InLine HOOK code test
24. Shadow SSDT HOOK
A, Shadow SSDT table base Location
B. Shadow SSDT Table Structure
C, Shadow SSDT HOOK
25, the User Layer API function protection (OD can not be broken down)
A, analysis API function principle
B, self-write API functions
C, sysenter directive
D, hard-coded _emit
E, analog FindWindow function?
26, IDT hook anti-interrupt debugging
A, example demonstration
B. Replace the IDT processing function
D, IDT Hook code writing
E, test results
Advanced article
27. Protection analysis of underground city and Warriors
A, locating characteristic code function findcode_address construction
B, positioning Ntopenthread
C, positioning ntopenprocess
D, positioning ntreadvirtualmemory
E, positioning ntwritevirtualmemory
The difference between the F, call and JMP directives
G, build the corresponding replacement function
28. Protection analysis of underground city and Warriors
29, Dungeon and Warrior protection analysis-debugport zeroing
If water software forum over game-driven Protection video tutorial ziyuan.woyaoxueit.com
If water software forum over game-driven Protection video tutorial