After reading "Han Jiang standalone fishing-Windows Kernel security programming"
Most computer users working in windows have urgent requirements and desires to understand the internal mechanism of windows, however, Windows is a complex operating system that complies with commercial software licensing. For a long time, the core code has been kept confidential by Microsoft, therefore, the internal mechanism of Windows has been shrouded in a mysterious halo, which makes it difficult to learn the internal mechanism of Windows OS.
In general, to become familiar with the internal mechanism of windows, we need strong disassembly capabilities in the past. Experts have accumulated experience in the development of Windows internal disassembly. Combine the DDK/wdk Development Kit and help documentation provided by Microsoft for kernel development, and some books related to driver development to cultivate your skills.
Unfortunately, even if a beginner with all these conditions is diligent and patient, it will take at least a year to work on complex Kernel projects. Nowadays, due to the deep development of network, many software projects have to consider security as an important function. The security of Windows information system is closely related to the operating system kernel, many system security work is inseparable from kernel-related development. In view of the objective difficulty of kernel development on Windows, the development cycle of many security projects is measured in N years. Many of the core technical difficulties are not disclosed.
In the OSR forum for many years, driverdevelop and debugman in China have been widely asked and discussed. However, there is seldom a complete solution, which leads to a long-term mystery of the core security technology, and the participants are blocked to some extent due to many difficult factors, many developers have Windows kernel development, and the company is also troubled by these uncertainties that make it difficult to determine the progress of the driver kernel development project.
The recently published hot book "Hanjiang standalone fishing-Windows Kernel security programming" is another masterpiece of the best-selling author, such as Chu madman. The author explains and analyzes a wide range of hot issues in kernel-driven development. This includes the most popular topics such as network game protection, transparent encryption, anti-virus drive, system restoration, and host network firewall. Each of these topics can be described in a book. The unique feature of "Hanjiang standalone fishing" is to take difficult breakthroughs on such complex topics, assist in the scientific method of high-quality code speech, and introduce the content in the topic. By reading the content in the book (many of the content is the skills and experience that have not been introduced in other public documents and books), learners can compile and test the code on a CD, the content in the code can be a solid foundation for you to start these advanced topics, allowing you to reduce the kernel development difficulty curve by a relatively flat route laid by the author.
For me, I am more interested in transparent encryption. I feel that the author has made the most outstanding in this book. I have introduced in detail the encryption marks that have never been made public at home and abroad, this is the technical bottleneck that transparent encryption researchers cannot go around, leading to countless heroes. The author's text introduction, along with the code, makes it easy to pass the encryption mark. Of course, the author also gives a clear description of the complete process related to transparent encryption, common practices like distinguishing processes, memory ing and File Buffer file encryption table operations, querying, adding, and deleting encrypted identifiers, and how to solve repeated access. Finally, this article introduces the encryption, decryption IRP processing process, and basically the whole process. With these key technologies, readers can start their own technical research on the tide of transparent file encryption technology. You can focus on the encryption of winword compound documents, compatibility with anti-virus software, and encryption algorithms (such as AES, Des, and so on) based on notepad encryption) in the study of commercial stability and performance, we can make commercial-level transparent products in this process, all thanks to the technical secrets provided by the author.
The introduction of the file system filter driver and the micro-filter driver is also a lot of content used in kernel security programming, at the same time, the file system filter driver and the micro-filter driver are also the technical skeleton and infrastructure of transparent encryption. The author's introduction to this content also makes the entire file system-class security kernel programming map more organic. Of course, the author's file code contains a lot of basic technical content due to the limited length of the book, we recommend that you use rejeev nargar's <Windows File System internals> (driver development network name <Windows NT file system driver development guide>) ifs help, OSR forum article, looking for more details to enrich your understanding.
For other chapters in this book, such as disk filtering, the author introduces restoration systems similar to the video subsystem. This is also a hot topic in kernel driver research in recent years, reducing the difficulty and cost of administrator management and maintenance in Internet cafes and enterprises is of great significance to understand the virus infection problems in the public environment to a certain extent. NDIS, TDI network-related drivers, the author has also used a large number of chapters, these technologies can be used in the network host firewall, arpfirewall, VPN and other security applications, if you are interested in these technologies, please read the following for more information.
"Disc" virtual optical drive software developer-Wanchun