Windows Kernel programming-a wonderful problem in header files, and a wonderful Kernel

Windows Kernel programming-a wonderful problem in header files, and a wonderful Kernel
Solution: If you think there is a problem with the header file containing wood, use the WDK build command to compile it. It is likely that you have used the VS 2010 + easy sys environment.


The VS 2010 + easy sys environment contains ke. h. This is the header file used by EPROCESS and ETHREAD on the Internet. errors occur during compilation in this environment. I have to say a word out loud:Mom B, it's hard to make fun of all the games...As shown in this figure:


Solution: Do not call... do not call. You only need to use the WDK compiler BUILD.

In windows programming, which header file in c ++ contains read?

Windows has its own set of file read Operations
The header file is windows. h.
Search for CreateFile using related functions

Windows Kernel Programming Problems

In fact, Windows Kernel programming is not only useful but also commonly used. Many of the software we use every day will undoubtedly use the Windows Kernel programming technology. The most typical is real-time monitoring of anti-virus software. In addition, there are firewalls, virtual optical drives, and 90% drivers. These programs share a common feature. Some of their components are part of Windows and can work for all applications running on Windows.
Therefore, kernel programming applications often bring stronger functions to traditional software and achieve a technological leap.
For example. We often hear that encryption of files can make documents more secure. File encryption does not require any kernel components. We can write an application, read the file, encrypt the data, and then rewrite it into an encrypted file. The same can be true for decryption.
But in fact this does not meet the general user needs. For employees of a company, the "important documents" may be the documents used for daily work. Imagine that he must download the encrypted file from the server every day and then decrypt it with a decryption tool. Then start work with Office. After the work is completed, encrypt it with an encryption tool, upload it, and delete the work document. Not to mention that most of the time the document is stored on the hard disk in the form of decryption, is this workflow acceptable? No one will accept it.
The more user-friendly way is to allow the Office to directly open Encrypted documents. When saved, it is saved as an encrypted document. On the hard disk, this document is always encrypted. And transparent to legal users. For illegal users, only the ciphertext can be seen, and thus cannot be edited or read. Besides Office, there are also all tools that users may use to edit confidential files, such as AutoCAD, Visual Studio, and Photoshop. Can this be implemented? If we cannot modify Office and other work software.
Of course, this can be achieved. Since we have compiled a Windows Kernel Program, of course we can make the Windows File System read files from the hard disk and perform special decryption on specific processes. When these software reads data, they read normal data. This process works the same way as real-time virus scanning by using a file filter driver. This is the transparent file encryption technology that readers may have heard.
In the same series of "Hanjiang standalone fishing-Windows Kernel programming and information security" (to be published next year) as the book "day-night reading: from assembly language to Windows Kernel programming, kernel programming related to keyboard filtering, hard disk filtering, file filtering, and network filtering are described in detail and examples.
Another feature of kernel programming is that the Code runs at level R0. R0 level is the highest level of privilege. Has full control over the CPU. This is very suitable for some security software, of course, also suitable for the destruction of the work. Because kernel programs have the highest (Root) permissions, such technology is called rootkit Technology in the security (or destruction) field. Rootkit is currently one of the most popular security technologies.
Many viruses use rootkit Technology. Used to hide virus files, steal passwords, and send attack packets. Rootkit virus infection is extremely difficult to clear, and prevention before infection is the most effective way.
The Windows Kernel does not have open source code. However, MS provides the Windows Kernel Program Development Kit WDK. WDK is mainly used to develop drivers. The drivers are basically kernel programs. The header file and some source code provided by WDK are actually part of the Windows Kernel code. Code of some drivers (such as FAT32 file systems) is completely public. We can also see the code style of the Windows Kernel developer here. At the same time, Microsoft also provides symbol tables of all Windows versions for researchers to download online. It also provides a powerful debugger, WinDbg. With these, you can easily debug the Windows kernel. Whether it's the part of your own code or written by Windows Kernel developers. Although we can see the assembly language, but the function... the rest of the full text>