Windows kernel Security and driver development

this is a computer. Windows Mobile/symbian class of high-quality pre-sale recommendation " Windows kernel Security and driver development ".

Editor's recommendation

This book is suitable for computer security software practitioners, computer-related professional college students and have a certain C language and operating system basic knowledge of programming enthusiasts to read.

Content Introduction

The book's predecessor is the Heavenly Bible Night Reading-- From assembly language to Windows kernel programming and--windows kernel security programming for cold river fishing. Driver development related to Windows Client Security software development is the subject of this book. The program usage environment in the book is from 32 to 64 bits, from Windows XP to Windows 8, and most programs run on Windows 10 without modification. At the same time, this book also introduces the basic knowledge of operating system, compiling and so on for kernel security programming.
This book is divided into three articles, the basic part of the driving development of the basic knowledge, reduce the difficulty of entry, development of the actual work may encounter a variety of development needs of the technical implementation, including: Serial port filtering, keyboard filtering, disk virtual, disk filtering, File system filtering and monitoring, file system transparent encryption, file system micro-filtering drive, network transport layer filtering, Windows Filtering platform, NDIS protocol driver, NDIS small port driver, NDIS Middle-tier driver, IA-32 compilation base, memory address in IA-32 system, Processor permission level switching, interrupts in the IA-32 architecture, and Windows kernel hooks; The advanced chapter contains content related to assembly language, operating system principles, and processor architectures. This book is written by the engineers who have been engaged in this industry for a long time, so it is always practical. The refinement of detail is mainly reflected in the solution to the practical problem, not on the level of knowledge.  

Partial catalogs

Basic Article

1th. Core Machine Guidance 2
1.1 Downloading and using the WDK 2
1.1.1 Downloading and installing the WDK 2
1.1.2 Writing the first C file 4
1.1.3 Compiling a project 5
1.2 Installation and Operation 6
1.2.1 Download an installation tool 6
1.2.2 Running and viewing output information 7
1.2.3 running in a virtual machine 8
1.3 Debugging Kernel Modules 9
1.3.1 Download and install WinDbg 9
1.3.2 Setting up Windows XP Debug Execution 9
1.3.3 Set Vista debug Execution
1.3.4 set up VMware's Pipeline virtual serial port one by one
1.3.5 Setting the Windows kernel symbol table
1.3.6 Practical Commissioning First
2nd Chapter Kernel Programming environment and its particularity
2.1 Core Programming environment

2.1.1 Isolated Applications 16
2.1.2 Shared kernel Space 17
2.1.3 Ubiquitous kernel modules 18
2.2 Data Type 19
2.2.1 Basic data Type 19
2.2.2 Return Status 19
2.2.3 String 20
2.3 Important Data Structures 21
2.3.1 Drive Object 21
2.3.2 Device Object 22
2.3.3 Request 24
2.4 Function Call 25
2.4.1 Check Help 25
Some of the types of functions in 2.4.2 Help 26
2.4.3 functions not in the Help 28
2.5 Driver development model for Windows 29
2.6 Special points in WDK programming 30
2.6.1 main call source for kernel programming 30
Multithreading security for 2.6.2 functions 30
Interrupt level for 2.6.3 code 32
Special code 32 appearing in the 2.6.4 WDK
The 3rd chapter string and the linked list 35
3.1 String Manipulation 35
3.1.1 Using a string structure 35
3.1.2 Initialization of a string 36
3.1.3 Copy of String 37
3.1.4 Connection of Strings 38
3.1.5 Printing of Strings 38
3.2 Memory and linked list 40
3.2.1 Allocation and release of memory 40
3.2.2 Using List_entry 41
3.2.3 using long-length integer data 43
3.3 Spin Lock 44
3.3.1 Using spin lock 44
3.3.2 using a spin lock in a doubly linked list 45
3.3.3 using a queue spin lock to improve performance 46
4th chapter file, registry, thread 47
4.1 File Operations 47
4.1.1 Using Object_attributes 47
4.1.2 Opening and closing a file 48
4.1.3 file read/write Operations 51
4.2 Registry Actions 53
4.2.1 Open registry key 53
4.2.2 Read 55 of registry key values
4.2.3 registry Key-value write 57
4.3 Time and Timer 58
4.3.1 Gets the current tick count 58
4.3.2 Get current system time 58
4.3.3 Using Timers 59
4.4 Threads and Events 62
4.4.1 Using System Threads 62
4.4.2 sleeping in the thread 63
4.4.3 using synchronization Events 64
5th application and Kernel communication 67
5.1 Kernel-side programming 68
5.1.1 Generating Control Devices 68
5.1.2 control device name and symbolic links 70
5.1.3 Control device Removal 71
5.1.4 Distribution Function 72
Processing of 5.1.5 Requests 73
5.2 Application-related programming 74
5.2.1 Basic Functional Requirements 74
5.2.2 turning the device on and off in the application 75
5.2.3 Device Control Request 75
5.2.4 processing in the kernel 77
5.2.5 Combined Test Effect 79
5.3 Blocking, waiting and security design 80
5.3.1 Drive Active Notification Application 80
5.3.2 Test of communication Interface 81
5.3.3 buffer linked list structure in the kernel 83
5.3.4 Input: Security check in request processing in the kernel 84
5.3.5 output processing and offload cleanup 85
6th 64-bit and 32-bit kernel development differences 88
6.1 64-bit system new mechanism 88
6.1.1 WOW64 Subsystem 88
6.1.2 PatchGuard Technology 91
6.1.3 64-bit driver compilation, installation and Operation 91
6.2 Programming Differences 92
6.2.1 Compilation Embedding Change 92
6.2.2 Preprocessing and conditional compilation 93
6.2.3 Data Structure Adjustment 93 development articles and so on ...

Nest website Pre-sale of the book, purchase portal click Open Link

Windows kernel Security and driver development