دانلود کتاب Windows Kernel Programming

فهرست مطالب :

Table of Contents
Introduction
Who Should Read This Book
What You Should Know to Use This Book
Book Contents
Sample Code
Chapter 1: Windows Internals Overview
Processes
Virtual Memory
Page States
System Memory
Threads
Thread Stacks
System Services (a.k.a. System Calls)
General System Architecture
Handles and Objects
Object Names
Accessing Existing Objects
Chapter 2: Getting Started with Kernel Development
Installing the Tools
Creating a Driver Project
The DriverEntry and Unload Routines
Deploying the Driver
Simple Tracing
Summary
Chapter 3: Kernel Programming Basics
General Kernel Programming Guidelines
Unhandled Exceptions
Termination
Function Return Values
IRQL
C++ Usage
Testing and Debugging
Debug vs. Release Builds
The Kernel API
Functions and Error Codes
Strings
Dynamic Memory Allocation
Linked Lists
The Driver Object
Object Attributes
Device Objects
Opening Devices Directly
Summary
Chapter 4: Driver from Start to Finish
Introduction
Driver Initialization
Passing Information to the Driver
Client / Driver Communication Protocol
Creating the Device Object
Client Code
The Create and Close Dispatch Routines
The Write Dispatch Routine
Installing and Testing
Summary
Chapter 5: Debugging and Tracing
Debugging Tools for Windows
Introduction to WinDbg
Tutorial: User mode debugging basics
Kernel Debugging
Local Kernel Debugging
Local kernel Debugging Tutorial
Full Kernel Debugging
Using a Virtual Serial Port
Using the Network
Kernel Driver Debugging Tutorial
Asserts and Tracing
Asserts
Extended DbgPrint
Other Debugging Functions
Trace Logging
Viewing ETW Traces
Summary
Chapter 6: Kernel Mechanisms
Interrupt Request Level (IRQL)
Raising and Lowering IRQL
Thread Priorities vs. IRQLs
Deferred Procedure Calls
Using DPC with a Timer
Asynchronous Procedure Calls
Critical Regions and Guarded Regions
Structured Exception Handling
Using __try/__except
Using __try/__finally
Using C++ RAII Instead of __try / __finally
System Crash
Crash Dump Information
Analyzing a Dump File
System Hang
Thread Synchronization
Interlocked Operations
Dispatcher Objects
Mutex
Fast Mutex
Semaphore
Event
Named Events
Executive Resource
High IRQL Synchronization
The Spin Lock
Queued Spin Locks
Work Items
Summary
Chapter 7: The I/O Request Packet
Introduction to IRPs
Device Nodes
IRP Flow
IRP and I/O Stack Location
Viewing IRP Information
Dispatch Routines
Completing a Request
Accessing User Buffers
Buffered I/O
Direct I/O
User Buffers for IRP_MJ_DEVICE_CONTROL
Putting it All Together: The Zero Driver
Using a Precompiled Header
The DriverEntry Routine
The Create and Close Dispatch Routines
The Read Dispatch Routine
The Write Dispatch Routine
Test Application
Read/Write Statistics
Summary
Chapter 8: Advanced Programming Techniques (Part 1)
Driver Created Threads
Memory Management
Pool Allocations
Secure Pools
Overloading the new and delete Operators
Lookaside Lists
The ``Classic\'\' Lookaside API
The Newer Lookaside API
Calling Other Drivers
Putting it All Together: The Melody Driver
Client Code
Invoking System Services
Example: Enumerating Processes
Summary
Chapter 9: Process and Thread Notifications
Process Notifications
Implementing Process Notifications
The DriverEntry Routine
Handling Process Exit Notifications
Handling Process Create Notifications
Providing Data to User Mode
The User Mode Client
Thread Notifications
Image Load Notifications
Final Client Code
Remote Thread Detection
The Detector Client
Summary
Chapter 10: Object and Registry Notifications
Object Notifications
Pre-Operation Callback
Post-Operation Callback
The Process Protector Driver
Object Notification Registration
Managing Protected Processes
The Pre-Callback
The Client Application
Registry Notifications
Registry Overview
Using Registry Notifications
Handling Pre-Notifications
Handling Post-Operations
Extending the SysMon Driver
Handling Registry Callback
Modified Client Code
Performance Considerations
Miscellaenous Notes
Summary
Chapter 11: Advanced Programming Techniques (Part 2)
Timers
Kernel Timers
Timer Resolution
High-Resolution Timers
I/O Timer
Generic Tables
Splay Trees
Tables Sample Driver
Testing the Tables Driver
AVL Trees
Hash Tables
Singly Linked Lists
Sequenced Singly-Linked Lists
Callback Objects
Chapter 12: File System Mini-Filters
Introduction
Loading and Unloading
Initialization
Operations Callback Registration
The Altitude
Installation
Installing the Driver
Processing I/O Operations
Pre Operation Callbacks
Post Operation Callbacks
File Names
File Name Parts
RAII FLT_FILE_NAME_INFORMATION wrapper
The Delete Protector Driver
Handling Pre-Create
Handling Pre-Set Information
DelProtect Configuration
Testing the Modified Driver
The Directory Hiding Driver
Managing Directories
Phase 1: Prevent Access
Phase 2: Making a Directory Invisible
Contexts
Managing Contexts
Initiating I/O Requests
The File Backup Driver
The Post Create Callback
The Pre-Write Callback
The Post-Cleanup Callback
Testing the Driver
Restoring Backups
File Copying with a Section Object
User Mode Communication
Creating the Communication Port
User Mode Connection
Sending and Receiving Messages
Enhanced Backup Driver
The User Mode Client
Debugging
Exercises
Summary
Chapter 13: The Windows Filtering Platform
WFP Overview
The WFP API
User-Mode Examples
Enumerating Objects
Adding Filters
Callout Drivers
Callout Driver Basics
Callout Registration
Demo: Callout Driver
The Driver
Managing Processes
Callout Callbacks
Demo: User-Mode Client
Testing
Debugging
Summary
Chapter 14: Introduction to KMDF
Introduction to WDF
Introduction to KMDF
KMDF Objects
Core Object Types
Object Creation
Context Memory
The Booster KMDF Driver
Driver Initialization
Device I/O Control Handling
The INF File
The Install Sections
Device Installation
The User-Mode Client
Installing and Testing
Registering a Device Class
Summary
Chapter 15: Miscellaneous Topics
Driver Signing
Driver Verifier
Example Driver Verifier Sessions
Filter Drivers
Filter Driver Implementation
Attaching Filters
Attaching Filters at Arbitrary Time
Filter Cleanup
More on Hardware-Based Filter Drivers
Device Monitor
Adding a Device to Filter
Removing a Filter Device
Initialization and Unload
Handling Requests
Testing the Driver
Results of Requests
Driver Hooking
Kernel Libraries
Summary
Appendix: The Kernel Template Library
Standard Library
Synchronization
Memory
Strings
Containers
File System Mini-Filters