ÔÙ̸Windows NT/2000ÄÚ²¿Êý¾Ý½á¹¹

• ÏÖÔÚÎÒÃǽáºÏRegmon(www.sysinternals.com)ÔÚNTÖеÄʵÏÖ·½·¨ÔÙÀ´Ì¸Ì¸Windows NT/2000ÄÚ²¿Êý¾Ý½á¹¹¡£
  
  RegmonÊǼàÊÓÓ¦ÓóÌÐò·ÃÎÊϵͳע²á±íµÄʵÓóÌÐò¡£´ó¼Ò¶¼ÖªµÀÔÚÓ¦ÓóÌÐòÖÐʹÓÃ×¢²á±íÒ»°ã¶¼µ÷ÓÃWinAPI Regxxx£¬¶øRegxxx×îÖÕ»áµ÷ÓÃNative API Zwxxx!(²ÎÔÄWindows NT/2000 DDK Documentation)¡£RegmonÕýÊÇͨ¹ý¸Ä±äÕâЩÀý³ÌÒÔ´ïµ½¼àÊÓ×¢²á±íµÄÄ¿µÄ¡£ZwxxxµÄʵÏÖ·½Ê½ÈçÏ£º
  
  mov eax, ServiceId£ £ £ £ 
  lea edx, ParameterTable
  int 2eh
  ret ParamTableBytes
  
  Õâ¾ÍÊÇËù˵µÄNT System Services£¬ÊDz»ÊÇÓëLinuxÓеãÏàËÆ(Ö»²»¹ýLinuxʹÓõÄÊÇ80hÖж϶øÒÑ£¬ËüÒ²ÓÐServiceID£¬Èçforkϵͳµ÷ÓÃServiceIDΪ2)¡£
  
  System ServicesÔÚDDK DocumentationÊÇÈç϶¨ÒåµÄ£º
  
  £  The set of native, user-mode routines exported by the executive for use only by protected subsystems. Each
  £  system service has a name of the form TwoLettersXxxYyy where:
  £  TwoLetters is the prefix for all system services.
  £  Xxx is usually a verb, describing the operation of a given service.
  £  Yyy is generally the object type the service operates on.
  
  System ServicesÔÚϵͳÖÐÓÉÁ½²¿·Ö×é³É£¬Ò»²¿·ÖÓÉwin32k.sysµ¼³ö£¬ÁíÒ»²¿·ÖÓÉntoskrnl.exeÌṩ·þÎñ¡£Ç°ÕßÖ÷ÒªÍê³ÉNTÖÐwin32¡¢PosixÓëOs/2µÈ×Óϵͳ(subsystems)ÓëÄں˵ÄͨÐÅ£¬½öÄÜÓÉÓû§Ì¬µÄÓ¦ÓóÌÐòµ÷Óã¬Èçuser32!WaitMessageµÈ¡£ÓÉÓÚRegmonÖ»Éæ¼°ºóÕߣ¬ËùÒÔ±¾ÎĽ«¶ÔÆä½øÐÐÌÖÂÛ£¬ÒÔÏÂËùÓйØÓÚSystem ServiceµÄÌÖÂÛ¾ùÊʺÏÁ½Õß!
  £ £ £ £ £ 
  ÉÏ´Î(Nsfocus Magazine 10)ÎÒÔø¾­Ìá¼°KeServiceDescriptorTable£¬Ò²Ëµ¹ýËüµÄ½á¹¹ÈçÏÂ:
  
  £  struct _ServiceDescriptorEntry {
  unsigned int *ServiceTableBase;
  unsigned int *ServiceCounterTableBase;
  unsigned int NumberOfServices;
  unsigned char *ParamTableBase;
  £  }ServiceDescriptorTableEntry
  
  ntoskrnl.exeµ¼³öÈ«¾Ö±äÁ¿KeServiceDescriptorTableÖ¸ÏòServiceDescriptorTableEntry(ÓÉwin32k.sysµ¼³öµÄSystem ServicesÒ²ÓÐ×Ô¼ºµÄServiceDescriptorTable£¬ÔÚWin2000 ServerÖÐÆäService ID´Ó1000hʼ£¬ÓÉKeServiceDescriptorTableÒÔÏÂÆ«ÒÆ50h´¦Ö¸Ïò£¬Æä½á¹¹Óëntosrknl.exeµ¼³öµÄ»ù±¾Ò»Ö£¬±¾ÎIJ»×÷ÌÖÂÛ£¬SoftICEÖеÄntcallÃüÁîÔÚÌض¨Çé¿öÏ¿ÉÒÔÁгöËùÓеÄSystem Service)¡£
  
  ÏÂÃæÎÒÃÇÏÈÓÃSoftICE 4.05 For Windows NT/2000À´·ÖÎö·ÖÎöx86ƽ̨Windows 2000 Server Build 2195µÄÇé¿ö(ÒÔϽöժ¼²¿·Ö£¬²»Í¬°æ±¾²»Í¬Ê±¿Ì¿ÉÄܵõ½µÄÊý¾Ýδ±ØÒ»Ñù)
  
  
• [1] [2] [3] [4] [5] ÏÂÒ»Ò³ 
• ¸´ÖƱ¾Ò³ÍøÖ·ºÍ±êÌ⣬·¢Ë͸øÄãQQ/MsnµÄºÃÓÑÒ»Æð·ÖÏí
  
  
• ÔÙ̸Windows NT/2000ÄÚ²¿Êý¾Ý½á¹¹ Ïà¹ØÎÄÕ£º
• ¡¤Windows XP SP2ÊÇ·ñÕý°æÔ­°æ¼¼ÇÉ
• ¡¤Windows VistaÍ£Ö¹±¨¸æ³ÌÐòÎÊÌâµÄ¼¼ÇÉ·½·¨
• ¡¤Windows VistaÖÐÈçºÎ×Ô¶¨ÒåÓïÑÔÀ¸Í¼±ê
• ¡¤Windows VistaÖÐÈçºÎµ÷ÕûÑźÚ×ÖÌåDPI
• ¡¤Windows Vistaϵͳµ÷ÊÔÍâÖÃÂó¿Ë·ç¼¼ÇÉ
• ¡¤Windows VistaÖÐÈçºÎÏÔʾ¡°³¬¼¶Òþ²Ø¡±Îļþ
• ¡¤Windows VistaϵͳÈçºÎÓÃÃüÁîÐÐÔËÐÐϵͳ»¹Ô­
• ¡¤Windows Vistaϵͳ´æ´¢ÓÅ»¯ÍêÈ«ÊÖ²á
• ¡¤¼Ó¿ìWindows Vistaϵͳ´°¿Ú´ò¿ªËٶȵķ½·¨
• ¡¤Windows XPϵͳÖÐÈçºÎÖØÖÃTCP/IPЭÒé
• ÔÙ̸Windows NT/2000ÄÚ²¿Êý¾Ý½á¹¹ Ïà¹ØÈí¼þ
• ¡¤¡¶À×ÉñÖ®´¸4¡·v1.3µ½v1.4.2Éý¼¶²¹¶¡£¨WindowsϵͳרÓã©
• ¡¤²ËÄñTO¸ßÊÖ£­windowsÅäÖÃÓÅ»¯Ïê½â
• ¡¤ÌåÑéWindows Vista beta 1
• ¡¤Ð±àWindows API²Î¿¼´óÈ«
• ¡¤WindowsϵͳÎļþÖÐÎÄÏê½â
• ¡¤È«¹ú¼ÆËã»úµÈ¼¶¿¼ÊÔÄ£ÄâÈí¼þ(Ò»¼¶Windows)2003
• ¡¤WindowsServer2003ÍøÂ簲ȫ¹ÜÀíѧϰָÄÏ
• ¡¤Windows_2000_Server_24ѧʱ½Ì³Ì
• ¡¤Windows XP ProfessionalѧϰָÄÏ
• ¡¤Windows Server 2003ÃüÁî²Î¿¼

ÉÏһƪ:Ë×ÈËË×Óï̸¼¼ÊõÖ®FTP¼¼Êõ

ÏÂһƪ:ÔÚÎÞÈ˲ÎÓ밲װģʽÏÂÖ´Ðиɾ»°²×°WINXP

• ÌرðÉùÃ÷£º±¾Õ¾³ý²¿·ÖÌرðÉùÃ÷½ûֹתÔصÄר¸åÍâµÄÆäËûÎÄÕ¿ÉÒÔ×ÔÓÉתÔØ£¬µ«ÇëÎñ±Ø×¢Ã÷³ö´¦ºÍԭʼ×÷
• Õß.ÎÄÕ°æȨ¹éÎÄÕÂԭʼ×÷ÕßËùÓÐ.¶ÔÓÚ±»±¾Õ¾×ªÔØÎÄÕµĸöÈ˺ÍÍøÕ¾£¬ÎÒÃDZíʾÉîÉîµÄлÒâ¡£Èç¹û±¾Õ¾×ª
• ÔصÄÎÄÕÂÓаæȨÎÊÌâÇëÁªÏµ±à¼­ÈËÔ±,ÎÒÃǾ¡¿ìÓèÒÔ¸üÕý. תÔØÇë×¢Ã÷À´Ô´£ºhttp://www.hackhome.com

¾«Æ·ÍƼö

ÈȵãTOP10

ÌرðÍƼö