|Содержимое диска, прилагаемого к книге Свена Шрайбера "Недокументированные возможности Windows 2000", 2002 (перевод), 544 стр, тираж 5000. Оригинал: Sven B. Schreiber, Undocumented Windows 2000 secrets — A programming cookbook, 2001.|
The CD contains all sample applications, libraries, and drivers presented or discussed in the book. All components are available on the CD as Visual C/C++ 6.0 projects, as well as in ready-to-run form in a common directory. Thus, the readers can choose to copy the projects onto the hard disk if they wish to rebuild or modify the samples, or to run the readily compiled code directly from the CD. The following programs are found on the CD (in alphabetical order):
w2k_call.dll: This Win32 library hosts the kernel call interface introduced in chapter 6 of the book. It interfaces to the spy device driver w2k_spy.sys and the symbol file cruncher w2k_img.dll, providing an easy-to-use application interface that allows user-mode code to access almost any internal function or variables buried inside the kernel-mode modules. If the system's symbol files are installed, this DLL supports symbolic access to internal kernel functions and data structures that are not even available to kernel-mode drivers.
w2k_cv.exe: A console application demonstrating how the CodeView information inside Microsoft symbol files can be extracted.
w2k_dbg.dll: A Win32 library built on Microsoft's imagehlp.dll and psapi.dll, demonstrating the usage of the "official" Windows 2000 debugging interfaces. This DLL enumerates processes, modules, drivers, and symbol file contents.
w2k_dump.exe: A general-purpose hex dump utility for files. If the input file is a Program Database (PDB) symbol or debugging info file, the program can optionally disassemble all PDB data streams comprised by the file.
w2k_hook.exe: A console application demonstrating the usage of the Native API hook facility built into the spy device driver w2k_spy.sys. It allows online monitoring of file and registry operations originating from the user processes currently running in the system.
w2k_img.dll: A Win32 library that is used throughout the book to crunch Windows 2000/NT .dbg and .pdb symbol files. As a special feature, this DLL can decompile the proprietary Microsoft Program Database (PDB) file format, which has remained opaque until now. This DLL runs on all Windows platforms, including Windows 9x.
w2k_kill.sys: A tiny Windows 2000/NT kernel-mode driver that causes a benign CPU exception by performing a NULL pointer read at startup. This driver is used in the book to force a controlled "Blue Screen Of Death" in order to generate a system memory dump for debugging purposes.
w2k_lib.dll: A powerful Win32 library that is used as a general-purpose runtime DLL for several sample projects in the book. It features memory, registry, object pool, and linked-list management, CRC32 computation, pseudo-random number generation, operating system and file version checking, and much more. The extensive w2k_lib.dll source code is a repository of general-purpose code I have written for myself in the past few years, and it is intended to make the life of Win32 programmers much easier.
w2k_load.exe: A general-purpose kernel-mode device driver loader/unloader. As a special feature, this loader extracts version information from the driver's resource section within the executable file and uses it to automatically set the display name property of a newly loaded driver.
w2k_mem.exe: A versatile memory viewer displaying hex dumps of live memory in a console window. It is built on the spy device driver w2k_spy.sys, and therefore can display the contents of internal kernel memory regions that are usually inaccessible to user-mode applications.
w2k_obj.exe: A console application that displays the Windows 2000/NT object hierarchy by accessing undocumented kernel data structures and functions. This application demonstrates how user-mode applications can interact directly with kernel-mode objects with the help of the library w2k_img.dll.
w2k_spy.sys: A versatile Windows 2000/NT kernel-mode driver, used in several chapters to gain information about the operating system that is not available to user-mode applications. This driver provides several device I/O control functions to read system memory, hook Native API functions, and call internal kernel functions from user-mode.
w2k_svc.exe: A simple console-oriented Windows 2000/NT service and driver browser, built on the Service Control Manager support functions provided by the runtime library module w2k_lib.dll.
w2k_sym.exe: A console application demonstrating the usage of the API functions exported by the debugging support library w2k_dbg.dll. Besides browsing symbols from the Windows 2000/NT symbol files, this utility also lists processes, process modules, and running kernel-mode drivers.
w2k_sym2.exe: An alternative symbol browser with a different set of command options, built on the w2k_img.dll library to demonstrate the usage of its powerful API functions. This console application runs on all Windows platforms, including Windows 9x.
w2k_wiz.exe: A customizable C project wizard, specifically tailored to generate source code frameworks for kernel-mode drivers. The output files are designed for Microsoft Visual C/C++ 6.0.
В архиве есть также прекрасный крошечный The PE and COFF File Viewer (PEview) авторства Wayne J. Radburn, новую версию которого можно получить на странице автора PEview: http://wjradburn.com/software/
|Раздел: Программирование в WIN32|
Автор: Свен Шрайбер