摘要：1.File System Filter Driver Tutorialhttp://www.codeproject.com/KB/system/fs-filter-driver-tutorial.aspx2.NTFShttp://www.codeproject.com/info/search.aspx?artkw=File+System3.Undelete a file in NTFShttp:... 阅读全文

摘要：1.Introduction============== In my search for knowledge, I found many tutorials out there that werecreated to show the user how to code a simple boot sector virus. Although thetutes were very good in ... 阅读全文

摘要：.386p.model flat ,stdcalloptions casemap:nonejumps.data.codeVirusStart:;重定位calldeltadelta:popebpmoveax,ebpsubebp,offset deltasubeax,RedundatSizesubeax,1000hNewEip equ $-4movdword ptr [ebp+AppBase],eax... 阅读全文

摘要：1.HIVE结构 首先,要明白的是注册表是由多个hive文件组成. 而一个hive是由许多bin组成,一个bin是由很多cell组成. 而cell可以有好几种类型.比如keycell(cm_key_node)valuecell(CM_KEY_VALUE)subbkey-listcell,value-listcell等 当新的数据要扩张一个hive时,总是按照block的粒度(4kb)来增加,一个h... 阅读全文