摘要： Ps个人认为是process security的缩写 PsSetCreateProcessNotifyRoutineEx相关 if (Driver_OsVersion >= DRIVER_WINDOWS_7) { status = PsSetCreateProcessNotifyRoutineEx( 阅读全文

摘要： 1.DebugPrintFilter.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter] " 阅读全文

摘要： ok = CreateDirectory(TempFolder, NULL); if ((! ok) && GetLastError() == ERROR_ALREADY_EXISTS) ok = TRUE; WCHAR filename[MAX_PATH + 64]; ZeroMemory(fil 阅读全文

摘要： req->h.msgid = MSGID_PROCESS_RUN_SANDBOXED; status = NtRequestWaitReplyPort(data->PortHandle, (PORT_MESSAGE *)spaceReq, (PORT_MESSAGE *)spaceRpl); sta 阅读全文

摘要： BOOL Kmd_Install_Service( const wchar_t *Service_Name, const wchar_t *Service_Path, const wchar_t *Service_Display, const wchar_t *Service_Group, OPTI 阅读全文

摘要： Figure 5: An example of the Windows NT multithreaded server status = NtOpenThreadToken( NtCurrentThread(), TOKEN_QUERY, FALSE, &hOldToken); b = GetThr 阅读全文

摘要： ALIGNED void EnablePriv(void) { // // enable SeRestorePrivilege so SetShortName() can do its job // WCHAR priv_space[64]; TOKEN_PRIVILEGES *privs = (T 阅读全文

摘要： wcscpy(cmdline, L"/box:"); wcscat(cmdline, L"__ask__"); _wcsicmp(name, L"RPCSS") _wcsnicmp(ptr, L"system32\\wuauclt.exe", 20) if (wcschr(src, L'\"')) 阅读全文

摘要： The Windows subsystem on Windows NT provides high-level memory management functions that make it easy for applications to build dynamic data structure 阅读全文

摘要： Figure 1: A general representation of Operating System as a ring-structure Figure 2: A layered structure of Windows NT OS 阅读全文