-
请教一个问题。9x下我用ifs hook做了一个filter vxd. 我希望知道对于一次具体的读写要求来说,他是本地的访问还是来自于从网络对share目录做的访问。退一步,文件打开的时候也可以。盼望大家帮忙。[编辑 - 5/23/02 by zdhe]-----------...全文
◆
◆
-
zdhe:这个话题不继续扯了,有时间了自己好好汇编一下。 多谢大家帮忙(2002-06-02 19:21)
-
zdhe:谢谢你花时间看我贴的代码。 贴的代码不过是参考用的,不是要你帮我分析代码的意思。不过,贴在这里,总是有人受益的。 在PROCESS context里将 __declspec(naked)DWORD __stdcall ZwProtectVirtua...(2002-05-27 17:05)
-
pjf:I also send a screte message to you.please check. I had never met problem for ZwClose. it\'s zwprotectvirtualmemory. ======...(2002-05-27 16:05)
-
zdhe:I also send a screte message to you.please check. I had never met problem for ZwClose. it\'s zwprotectvirtualmemory. ========...(2002-05-27 11:01)
-
pjf:ntoskrnl!ZwClose 0008:8050B05A MOV EAX,00000019 0008:8050B05F LEA EDX,[ESP+04] 0008:8050B063 PUSHFD 0008:8050B064 PUSH 08 0008:8...(2002-05-27 10:44)
-
zdhe:just check it. i give my email to you. I will soon reply your mail. xp os static unsamble.(wasm) * Reference To: ntoskrnl.ZwClo...(2002-05-27 10:16)
-
pjf:老兄你是不是跟我以前一样从不看“收件箱”呀?hehe(2002-05-27 09:41)
-
zdhe:看来没有人回答。换个简单些的。 在9x下,一个16bit dos 程序运行在自己的vm(非系统vm)中,如何取得这个vm的启动路径? (或者说image名) 有些建议就可以的。先谢过了。 (2002-05-25 22:16)
-
zdhe:znsoft , I am finding that sample in vtoold. by the way , can you tell me detail directory name? ifshook is so simple , there is no u...(2002-05-22 10:23)
-
zdhe:can you tell me where is difference? I Know the route is different, when access from net, the caller is share server.How let code know th...(2002-05-22 10:21)
