|
阅读:1597回复:2
luo,研究WINDOWS的内部数据结构该如何下手
您好,我浏览了你的个人网站,发现不少文章的水平都很高,挺佩服你的技术!我本人一直想研究WINDOWS内部的数据结构,如文件对象的结构,套接字对象的数据结构等,可总觉得心有余而力不足,你觉得研究这方面该从何处入手?谢了
|
|
|
沙发#
发布于:2001-09-04 17:59
从学会DEBUG一个程序开始.
|
|
|
|
板凳#
发布于:2001-09-29 00:04
a good way but may not be the best way to everyone.
download the dumppe.exe to do the reverse engineering. disasmble the ntoskrnl.exe and hal.dll(KM) ntdll.dll (um native API wrapper); Make sure you don't violate the copyright. Anyway, that's not important in China.-:( ntddk.h will tell much about the offset show up in the .asm file you got. use kd.exe or windbg.exe to exam a full kernel memory dump or write your own debugger extension. If you have the checked build of NT/2000 and the symbol files, that is great. It's avaialbe at the msdn subscription. you may need intel cpu manual, it's free at http://www.intel.com. ______________________________________ an Oversea Chinese KMD/OS developer |
|
|