KmdKit（内核开发工具）_kmdkit资源-CSDN文库

共314个文件

inc：70个

txt：43个

bat：38个

KmdKit

需积分: 9 3 浏览量 2009-07-08 17:39:58 上传评论收藏 783KB RAR 举报

资源详情

资源评论

资源推荐

收起资源包目录

KmdKit（内核开发工具）（314个子文件）

KmdManager.asm 28KB

ProcPath.asm 21KB

SymLinks.asm 18KB

StatusToError.asm 11KB

KbdTypematic.asm 10KB

MbrDump.asm 8KB

VirtToPhys.asm 7KB

FloppyGeometry.asm 6KB

KbdGarland.asm 6KB

DateTime.asm 6KB

skeleton.asm 6KB

WhichIrqlAndContext.asm 6KB

NtBuild.asm 5KB

PhysMemWorks.asm 4KB

memory.asm 4KB

DiskGeometry.asm 4KB

MaskedEdit.asm 4KB

memory.asm 4KB

SerialBaudRate.asm 3KB

scp.asm 3KB

ioctls.asm 3KB

MaskedEdit.asm 3KB

Center.asm 2KB

string.asm 2KB

string.asm 1KB

memory.asm 1KB

ReportLastError.asm 832B

htodw.asm 783B

ObjExp.bat 79KB

RamDisk.bat 30KB

IoctlDecoder.bat 27KB

FileWorks.bat 24KB

PhysMemBrowser.bat 23KB

GdtDump.bat 21KB

RamDisk.bat 18KB

IdtDump.bat 15KB

RegistryWorks.bat 15KB

ProcessMon.bat 14KB

ProcessMon.bat 13KB

SharingMemory.bat 13KB

MutualExclusion.bat 13KB

sync.bat 12KB

HiddenDriver.bat 9KB

SharingMemory.bat 9KB

VirtToPhys.bat 9KB

TimerWorks.bat 9KB

LookasideList.bat 9KB

SharedSection.bat 8KB

WhichIrqlAndContext.bat 8KB

seh.bat 7KB

WorkItem.bat 7KB

GdtDump.bat 7KB

IdtDump.bat 7KB

NtBuild.bat 7KB

SharedSection.bat 7KB

skeleton.bat 7KB

giveio.bat 6KB

beeper.bat 5KB

SystemModules.bat 5KB

HiddenDriver.bat 5KB

FindShadowTable.bat 4KB

GetKernelBase.bat 3KB

clash.bat 3KB

simplest.bat 2KB

Sections.bat 2KB

install.bat 351B

images.bmp 21KB

ioctl.bmp 2KB

up.bmp 158B

dn.bmp 158B

up.bmp 158B

dn.bmp 158B

protoize.exe 36KB

IoctlDecoder.exe 34KB

KmdManager.exe 21KB

StatusToError.exe 15KB

PhysMemBrowser.exe 13KB

GdtDump.exe 10KB

RamDisk.exe 10KB

ProcessMon.exe 9KB

IdtDump.exe 9KB

MbrDump.exe 8KB

KbdTypematic.exe 8KB

SymLinks.exe 6KB

KbdGarland.exe 6KB

SharingMemory.exe 5KB

sync.exe 5KB

FloppyGeometry.exe 4KB

SharedSection.exe 4KB

NtBuild.exe 3KB

DateTime.exe 3KB

skeleton.exe 3KB

VirtToPhys.exe 3KB

共 314 条

I/O Control Code Decoder Did you ever try to understand what does the code similar to this: ; IO_STACK_LOCATION.Parameters.DeviceIoControl.IoControlCode :00010407 mov eax, [edi+0Ch] :0001040A sub eax, 70000h ; 00070000 :0001040F jz loc_106E9 :00010415 sub eax, 14h ; 00070014 :00010418 jz loc_10661 :0001041E sub eax, 10h ; 00070024 :00010421 jz loc_105E3 :00010427 sub eax, 0BDCh ; 00070C00 :0001042C jz loc_1050D :00010432 sub eax, 3404h ; 00074004 :00010437 jz short loc_104B8 :00010439 sub eax, 8014h ; 0007C018 :0001043E jnz loc_104F6 If you did you probably noticed that it's not so easy as may seem at the first glance. With the help of IoctlDecoder.exe it's much more easier. Note1: IoctlDecoder displays only basic Device Type. So, for example, instead of IOCTL_SCSI_BASE you will see FILE_DEVICE_CONTROLLER, and instead of FSCTL_IP_BASE - FILE_DEVICE_NETWORK etc... This is because of the following definitions: IOCTL_SCSI_BASE equ FILE_DEVICE_CONTROLLER FSCTL_IP_BASE equ FILE_DEVICE_NETWORK Note2: IoctlDecoder can't recognize (few exceptions), for example, between IOCTL_SERIAL_SET_BAUD_RATE and IOCTL_SERIAL_INTERNAL_DO_WAIT_WAKE because their definitions are the same: IOCTL_SERIAL_SET_BAUD_RATE equ CTL_CODE(FILE_DEVICE_SERIAL_PORT, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) IOCTL_SERIAL_INTERNAL_DO_WAIT_WAKE equ CTL_CODE(FILE_DEVICE_SERIAL_PORT, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) So you will be able to decode only the first one. Probably in the future releases I will figure out how to fix this problem. ______________________ Four-F, four-f@mail.ru