WeZZ 's 공간292 Driver x64 Restrictions 마이크로 소프트에선 아래와 같은 사항에 대해 하지 말라고 되어있다. Driver x64 Restrictions On x64-based systems, kernel code and certain kernel data structures are protected from modification. Any driver that attempts to modify such code or data will cause the system to bug check (with the CRITICAL_STRUCTURE_CORRUPTION bug check). Drivers for x64-based systems must avoid operations that might trigger this bug check. In part.. 2010. 5. 20. [Windbg Script] Tracing API calls Saturday, April 14, 2007 2:53 AM Roberto Farah [Windbg Script] Tracing API calls This is a very simple script, yet powerful script. You can use it to see the APIs an application is using from your Windbg screen without using another tool. If you need more details from the APIs, just execute LogViewer.exe and open the .lgv file that is automatically created when you use this script. Some screensh.. 2010. 5. 18. 그래픽 API TRACE TOOL http://code.google.com/p/jrfonseca/wiki/ApiTrace 2010. 5. 18. 109 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CRITICAL_STRUCTURE_CORRUPTION (109) This bugcheck is generated when the kernel detects that critical kernel code or data have been corrupted. There are generally three causes for a corrupti.. 2010. 5. 18. memtest64 http://www.memtest.org/ 꽤 괜찮은 툴이 있네.ㅎ 게다가 소스코드 함꼐..^^ 2010. 5. 18. 64bit DebugView의 인라인 Hook방식 오리지날 코드 nt!DebugPrint: fffff800`0104b360 458bc8 mov r9d,r8d fffff800`0104b363 448bc2 mov r8d,edx fffff800`0104b366 668b11 mov dx,word ptr [rcx] fffff800`0104b369 488b4908 mov rcx,qword ptr [rcx+8] fffff800`0104b36d b801000000 mov eax,1 fffff800`0104b372 cd2d int 2Dh fffff800`0104b374 cc int 3 fffff800`0104b375 c3 ret 훅 코드 nt!DebugPrint: fffff800`0104b360 ff2500000000 jmp qword ptr [nt!DebugPrint.. 2010. 5. 11. 이전 1 ··· 21 22 23 24 25 26 27 ··· 49 다음