sys_get_kernel_syms “struct kernel_sym *table”,User-ModeSystem Call,table0,table0,for for (mod = module_list, i = 0; […]

Windows NT保護子系統

() SUBSYSTEM()Windows NT(POPUP MENU) \WINNT\SYSTEM32\*.SYSNTDevice DriverSYSSubsystemImage doesnt require a subsystem()Win32 GUI()Win32 Console Mode () () () Inside NT Second Edition Creating Process()EXE.Windows NT Executive Process Object Inside Windows NT Second EditionHint(()()()) () ()NT (1)CMD.EXE:*.BATDOS Command(:DIR..etc)CMD.EXEAUTOEXEC.BATDOS BOX?NTDOS BOXCMD.EXECMD.EXEDOS BOXCMD.EXEDOSCOMMAND.COMCOMMAND INTERPRETER (2)NTVDM.EXE:DOS BOXDOSNTVDM.EXEDOSDOSNTVDM.EXEDOS DOSWin16 NTVDM.EXEWin16 (3)Win 32Windows NTWin32POSIXOS/2 () ()EXE DLL Services.exe Service Controller Process Winlogon.exe Logon Process Smss.exe Session Manager Process Psxss.exe POSIX Subsystem Process OS2ss.exe OS/2 Subsystem Process Csrss.exe Win32 Subsystem Process Ntdll.dll Internal Support Functions and System Service Dispatch stubs to Executive Functions Kernel32.dll Win32 Subsystem DLLs User32.dll GDI32.dll Psxdll.dll POSIX Subsystem DLL NTOSKRNL.EXE Executive and Kernel Hal.dll Hardware Abstraction Layer Win32k.sys Win32 User and GDI Kernel-mode Components () Win32 Windows NTWin32Win324Process Process PID Pri System 0x02 8 Smss 0x19 B Csrss 0x21 D Idle 0x00 0 Win32Windows NTWin32CSRSS.EXE? […]