hey guys if u want to answer me u must follow these steps
1) go and visit www.rootkit.com
2) download some source code such as 'FU_Rootkit"
3) delete all *.sys and *.exe
4) explore source code and if u r very good in drivers programming for windows u can find some API and struct and information that are not in standard document such as DDK
5) my question is "how the hell these guys find these information
6) and another example is this site "http://www.ntinternals.net"
u can find some information about windows nt (such as windows XP) that is not in standrad document
this is a good example "PEB" and "TEB"
PEB == process environment block and TEB == thread environment block , i searched my *.h and *.c and *.cpp in visual c++ 2005 but i cant find these information on it
finaly , please tell me how can i have these type information
Drivers programming ( just read it if u know about system programming very good )?
These guys as you call them do not find this information, they create it. If you want to understand it you need to learn programming to a very high standard. Don't expect others to tell you how it works, it would take years.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment