GetHotkeys 通过驱动获取系统热键 [ 顺便写了 SSDT + Shadow SSDT ]

最新推荐文章于 2024-10-04 02:43:20 发布
转载 最新推荐文章于 2024-10-04 02:43:20 发布 · 1.1k 阅读 · 0 ·
CC 4.0 BY-SA版权
原文链接:http://www.cnblogs.com/nlsoft/archive/2013/04/02/2994628.html

本文详细解析了SSDT表结构,通过代码片段展示了如何获取和打印SSDT的相关信息,包括SSDT的首地址、服务描述表、服务计数、参数表等关键元素。同时提供了运行结果作为实例,帮助理解SSDT在Windows系统中的作用。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

ssdt sssdt 表结构,一看就知道不多说啦  源码下载   GetHotkeys_sys_src.7z
o_SSDT_SSSDT.png
// 0xBF9B0BD8 the is ghkFirst homeXP SP3 long pSSDTShadow_offset_gphkFirst = 0xBF9B0BD8; long ptr_gphkFirst = *((long*)pSSDTShadow_offset_gphkFirst); DbgPrint ( "SSDTShadow_offset_gphkFirst = [%08X] -> %08X offset = %X Thread); DbgPrint("===ETHREAD=== size=[%d] %c",sizeof(ETHREAD),*((char*)(pet+0x220)+0x174) ); //find 0x86D7AA98 DbgPrint("===KTHREAD=== size=[%d]",sizeof(KTHREAD)); int iCount = 0; while(phki != NULL) { iCount ++; sprintf( ptrMe,"%02d.[%08X] T:%08X S:%08X M:%08X V:%02X I:%08X N:%08X\r\n", iCount, phki, phki->Thread, phki->spwnd, phki->fsModifiers, phki->vk, phki->id, phki->phkNext); DbgPrint ( ptrMe ); strcat( strGetHotKeys , ptrMe ); phki=(PHOT_KEY_ITEM)(phki->phkNext); } 运行结果 00000003 0.00005839 PEPROCESS = [8214F020] ImageFileName = [_testDriver1.ex] Version = 3.0 00000004 0.00006844 KeServiceDescriptorTable = [80563520] ServiceTableBase = [804E58D0] -> [805893DB] 00000006 0.00008660 ->ServiceCounterTable = 0 00000007 0.00009443 ->NumberOfServices = 284 00000008 0.00010337 ->ParamTableBase = [80512184] 00000009 0.00011538 0 0x0000.[804E58D0] = 805893DB - ZwAcceptConnectPort 00000010 0.00012711 1 0x0001.[804E58D4] = 80580556 - ZwAccessCheck 00000011 0.00013884 2 0x0002.[804E58D8] = 80598BD1 - ZwAccessCheckAndAuditAlarm 00000012 0.00015030 3 0x0003.[804E58DC] = 805915E4 - ZwAccessCheckByType 00000013 0.00016259 4 0x0004.[804E58E0] = 80598C58 - ZwAccessCheckByTypeAndAuditAlarm 00000014 0.00017460 5 0x0005.[804E58E4] = 806418A0 - ZwAccessCheckByTypeResultList 00000015 0.00018745 6 0x0006.[804E58E8] = 80643A31 - ZwAccessCheckByTypeResultListAndAuditAlarm 00000016 0.00020058 7 0x0007.[804E58EC] = 80643A7A - ZwAccessCheckByTypeResultListAndAuditAlarmByHandle 00000017 0.00021148 8 0x0008.[804E58F0] = 8057D022 - ZwAddAtom 00000018 0.00022349 9 0x0009.[804E58F4] = 8065193F - ZwAddBootEntry 00000019 0.00023523 10 0x000A.[804E58F8] = 8064105F - ZwAdjustGroupsToken 00000020 0.00024640 11 0x000B.[804E58FC] = 80598423 - ZwAdjustPrivilegesToken 00000021 0.00025785 12 0x000C.[804E5900] = 80638C26 - ZwAlertResumeThread 00000022 0.00026875 13 0x000D.[804E5904] = 80593EFA - ZwAlertThread 00000023 0.00028048 14 0x000E.[804E5908] = 80592D3E - ZwAllocateLocallyUniqueId 00000024 0.00029194 15 0x000F.[804E590C] = 8062F86A - ZwAllocateUserPhysicalPages 00000025 0.00030339 16 0x0010.[804E5910] = 805E10D1 - ZwAllocateUuids 00000026 0.00031540 17 0x0011.[804E5914] = 80571BC5 - ZwAllocateVirtualMemory 00000027 0.00032742 18 0x0012.[804E5918] = 805E1D36 - ZwAreMappedFilesTheSame 00000028 0.00033943 19 0x0013.[804E591C] = 805E2DDB - ZwAssignProcessToJobObject 00000029 0.00035116 20 0x0014.[804E5920] = 804E5EE4 - ZwCallbackReturn 00000030 0.00036345 21 0x0015.[804E5924] = 8065192B - ZwCancelDeviceWakeupRequest 00000031 0.00037435 22 0x0016.[804E5928] = 805D4DBF - ZwCancelIoFile 00000032 0.00038441 23 0x0017.[804E592C] = 804ECBD7 - ZwCancelTimer 00000033 0.00039502 24 0x0018.[804E5930] = 805716C3 - ZwClearEvent 00000034 0.00040508 25 0x0019.[804E5934] = 805708D7 - ZwClose 00000035 0.00041793 26 0x001A.[804E5938] = 80598801 - ZwCloseObjectAuditAlarm 00000036 0.00042827 27 0x001B.[804E593C] = 80657A8C - ZwCompactKeys 00000037 0.00044168 28 0x001C.[804E5940] = 80592856 - ZwCompareTokens 00000038 0.00045453 29 0x001D.[804E5944] = 80591160 - ZwCompleteConnectPort 00000039 0.00046514 30 0x001E.[804E5948] = 80657CFB - ZwCompressKey 00000040 0.00047688 31 0x001F.[804E594C] = 80591C5B - ZwConnectPort 00000041 0.00048721 32 0x0020.[804E5950] = 804E223F - ZwContinue 00000042 0.00050118 33 0x0021.[804E5954] = 8066313E - ZwCreateDebugObject 00000043 0.00051347 34 0x0022.[804E5958] = 805B1ECB - ZwCreateDirectoryObject 00000044 0.00052437 35 0x0023.[804E595C] = 805754F6 - ZwCreateEvent 00000045 0.00053470 36 0x0024.[804E5960] = 80651F90 - ZwCreateEventPair 00000046 0.00054532 37 0x0025.[804E5964] = 80574DFB - ZwCreateFile 00000047 0.00055705 38 0x0026.[804E5968] = 805E57BB - ZwCreateIoCompletion 00000048 0.00056879 39 0x0027.[804E596C] = 805DE62E - ZwCreateJobObject 00000049 0.00058164 40 0x0028.[804E5970] = 806390CF - ZwCreateJobSet 00000050 0.00059449 41 0x0029.[804E5974] = 80579ABE - ZwCreateKey 00000051 0.00060566 42 0x002A.[804E5978] = 805DF7D7 - ZwCreateMailslotFile 00000052 0.00061740 43 0x002B.[804E597C] = 80581B62 - ZwCreateMutant 00000053 0.00062913 44 0x002C.[804E5980] = 80589DC2 - ZwCreateNamedPipeFile 00000054 0.00064198 45 0x002D.[804E5984] = 805BCECF - ZwCreatePagingFile 00000055 0.00065399 46 0x002E.[804E5988] = 8059CFA8 - ZwCreatePort 00000056 0.00066517 47 0x002F.[804E598C] = 805B8BF5 - ZwCreateProcess 00000057 0.00067662 48 0x0030.[804E5990] = 8058C7F4 - ZwCreateProcessEx 00000058 0.00068808 49 0x0031.[804E5994] = 806525C7 - ZwCreateProfile 00000059 0.00069897 50 0x0032.[804E5998] = 8056EB66 - ZwCreateSection 00000060 0.00071070 51 0x0033.[804E599C] = 8057CF49 - ZwCreateSemaphore 00000061 0.00072272 52 0x0034.[804E59A0] = 805E1922 - ZwCreateSymbolicLinkObject 00000062 0.00073417 53 0x0035.[804E59A4] = AA0CD1B0 - ZwCreateThread 00000063 0.00074563 54 0x0036.[804E59A8] = 805E9981 - ZwCreateTimer 00000064 0.00075652 55 0x0037.[804E59AC] = 805AF238 - ZwCreateToken 00000065 0.00076797 56 0x0038.[804E59B0] = 805B2CB2 - ZwCreateWaitablePort 00000066 0.00077971 57 0x0039.[804E59B4] = 806642B5 - ZwDebugActiveProcess 00000067 0.00079088 58 0x003A.[804E59B8] = 8066440F - ZwDebugContinue 00000068 0.00080234 59 0x003B.[804E59BC] = 8056FB03 - ZwDelayExecution 00000069 0.00081379 60 0x003C.[804E59C0] = 805959AA - ZwDeleteAtom 00000070 0.00082497 61 0x003D.[804E59C4] = 8065192B - ZwDeleteBootEntry 00000071 0.00083642 62 0x003E.[804E59C8] = 805DDE04 - ZwDeleteFile 00000072 0.00084815 63 0x003F.[804E59CC] = 8059B5CD - ZwDeleteKey 00000073 0.00086017 64 0x0040.[804E59D0] = 80643AD1 - ZwDeleteObjectAuditAlarm 00000074 0.00087134 65 0x0041.[804E59D4] = 8059A1EC - ZwDeleteValueKey 00000075 0.00088307 66 0x0042.[804E59D8] = 80589ABD - ZwDeviceIoControlFile 00000076 0.00089509 67 0x0043.[804E59DC] = 805BE382 - ZwDisplayString 00000077 0.00090598 68 0x0044.[804E59E0] = 8057EDAF - ZwDuplicateObject 00000078 0.00091799 69 0x0045.[804E59E4] = 80586A99 - ZwDuplicateToken 00000079 0.00092973 70 0x0046.[804E59E8] = 8065193F - ZwEnumerateBootEntries 00000080 0.00094118 71 0x0047.[804E59EC] = 80582EEA - ZwEnumerateKey 00000081 0.00095347 72 0x0048.[804E59F0] = 80651917 - ZwEnumerateSystemEnvironmentValuesEx 00000082 0.00096493 73 0x0049.[804E59F4] = 8059103A - ZwEnumerateValueKey 00000083 0.00097694 74 0x004A.[804E59F8] = 8062E829 - ZwExtendSection 00000084 0.00098839 75 0x004B.[804E59FC] = 805D6CF5 - ZwFilterToken 00000085 0.00099901 76 0x004C.[804E5A00] = 805E61A7 - ZwFindAtom 00000086 0.00101074 77 0x004D.[804E5A04] = 80593C44 - ZwFlushBuffersFile 00000087 0.00102192 78 0x004E.[804E5A08] = 80587A2D - ZwFlushInstructionCache 00000088 0.00103253 79 0x004F.[804E5A0C] = 805E7ED1 - ZwFlushKey 00000089 0.00104399 80 0x0050.[804E5A10] = 805EA683 - ZwFlushVirtualMemory 00000090 0.00105460 81 0x0051.[804E5A14] = 806300C7 - ZwFlushWriteBuffer 00000091 0.00106606 82 0x0052.[804E5A18] = 8062FC1D - ZwFreeUserPhysicalPages 00000092 0.00107723 83 0x0053.[804E5A1C] = 805720BF - ZwFreeVirtualMemory 00000093 0.00108897 84 0x0054.[804E5A20] = 80583287 - ZwFsControlFile 00000094 0.00110126 85 0x0055.[804E5A24] = 80637067 - ZwGetContextThread 00000095 0.00111327 86 0x0056.[804E5A28] = 8063501B - ZwGetDevicePowerState 00000096 0.00112500 87 0x0057.[804E5A2C] = 805A3868 - ZwGetPlugPlayEvent 00000097 0.00113702 88 0x0058.[804E5A30] = 805407B7 - ZwGetWriteWatch 00000098 0.00114959 89 0x0059.[804E5A34] = 8059CB5D - ZwImpersonateAnonymousToken 00000099 0.00116160 90 0x005A.[804E5A38] = 805921C9 - ZwImpersonateClientOfPort 00000100 0.00117333 91 0x005B.[804E5A3C] = 805884C1 - ZwImpersonateThread 00000101 0.00118507 92 0x005C.[804E5A40] = 805B2485 - ZwInitializeRegistry 00000102 0.00119708 93 0x005D.[804E5A44] = 80634DE7 - ZwInitiatePowerAction 00000103 0.00120825 94 0x005E.[804E5A48] = 80638F83 - ZwIsProcessInJob 00000104 0.00121999 95 0x005F.[804E5A4C] = 80635002 - ZwIsSystemResumeAutomatic 00000105 0.00123060 96 0x0060.[804E5A50] = 805B22F4 - ZwListenPort 00000106 0.00124150 97 0x0061.[804E5A54] = 805B16F6 - ZwLoadDriver 00000107 0.00125295 98 0x0062.[804E5A58] = 805D708D - ZwLoadKey 00000108 0.00126469 99 0x0063.[804E5A5C] = 805D71EC - ZwLoadKey2 00000109 0.00127614 100 0x0064.[804E5A60] = 80595D77 - ZwLockFile 00000110 0.00128843 101 0x0065.[804E5A64] = 805D656A - ZwLockProductActivationKeys 00000111 0.00130017 102 0x0066.[804E5A68] = 805CF9DD - ZwLockRegistryKey 00000112 0.00131246 103 0x0067.[804E5A6C] = 805B6835 - ZwLockVirtualMemory 00000113 0.00132475 104 0x0068.[804E5A70] = 805E1B2A - ZwMakePermanentObject 00000114 0.00133732 105 0x0069.[804E5A74] = 805E1BF1 - ZwMakeTemporaryObject 00000115 0.00134989 106 0x006A.[804E5A78] = 8062EEC6 - ZwMapUserPhysicalPages 00000116 0.00136218 107 0x006B.[804E5A7C] = 8062F31F - ZwMapUserPhysicalPagesScatter 00000117 0.00137420 108 0x006C.[804E5A80] = 8057BA19 - ZwMapViewOfSection 00000118 0.00138593 109 0x006D.[804E5A84] = 8065192B - ZwModifyBootEntry 00000119 0.00139766 110 0x006E.[804E5A88] = 8059719B - ZwNotifyChangeDirectoryFile 00000120 0.00140828 111 0x006F.[804E5A8C] = 80597D8F - ZwNotifyChangeKey 00000121 0.00141945 112 0x0070.[804E5A90] = 80597BA1 - ZwNotifyChangeMultipleKeys 00000122 0.00143119 113 0x0071.[804E5A94] = 8058B1CE - ZwOpenDirectoryObject 00000123 0.00144208 114 0x0072.[804E5A98] = 8058AB69 - ZwOpenEvent 00000124 0.00145326 115 0x0073.[804E5A9C] = 80652083 - ZwOpenEventPair 00000125 0.00146415 116 0x0074.[804E5AA0] = 8057AE8D - ZwOpenFile 00000126 0.00147533 117 0x0075.[804E5AA4] = 806224CF - ZwOpenIoCompletion 00000127 0.00148650 118 0x0076.[804E5AA8] = 80639327 - ZwOpenJobObject 00000128 0.00149740 119 0x0077.[804E5AAC] = 80573BDF - ZwOpenKey 00000129 0.00150857 120 0x0078.[804E5AB0] = 80581C10 - ZwOpenMutant 00000130 0.00151975 121 0x0079.[804E5AB4] = 805E74EC - ZwOpenObjectAuditAlarm 00000131 0.00153120 122 0x007A.[804E5AB8] = 8057CB80 - ZwOpenProcess 00000132 0.00154293 123 0x007B.[804E5ABC] = 805794F6 - ZwOpenProcessToken 00000133 0.00155467 124 0x007C.[804E5AC0] = 8057944D - ZwOpenProcessTokenEx 00000134 0.00156556 125 0x007D.[804E5AC4] = 8057C96A - ZwOpenSection 00000135 0.00157674 126 0x007E.[804E5AC8] = 805E1CA8 - ZwOpenSemaphore 00000136 0.00158875 127 0x007F.[804E5ACC] = 8058B151 - ZwOpenSymbolicLinkObject 00000137 0.00160048 128 0x0080.[804E5AD0] = 80597A0F - ZwOpenThread 00000138 0.00161222 129 0x0081.[804E5AD4] = 805756D2 - ZwOpenThreadToken 00000139 0.00162423 130 0x0082.[804E5AD8] = 805755CF - ZwOpenThreadTokenEx 00000140 0.00163624 131 0x0083.[804E5ADC] = 80651EB9 - ZwOpenTimer 00000141 0.00164797 132 0x0084.[804E5AE0] = 805A14BD - ZwPlugPlayControl 00000142 0.00165943 133 0x0085.[804E5AE4] = 805AC9EA - ZwPowerInformation 00000143 0.00167144 134 0x0086.[804E5AE8] = 805A17B8 - ZwPrivilegeCheck 00000144 0.00168373 135 0x0087.[804E5AEC] = 805E1217 - ZwPrivilegeObjectAuditAlarm 00000145 0.00169603 136 0x0088.[804E5AF0] = 805D618F - ZwPrivilegedServiceAuditAlarm 00000146 0.00170748 137 0x0089.[804E5AF4] = 80583621 - ZwProtectVirtualMemory 00000147 0.00171810 138 0x008A.[804E5AF8] = 805B2C0A - ZwPulseEvent 00000148 0.00172983 139 0x008B.[804E5AFC] = 8057B0BC - ZwQueryAttributesFile 00000149 0.00174184 140 0x008C.[804E5B00] = 8065193F - ZwQueryBootEntryOrder 00000150 0.00175357 141 0x008D.[804E5B04] = 8065193F - ZwQueryBootOptions 00000151 0.00176531 142 0x008E.[804E5B08] = 804FC559 - ZwQueryDebugFilterState 00000152 0.00177732 143 0x008F.[804E5B0C] = 805700D0 - ZwQueryDefaultLocale 00000153 0.00178989 144 0x0090.[804E5B10] = 8058A59D - ZwQueryDefaultUILanguage 00000154 0.00180190 145 0x0091.[804E5B14] = 8057D793 - ZwQueryDirectoryFile 00000155 0.00181448 146 0x0092.[804E5B18] = 80590A8E - ZwQueryDirectoryObject 00000156 0.00182621 147 0x0093.[804E5B1C] = 8062271C - ZwQueryEaFile 00000157 0.00183738 148 0x0094.[804E5B20] = 8058AF38 - ZwQueryEvent 00000158 0.00184940 149 0x0095.[804E5B24] = 805859EE - ZwQueryFullAttributesFile 00000159 0.00186169 150 0x0096.[804E5B28] = 805B2F72 - ZwQueryInformationAtom 00000160 0.00187314 151 0x0097.[804E5B2C] = 8057BD38 - ZwQueryInformationFile 00000161 0.00188516 152 0x0098.[804E5B30] = 8058CEFB - ZwQueryInformationJobObject 00000162 0.00189661 153 0x0099.[804E5B34] = 8062C4CD - ZwQueryInformationPort 00000163 0.00190918 154 0x009A.[804E5B38] = 805757B6 - ZwQueryInformationProcess 00000164 0.00192175 155 0x009B.[804E5B3C] = 8057786A - ZwQueryInformationThread 00000165 0.00193377 156 0x009C.[804E5B40] = 805782E4 - ZwQueryInformationToken 00000166 0.00194578 157 0x009D.[804E5B44] = 8058ACD2 - ZwQueryInstallUILanguage 00000167 0.00195779 158 0x009E.[804E5B48] = 80652A77 - ZwQueryIntervalProfile 00000168 0.00196924 159 0x009F.[804E5B4C] = 80622590 - ZwQueryIoCompletion 00000169 0.00198098 160 0x00A0.[804E5B50] = 80582AEA - ZwQueryKey 00000170 0.00199327 161 0x00A1.[804E5B54] = 80657473 - ZwQueryMultipleValueKey 00000171 0.00200500 162 0x00A2.[804E5B58] = 806523FC - ZwQueryMutant 00000172 0.00201674 163 0x00A3.[804E5B5C] = 8058B466 - ZwQueryObject 00000173 0.00202903 164 0x00A4.[804E5B60] = 8065767B - ZwQueryOpenSubKeys 00000174 0.00204132 165 0x00A5.[804E5B64] = 805718A6 - ZwQueryPerformanceCounter 00000175 0.00205305 166 0x00A6.[804E5B68] = 80622FD3 - ZwQueryQuotaInformationFile 00000176 0.00206479 167 0x00A7.[804E5B6C] = 80587E7A - ZwQuerySection 00000177 0.00207708 168 0x00A8.[804E5B70] = 8059FE28 - ZwQuerySecurityObject 00000178 0.00208881 169 0x00A9.[804E5B74] = 806511E9 - ZwQuerySemaphore 00000179 0.00210083 170 0x00AA.[804E5B78] = 8058AFC2 - ZwQuerySymbolicLinkObject 00000180 0.00211312 171 0x00AB.[804E5B7C] = 80651967 - ZwQuerySystemEnvironmentValue 00000181 0.00212569 172 0x00AC.[804E5B80] = 80651903 - ZwQuerySystemEnvironmentValueEx 00000182 0.00213742 173 0x00AD.[804E5B84] = 80585B3D - ZwQuerySystemInformation 00000183 0.00214916 174 0x00AE.[804E5B88] = 80593915 - ZwQuerySystemTime 00000184 0.00216033 175 0x00AF.[804E5B8C] = 8059B98D - ZwQueryTimer 00000185 0.00217123 176 0x00B0.[804E5B90] = 8058DE21 - ZwQueryTimerResolution 00000186 0.00218296 177 0x00B1.[804E5B94] = 80573F19 - ZwQueryValueKey 00000187 0.00219469 178 0x00B2.[804E5B98] = 80579E03 - ZwQueryVirtualMemory 00000188 0.00220698 179 0x00B3.[804E5B9C] = 8057B1D8 - ZwQueryVolumeInformationFile 00000189 0.00221816 180 0x00B4.[804E5BA0] = 8059B8E8 - ZwQueueApcThread 00000190 0.00222933 181 0x00B5.[804E5BA4] = 804E2287 - ZwRaiseException 00000191 0.00224079 182 0x00B6.[804E5BA8] = 80650F25 - ZwRaiseHardError 00000192 0.00225252 183 0x00B7.[804E5BAC] = 8057595D - ZwReadFile 00000193 0.00226425 184 0x00B8.[804E5BB0] = 806238AB - ZwReadFileScatter 00000194 0.00227683 185 0x00B9.[804E5BB4] = 805926E1 - ZwReadRequestData 00000195 0.00228884 186 0x00BA.[804E5BB8] = 805882FE - ZwReadVirtualMemory 00000196 0.00230085 187 0x00BB.[804E5BBC] = 80587811 - ZwRegisterThreadTerminatePort 00000197 0.00231231 188 0x00BC.[804E5BC0] = 8056FB6E - ZwReleaseMutant 00000198 0.00232404 189 0x00BD.[804E5BC4] = 80577F40 - ZwReleaseSemaphore 00000199 0.00233605 190 0x00BE.[804E5BC8] = 8057054C - ZwRemoveIoCompletion 00000200 0.00234750 191 0x00BF.[804E5BCC] = 8066438A - ZwRemoveProcessDebug 00000201 0.00235896 192 0x00C0.[804E5BD0] = 806578F0 - ZwRenameKey 00000202 0.00237069 193 0x00C1.[804E5BD4] = 8065824C - ZwReplaceKey 00000203 0.00238215 194 0x00C2.[804E5BD8] = 80586792 - ZwReplyPort 00000204 0.00239500 195 0x00C3.[804E5BDC] = 80577821 - ZwReplyWaitReceivePort 00000205 0.00240729 196 0x00C4.[804E5BE0] = 80577339 - ZwReplyWaitReceivePortEx 00000206 0.00241874 197 0x00C5.[804E5BE4] = 8062C5AC - ZwReplyWaitReplyPort 00000207 0.00243048 198 0x00C6.[804E5BE8] = 80634F8F - ZwRequestDeviceWakeup 00000208 0.00244137 199 0x00C7.[804E5BEC] = 805E7AD1 - ZwRequestPort 00000209 0.00245311 200 0x00C8.[804E5BF0] = 8057E89E - ZwRequestWaitReplyPort 00000210 0.00246540 201 0x00C9.[804E5BF4] = 80634D88 - ZwRequestWakeupLatency 00000211 0.00247657 202 0x00CA.[804E5BF8] = 805E9CED - ZwResetEvent 00000212 0.00248858 203 0x00CB.[804E5BFC] = 80540C32 - ZwResetWriteWatch 00000213 0.00249920 204 0x00CC.[804E5C00] = 80657DE1 - ZwRestoreKey 00000214 0.00250870 205 0x00CD.[804E5C04] = 80638BC6 - ZwResumeProcess 00000215 0.00251764 206 0x00CE.[804E5C08] = 80587737 - ZwResumeThread 00000216 0.00252658 207 0x00CF.[804E5C0C] = 80657EE2 - ZwSaveKey 00000217 0.00253552 208 0x00D0.[804E5C10] = 80657FCD - ZwSaveKeyEx 00000218 0.00254474 209 0x00D1.[804E5C14] = 806580FA - ZwSaveMergedKeys 00000219 0.00255368 210 0x00D2.[804E5C18] = 80588C11 - ZwSecureConnectPort 00000220 0.00256290 211 0x00D3.[804E5C1C] = 8065193F - ZwSetBootEntryOrder 00000221 0.00257156 212 0x00D4.[804E5C20] = 8065193F - ZwSetBootOptions 00000222 0.00258050 213 0x00D5.[804E5C24] = 8063728D - ZwSetContextThread 00000223 0.00258944 214 0x00D6.[804E5C28] = 80665D6C - ZwSetDebugFilterState 00000224 0.00259865 215 0x00D7.[804E5C2C] = 805B84F9 - ZwSetDefaultHardErrorPort 00000225 0.00260759 216 0x00D8.[804E5C30] = 805DEC9B - ZwSetDefaultLocale 00000226 0.00261681 217 0x00D9.[804E5C34] = 805DEC42 - ZwSetDefaultUILanguage 00000227 0.00262575 218 0x00DA.[804E5C38] = 80622C63 - ZwSetEaFile 00000228 0.00263469 219 0x00DB.[804E5C3C] = 80571634 - ZwSetEvent 00000229 0.00264391 220 0x00DC.[804E5C40] = 80577CAA - ZwSetEventBoostPriority 00000230 0.00265313 221 0x00DD.[804E5C44] = 80652383 - ZwSetHighEventPair 00000231 0.00266235 222 0x00DE.[804E5C48] = 806522A3 - ZwSetHighWaitLowEventPair 00000232 0.00267185 223 0x00DF.[804E5C4C] = 80663D2B - ZwSetInformationDebugObject 00000233 0.00268135 224 0x00E0.[804E5C50] = 805841AD - ZwSetInformationFile 00000234 0.00269057 225 0x00E1.[804E5C54] = 805DE782 - ZwSetInformationJobObject 00000235 0.00269951 226 0x00E2.[804E5C58] = 80656FD6 - ZwSetInformationKey 00000236 0.00270872 227 0x00E3.[804E5C5C] = 8058AC51 - ZwSetInformationObject 00000237 0.00271766 228 0x00E4.[804E5C60] = 80575B1F - ZwSetInformationProcess 00000238 0.00272688 229 0x00E5.[804E5C64] = 80577ABD - ZwSetInformationThread 00000239 0.00273582 230 0x00E6.[804E5C68] = 805AE8D2 - ZwSetInformationToken 00000240 0.00274476 231 0x00E7.[804E5C6C] = 806525A3 - ZwSetIntervalProfile 00000241 0.00275370 232 0x00E8.[804E5C70] = 80577DF0 - ZwSetIoCompletion 00000242 0.00276236 233 0x00E9.[804E5C74] = 80637ADF - ZwSetLdtEntries 00000243 0.00277130 234 0x00EA.[804E5C78] = 80652317 - ZwSetLowEventPair 00000244 0.00278052 235 0x00EB.[804E5C7C] = 8065222F - ZwSetLowWaitHighEventPair 00000245 0.00279002 236 0x00EC.[804E5C80] = 80622FAB - ZwSetQuotaInformationFile 00000246 0.00279924 237 0x00ED.[804E5C84] = 8059FC29 - ZwSetSecurityObject 00000247 0.00280846 238 0x00EE.[804E5C88] = 80651C04 - ZwSetSystemEnvironmentValue 00000248 0.00281796 239 0x00EF.[804E5C8C] = 80651903 - ZwSetSystemEnvironmentValueEx 00000249 0.00282690 240 0x00F0.[804E5C90] = 805B3328 - ZwSetSystemInformation 00000250 0.00283611 241 0x00F1.[804E5C94] = 806710E7 - ZwSetSystemPowerState 00000251 0.00284505 242 0x00F2.[804E5C98] = 80650BD9 - ZwSetSystemTime 00000252 0.00285399 243 0x00F3.[804E5C9C] = 805EC0AA - ZwSetThreadExecutionState 00000253 0.00286293 244 0x00F4.[804E5CA0] = 804E8A35 - ZwSetTimer 00000254 0.00287215 245 0x00F5.[804E5CA4] = 805EC370 - ZwSetTimerResolution 00000255 0.00288109 246 0x00F6.[804E5CA8] = 805D633B - ZwSetUuidSeed 00000256 0.00289003 247 0x00F7.[804E5CAC] = 8057C4EF - ZwSetValueKey 00000257 0.00289925 248 0x00F8.[804E5CB0] = 806234E9 - ZwSetVolumeInformationFile 00000258 0.00290819 249 0x00F9.[804E5CB4] = 80650327 - ZwShutdownSystem 00000259 0.00291741 250 0x00FA.[804E5CB8] = 8051D3C9 - ZwSignalAndWaitForSingleObject 00000260 0.00292635 251 0x00FB.[804E5CBC] = 8065280E - ZwStartProfile 00000261 0.00293529 252 0x00FC.[804E5CC0] = 806529C7 - ZwStopProfile 00000262 0.00294423 253 0x00FD.[804E5CC4] = 80638B6B - ZwSuspendProcess 00000263 0.00295345 254 0x00FE.[804E5CC8] = 80638A87 - ZwSuspendThread 00000264 0.00296267 255 0x00FF.[804E5CCC] = 80652B27 - ZwSystemDebugControl 00000265 0.00297189 256 0x0100.[804E5CD0] = 80639499 - ZwTerminateJobObject 00000266 0.00298111 257 0x0101.[804E5CD4] = 8058F6B9 - ZwTerminateProcess 00000267 0.00299032 258 0x0102.[804E5CD8] = 80583DDA - ZwTerminateThread 00000268 0.00299898 259 0x0103.[804E5CDC] = 8058721F - ZwTestAlert 00000269 0.00300792 260 0x0104.[804E5CE0] = 8054AA70 - ZwTraceEvent 00000270 0.00301714 261 0x0105.[804E5CE4] = 80651953 - ZwTranslateFilePath 00000271 0.00302608 262 0x0106.[804E5CE8] = 80625BAC - ZwUnloadDriver 00000272 0.00303474 263 0x0107.[804E5CEC] = 80656B3A - ZwUnloadKey 00000273 0.00304368 264 0x0108.[804E5CF0] = 80656D6B - ZwUnloadKeyEx 00000274 0.00305262 265 0x0109.[804E5CF4] = 80595ED7 - ZwUnlockFile 00000275 0.00306184 266 0x010A.[804E5CF8] = 8063013B - ZwUnlockVirtualMemory 00000276 0.00307078 267 0x010B.[804E5CFC] = 8057B5A1 - ZwUnmapViewOfSection 00000277 0.00307944 268 0x010C.[804E5D00] = 805B5E66 - ZwVdmControl 00000278 0.00308866 269 0x010D.[804E5D04] = 80663A76 - ZwWaitForDebugEvent 00000279 0.00309788 270 0x010E.[804E5D08] = 8056FC49 - ZwWaitForMultipleObjects 00000280 0.00310710 271 0x010F.[804E5D0C] = 8056EF62 - ZwWaitForSingleObject 00000281 0.00311632 272 0x0110.[804E5D10] = 806521C3 - ZwWaitHighEventPair 00000282 0.00312526 273 0x0111.[804E5D14] = 80652157 - ZwWaitLowEventPair 00000283 0.00313392 274 0x0112.[804E5D18] = 8058442D - ZwWriteFile 00000284 0.00314314 275 0x0113.[804E5D1C] = 805D50AC - ZwWriteFileGather 00000285 0.00315236 276 0x0114.[804E5D20] = 80592765 - ZwWriteRequestData 00000286 0.00316157 277 0x0115.[804E5D24] = 805883F6 - ZwWriteVirtualMemory 00000287 0.00317051 278 0x0116.[804E5D28] = 80516ACF - ZwYieldExecution 00000288 0.00317973 279 0x0117.[804E5D2C] = 805CB1A2 - ZwCreateKeyedEvent 00000289 0.00318867 280 0x0118.[804E5D30] = 8058CA46 - ZwOpenKeyedEvent 00000290 0.00319789 281 0x0119.[804E5D34] = 80652F9B - ZwReleaseKeyedEvent 00000291 0.00320711 282 0x011A.[804E5D38] = 80653206 - ZwWaitForKeyedEvent 00000292 0.00321633 283 0x011B.[804E5D3C] = 80636377 - ZwQueryPortInformationProcess 00000293 0.00322471 SSDTShadow --> = [805634E0] = 804E58D0 00000294 0.00323309 pSSDTShadow_W32pST --> = [805634F0] = BF99E900 00000295 0.00323896 -->ServiceCounterTable = 0 00000296 0.00324455 -->NumberOfServices = 667 00000297 0.00325125 -->ParamTableBase = [BF99F610] 00000298 0.00326466 pSSDTShadow_W32pST_new --> = [BF99E900] = BF93AA5E E1156A68 offset = 122D8
o_testDriver1.png

转载于:https://www.cnblogs.com/nlsoft/archive/2013/04/02/2994628.html

signature=705a1743a1e325f85d76892fad06c474,yarn.lock
weixin_39661353的博客
05-30 3万+
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.# yarn lockfile v1"@apollographql/graphql-playground-html@^1.6.0":version "1.6.0"resolved "https://registry.yarnpkg.com/@apollographql/g...
热键小工具(myhotkey)
06-03
朋友用VB的一个热键工具,可以为你常用的程序手动添加热键进去,使用非常方便(没分下东西,传上来挣点分..原谅)
HotKey
cw312644167的博客
05-04 1210
热键控件,对应与我们长用的快捷键.我们可以设置不同的热键对应与不同的功能对热键进行设置时通过GetHotKey,里面接收两个参数的引用.第一个为设置的按键的虚拟键代码,第二个为按键组合的模式,具体情况可查阅MSND获取热键的具体数据之后要对该热键进行注册..里面的参数为窗口句柄,热键ID,热键组合模式.以及热键虚拟键代码 WORD wVk, wMod; m_HotKey.GetHot
Windows_GHotkey
07-26
有时后我们需要知道系统中哪些快捷键被占用了,比如在eclipse设置快捷键时,此程序方便获取系统被占用的快捷键
获取全局热键的软件GHotKeys
01-15
一个获取全局热键的软件 找了很久 说明: 你的系统中有多少个热键?到底是哪个程序用了Ctrl+Shfit+Z,让你不能打开QQ的消息窗口?我能不能用Win+Z来锁定电脑呢?这样的疑问虽然不是天天都有,但遇到了,你要不用GHotKeys 下载运行软件后,点击“GetHotKey”(获取热键)按钮,当前系统中的热键就会在“Key”(热键)下列出,其对应的“PATH”(路径)下列出了该热键的运行程序及保存路径,这样你就能马上发现了。   如果你想修改哪个热键就直接选中,然后将光标定位在“无”框中,按下修改的热键,点击“ModifyHotkey”(修改热键)按钮即可(见图)。经过卡巴斯基扫描----无毒
gothotkey173热键精灵
02-02
gothotkey173热键精灵
XueTr系统信息与手工杀毒软件全面功能解析
3. SSDT和相关系统表查看:XueTr提供SSDT系统服务描述表)、Shadow SSDTSSDT的备份)、FSD(文件系统驱动)、Keyboard、TCPIP、Classpnp、Atapi、Acpi、SCSI、Mouse、IDT(中断描述表)、GDT(全局描述符表)等...
PCHunter32位+64位.rar
11-19
1.ObjectType Hook检测和恢复 2.DPC定时器检测和删除 3.WorkerThread枚举 4.MBR Rootkit检测及其修复 5.Ndis中一些回调信息枚举 ...11.SSDTShadow SSDT、FSD、KBD、TCPIP、Classpnp、Atapi、Acpi、SCSI、I
【内核级】系统维护-手工工具
05-01
3.SSDTShadow SSDT、FSD、KBD、TCPIP、Classpnp、Atapi、Acpi、SCSI、IDT、GDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、...
XueTr工具:综合系统进程与内核模块管理器
- 通过SSDT系统服务描述表)Shadow、FSD(文件系统驱动)、KBD(键盘驱动)、TCPIP(TCP/IP协议栈)、IDT(中断描述表)等信息的查看,实现对底层系统服务的监控与维护。 3. **安全检测与恢复**: - 检测系统中...
icesword在nt6.x系统下的强大功能与使用指南
该工具提供了丰富的功能,例如查看和结束进程、线程、模块、内存、定时器和热键等信息,同时还能对系统底层结构如SSDT系统服务描述表)、Shadow SSDT、FSD(文件系统驱动)、以及其他核心组件进行检查和修复。...
hotkey.zip
03-30
C# 开发的WinForm程序,使用系统函数 RegisterHotKey和UnregisterHotKey实现的设置快捷键(自定义)及响应快捷键,支持Ctrl、Shift、Alt和字母键及F1-F12的组合设置,添加了控制代码,只响应当前窗口上的快捷键事件,对有需要的同学具有抛砖引玉的作用,希望能帮到大家。基础积分为2分,后续优快云可能会根据它所谓的算法强行修改我的积分; 注册快捷键:HotKey.RegisterHotKey(Handle,100, HotKey.KeyModifiers.Ctrl,Keys.D); 注销快捷键:HotKey.UnregisterHotKey(Handle, 100);
HotKey热键设置及修改方法
04-29
VS2005(C#)编的关于如何设置热键,以及对设置的热键进行修改,ctrl+a;ctrl+b为当前热键;修改后为ctrl+a;ctrl+c
获取系统热键链表windbg脚本 GetHotkeys windbg script
weixin_34072458的博客
04-05 98
textarea{ color:#203040; background-color:#EBF3FC; border:1px dashed #2f6fab; font-family:宋体; font-size:9pt; padding:0.2em;} pre{ color:#203040; background-color:#EBF3FC; border:1px dash...
VC热键控件(Hot Key Controls)
Barry的博客
04-06 2694
简介: 热键控件Hot Key Controls,是一个控件,就像IP控件一样,方便输入IP地址,同理,热键控件是方便输入热键的 这要和VC的热键区分开,举个例子,你开发的软件需要支持快捷键操作,而且用户可以自定义快捷键。 那么你的工作有两步: 第一步是有个界面,提供给用户设置自定义快捷键 第二步你获取到用户设置的快捷键,将此快捷键注册为热键,在程序中响应就可以了 本文介绍的h
Redis 使用 hotkeys 查看热点数据
面朝大海,春暖花开
03-01 1249
Redis 使用 hotkeys 查看热点数据 Redis 4.0.3中新增查看热点数据命令行,使用热点数据必须将内存策略修改为LFU算法 查看内存策略 dc-10:0>config get maxmemory-policy 1) "maxmemory-policy" 2) "noeviction" dc-10:0>object freq a "ERR An LFU maxmemory policy is not selected, access frequency not t
京东热点检测 HotKey 学习笔记
最新发布
weixin_43378120的博客
10-04 1814
个人学习京东 hotkey 项目的一些总结和经验,适用于初学阶段快速梳理项目框架。 源代码地址:https://gitee.com/jd-platform-opensource/hotkey
让程序获取热键的几种方法的实现
Joe_wang的专栏
06-20 1537
  1.通过api函数 GetAsyncKeyState来实现,这种方法最简单,只要用一个api函数即可实现,其效果取决于timer的interval取值,越小灵敏。不过这种方法可能耗费资源比较厉害。Private Sub Timer1_Timer()    If MyHotKey(vbKeyA) Then        MsgBox "收到热键vbKeyA的消息!"     
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值