Undocumented Windows 2000 Secrets

In Undocumented Windows 2000 Secrets, Windows programming aficionado Sven B. Schreiber reveals numerous undocumented features of the Windows 2000 and NT 4.0 kernel—-secrets he has discovered through years of close examination and exploration. Much of this material is published here for the first time, most notably, the specification of the Microsoft PDB file format and the documentation of the system's core object structures. The author describes these features in depth, shows how to put them to work, and introduces expert techniques for writing high-quality system-level software.

You will find an introduction to the basic architecture of Windows 2000, a guide to setting up your workstation to explore the kernel, and an introduction to kernel-mode driver programming. Specific topics featured include the following:

• Using the Windows 2000 debugging interfaces
• Loading, parsing, and utilizing the Windows 2000 symbol files
• Foundations of the native API, including the Win32 Kernel-mode interface and the Windows 2000 Runtime Library
• Basics of kernel-mode driver development
• Windows 2000 system memory, including a sample memory spy device and a sample memory dump utility
• Hooking calls to the user-mode subset of the native API
• Calling kernel API functions from user-modeapplications
• Windows 2000 kernel objects, covering basic object structures and accessing live system objects

Each chapter incorporates sample code that demonstrates these functions in action and which can be reused by any programmer to give an immediate boost to their Windows programs. The accompanying CD contains the source code for all of the samples in the book, as well as compiled and linked binary builds. The CD also includes the Multi-Format Visual Disassembler by Jean-Louis Seigne and the PE and COFF File Viewer by Wayne Radburn. These programs are not just barebones applications but full-fledged debugging applications and libraries. The companion Web site, ...

Contents

Preface Ch. 1 Windows 2000 Debugging Support 1 Ch. 2 The Windows 2000 Native API 97 Ch. 3 Writing Kernel-Mode Drivers 125 Ch. 4 Exploring Windows 2000 Memory 167 Ch. 5 Monitoring Native API Calls 281 Ch. 6 Calling Kernel API Functions from User-Mode 349 Ch. 7 Windows 2000 Object Management 413 App. A Kernel Debugger Commands 467 App. B Kernel API Functions 481 App. C Constants, Enumerations, and Structures 527 Bibliography 571 Index 575