IRP MajorFunction

Analysis 2016.03.04 10:38 posted by muhan56

#define IRP_MJ_CREATE                   0x00

#define IRP_MJ_CREATE_NAMED_PIPE        0x01

#define IRP_MJ_CLOSE                    0x02

#define IRP_MJ_READ                     0x03

#define IRP_MJ_WRITE                    0x04

#define IRP_MJ_QUERY_INFORMATION        0x05

#define IRP_MJ_SET_INFORMATION          0x06

#define IRP_MJ_QUERY_EA                 0x07

#define IRP_MJ_SET_EA                   0x08

#define IRP_MJ_FLUSH_BUFFERS            0x09

#define IRP_MJ_QUERY_VOLUME_INFORMATION 0x0a

#define IRP_MJ_SET_VOLUME_INFORMATION   0x0b

#define IRP_MJ_DIRECTORY_CONTROL        0x0c

#define IRP_MJ_FILE_SYSTEM_CONTROL      0x0d

#define IRP_MJ_DEVICE_CONTROL           0x0e

#define IRP_MJ_INTERNAL_DEVICE_CONTROL  0x0f

#define IRP_MJ_SHUTDOWN                 0x10

#define IRP_MJ_LOCK_CONTROL             0x11

#define IRP_MJ_CLEANUP                  0x12

#define IRP_MJ_CREATE_MAILSLOT          0x13

#define IRP_MJ_QUERY_SECURITY           0x14

#define IRP_MJ_SET_SECURITY             0x15

#define IRP_MJ_POWER                    0x16

#define IRP_MJ_SYSTEM_CONTROL           0x17

#define IRP_MJ_DEVICE_CHANGE            0x18

#define IRP_MJ_QUERY_QUOTA              0x19

#define IRP_MJ_SET_QUOTA                0x1a

#define IRP_MJ_PNP                      0x1b

#define IRP_MJ_PNP_POWER                IRP_MJ_PNP      // Obsolete....

#define IRP_MJ_MAXIMUM_FUNCTION         0x1b

'Analysis' 카테고리의 다른 글

busybox mips 용  (0) 2016.11.02
qemu mips 디버깅  (0) 2016.09.22
IRP MajorFunction  (0) 2016.03.04
코드인젝션에 대해 잘 설명한 자료  (0) 2016.02.17
Context Struct (GetThreadContext, SetThreadContext)  (0) 2016.02.01
에러코드  (0) 2015.12.17

코드인젝션에 대해 잘 설명한 자료

Analysis 2016.02.17 19:46 posted by muhan56

https://www.blackhat.com/presentations/bh-usa-07/Butler_and_Kendall/Presentation/bh-usa-07-butler_and_kendall.pdf

'Analysis' 카테고리의 다른 글

qemu mips 디버깅  (0) 2016.09.22
IRP MajorFunction  (0) 2016.03.04
코드인젝션에 대해 잘 설명한 자료  (0) 2016.02.17
Context Struct (GetThreadContext, SetThreadContext)  (0) 2016.02.01
에러코드  (0) 2015.12.17
싱기방가한 ms-its  (0) 2015.06.30

typedef struct _CONTEXT

{

     ULONG ContextFlags;

     ULONG Dr0;

     ULONG Dr1;

     ULONG Dr2;

     ULONG Dr3;

     ULONG Dr6;

     ULONG Dr7;

     FLOATING_SAVE_AREA FloatSave;

     ULONG SegGs;

     ULONG SegFs;

     ULONG SegEs;

     ULONG SegDs;

     ULONG Edi;

     ULONG Esi;

     ULONG Ebx;

     ULONG Edx;

     ULONG Ecx;

     ULONG Eax;

     ULONG Ebp;

     ULONG Eip;

     ULONG SegCs;

     ULONG EFlags;

     ULONG Esp;

     ULONG SegSs;

     UCHAR ExtendedRegisters[512];

} CONTEXT, *PCONTEXT;


http://www.nirsoft.net/kernel_struct/vista/CONTEXT.html




http://www.nirsoft.net/kernel_struct/vista/index.html

'Analysis' 카테고리의 다른 글

IRP MajorFunction  (0) 2016.03.04
코드인젝션에 대해 잘 설명한 자료  (0) 2016.02.17
Context Struct (GetThreadContext, SetThreadContext)  (0) 2016.02.01
에러코드  (0) 2015.12.17
싱기방가한 ms-its  (0) 2015.06.30
DllShell v1.3  (0) 2015.04.01