绕过Copy-On-Write机制安装全局Hook创建时间：2005-10-22文章属性：原创文章提交：Addylee (Addylee2004_at_163.com)Jeffrey Richter在他的<<widows核心编程>>一书中对Ring 3级的API Hook方法做了详细的介绍，但是一般的Ring 3无论是修改IAT，还是插入JMP XXX都将导致Copy-On-Write的发生，如果，要在系统范围内安装一个全局的Hook的话，就不得不枚举系统中所有进程，对所有进程中的相应模 块做同样的修改，这样以来，对系统性能，是有一定的负面影响的。另一方面，如果要做系统范围内的全局Hook的话，可以直接在Ring 0级通过Hook系统调，修改目标API的指令等方法实现。但是，代码在Ring 0的地址空间中，Ring 3环境下的程序无法直接调用。   由于Windows利用了PTE中的第9位用于Copy-On-Write机制。而Ring 3的代码无法访问PTE的，因此要绕过Copy-On-Write的话，该程序还是无法避免的要工作在Ring ...

HotKey collectionsnotepad++    ctrl+alt+shift+x : open in firefox    ctrl+alt+shift+i : open in IE    Ctrl-D               : 复制当前行    Ctrl-L                : 删除当前行    ...

网卡驱动－－内核数据包处理流程http://www.cublog.cn/u/2108/showart_223258.html

kernel thread Gearheads Written by Sreekrishnan Venkateswaran    Thursday, 15 September 2005 Threads are programming abstractions used in concurrent processing. A kernel thread is a way to implement background tasks inside the kernel. A background task can be busy handling asynchronous events or can be asleep, waiting for an event to occur. Kernel threads are similar to user processes, except that they live in kernel space and have access to kernel functions and data structures. Lik ...

Nothing is troublesome that we do willingly. Don’t let the evils which have never happened cost you pain. When angry, count to ten before you speak; if very angry, count to one hundred.

VIM教程（3）2007-01-19 11:03                            各种 set 功能说明autoindent(ai)自动缩排，也就是说如果本行是从第五个字元开始写的，您按 Enter后游标就会停在次行第五个字元处。预设是不打开的。autowrite(aw)档案一有更动就会自动存档。预设不打开。background(bg)    <vim 才有>可设成 dark 或 light，这是两种不同的 highlight 颜色设定，详见$VIMRUNTIME/syntax/synload.vim。不过您要更动颜色的设定，最好是设在 ~/.vimrc 或 ~/.gvimrc 中，原始档最好不要去动她。   &nb ...

Words Of Truth To the world you might be one person, but to one personyou might be the world. Going to church does not make you a Christian anymorethan going to McDonalds makes you a hamburger. Real friends are those who, when you feel you’ve madea fool of yourself, don’t feel you’ve done a permanent job. A coincidence is when God performs a miracle, and decidesto remain anonymous. Sometimes the majority only means that all the fools areon the same side. I don’t have to ...

A Creed To Live By By Nancye Sims Don’t undermine your worth by comparing yourself with others.It is because we are different that each of us is special. Don’t set your goals by what other people deem important.Only you know what is best for you. Don’t take for granted the things closest to your heart.Cling to them as you would your life, for without them life is meaningless. Don’t let your life slip through your fingers by living in the pastor for the future. By living your life ...

===July.1.2009===The Statue of Liberty has stood in New York Harbor for more than one hundred years. It was a gift from the people of France in eighteen eighty-four. Its full name is "Liberty Enlightening the World".The Statue of Liberty is forty-six meters tall from its base. It is made mostly of copper. Throughout history, images of liberty have been represented as a woman. The statue is sometimes called "Lady Liberty."The Statue of Liberty’s face was created to look like ...

1、 宽容 　　　　　　一只小猪、一只绵羊和一头乳牛，被关在同一个畜栏里。有一次，牧人捉住小猪，牠大声号叫，猛烈地抗拒。绵羊和乳牛讨厌牠的号叫，便说：「他常常捉我们，我们并不大呼小叫。小猪听了回答道：「捉你们和捉我完全是两回事，他捉你们，只是要你们的毛和乳汁，但是捉住我，却是要我的命呢! 　　　　立场不同、所处环境不同的人，很难了解对方的感受；因此对别人的失意、挫折、伤痛，不宜幸灾乐祸，而应要有关怀、了解的心情。要有宽容的心！ 　　　　2、 靠自己 　　　　　　小蜗牛问妈妈：为什么我们从生下来，就要背负这个又硬又重的壳呢？ 　　　　妈妈：因为我们的身体没有骨骼的支撑，只能爬，又爬不快。所以要这个壳的保护！ 　　　　小蜗牛：毛虫姊姊没有骨头，也爬不快，为什么她却不用背这个又硬又重的壳呢？ 　　　　妈妈：因为毛虫姊姊能变成蝴蝶，天空会保护她啊。 　　　　小蜗牛：可是蚯蚓弟弟也没骨头爬不快，也不会变成蝴蝶他什么不背这个又硬又重的壳呢？ 　　　　妈妈：因为蚯蚓弟弟会钻土, 大地会保护他啊。 　　　　小蜗牛哭了起来：我们好可怜，天空不保护，大地也不保护。 　　　　蜗牛妈妈安慰他：「所以我们有壳 ...