图书介绍

Windows NT/2000本机API参考手册PDF|Epub|txt|kindle电子书版本网盘下载

（美）Gary Nebbett著；齐舒创作室译著
出版社：北京：机械工业出版社
ISBN：7111088344
出版时间：2001
标注页数：485页
文件大小：89MB
文件页数：508页
主题词：

PDF下载

点此进入-本书在线PDF格式电子书下载【推荐-云解压-方便快捷】直接下载PDF格式图书。移动端-PC端通用
种子下载[BT下载速度快]温馨提示：（请使用BT下载软件FDM进行下载）软件下载地址页直链下载[便捷但速度慢] [在线试读本书] [在线获取解压码]

点击复制MD5值：ef5761eaed7abe17e3ead6d8e962df05

下载说明

Windows NT/2000本机API参考手册PDF格式电子书版下载

下载的文件为RAR压缩包。需要使用解压软件进行解压得到PDF格式图书。

点击复制85GB完整离线版磁力链接到迅雷FDM等BT下载工具进行下载详情点击-查看共享计划

建议使用BT下载工具Free Download Manager进行下载,简称FDM(免费,没有广告,支持多平台）。本站资源全部打包为BT种子。所以需要使用专业的BT下载软件进行下载。如BitComet qBittorrent uTorrent等BT下载工具。迅雷目前由于本站不是热门资源。不推荐使用！后期资源热门了。安装了迅雷也可以迅雷进行下载！

（文件页数要大于标注页数，上中下等多册电子书除外）

注意：本站所有压缩包均有解压码： 点击下载压缩包解压工具

图书目录

第1章系统信息和控制1

ZwQuerySystemInformation1

ZwSetSystemInformation2

SYSTEM_INFORMATION_CLASS3

SystemBasicInformation4

SystemProcessorInformation5

SystemPerformanceInformation6

SystemTimeOfDayInformation12

SystemProcessesAndThreadsInformation13

SystemCallCounts17

SystemConfigurationInformation18

SystemProcessorTimes18

SystemGlobalFlag19

SystemModuleInformation20

SystemLockInformation21

SystemHandleInformation22

SystemObjectInformation23

SystemPagefileInformation25

SystemInstructionEmulationCounts26

SystemCacheInformation27

SystemPoolTagInformation28

SystemProcessorStatistics29

SystemDpcInformation29

SystemLoadImage30

SystemUnloadImage31

SystemTimeAdjustment31

SystemCrashDumpInformation32

SystemExceptionInformation32

SystemCrashDumpStateInformation33

SystemKemelDebuggerInformation33

SystemContextSwitchInformation34

SystemRegistryQuotaInformation34

SystemPrioritySeparation35

SystemLoadAndCallImage35

SystemTimeZoneInformation36

SystemLockasideInformation37

SystemSetTimeSlipEvent38

SystemCreateSession38

SystemDeleteSession39

SystemRangeStartInformation39

SystemVerifierInformation39

SystemAddVerifier40

SystemSessionProcessesInformation40

SystemPoolBlocksInformation40

SystemMemoryUsageInformation42

例子1．1：一个不完整的ToolHelp库的实现43

例子1．2：列出一个打开进程的句柄47

ZwQuerySystemEnvironmentValue49

ZwSetSystemEnvironmentValue50

ZwShutdownSystem51

ZwSystemDebugControl52

例子1．3：设置内部断点56

例子1．4：得到跟踪信息58

第2章对象、对象目录和符号链接60

OBJECT_ATTRIBUTES60

ZwQueryObject62

ZwSetInformationoObject63

OBJECT_INFORMATION_CLASS64

ObjectBasicInformation64

ObjectNameInformation65

ObjectTypeInformation66

ObjectAllTypesInformation67

ObjectHandleInformation68

ZwDuplicateObject68

ZwMakeTemporaryObject69

ZwCIose70

例子2．1：列出一个打开进程的句柄71

ZwQuerySecurityObject72

ZwSetSecurityObject74

ZwCreateDirectoryObject75

ZwOpenDirectoryObject76

ZwQueryDirectoryObject77

ZwCreateSymbolicLinkObject78

ZwOpenSymbolicLinkObject79

ZwQuerySymbolicLinkObject80

第3章虚拟内存82

ZwAllocateVirtualMemory82

ZwFreeVirtualMemory83

zwQueryVirtualMemory84

MEMORY_INFORMATION_CLASS86

MemoryBasicInformation86

MemoryWorkingSetList87

ZwLockVirtualMemory88

MemorySectionName88

ZwUnlockVirtualMemory89

ZwReadVirtualMemory90

ZwWriteVirtualMemory91

ZwProtectVirtualMemory92

ZwFlushVirtualMemory94

ZwAllocateUserPhysicalPages95

ZwFreeUserPhysicalPages96

ZwMapUserPhysicalPages96

ZwMapUserPhysicalPagesScatter97

ZwGetWriteWatch98

ZwResetWriteWatch99

第4章区段101

ZwCreateSection101

ZwOpenSection103

ZwQuerySection104

SectionBasicInformation105

SECTION_INFORMATION_CLASS105

SectionImageInformation106

ZwExtendSection107

ZwMapViewOfSection108

ZwUnmapViewOfSection110

ZwAreMappedFilesTheSame110

第5章线程112

ZwCreateThread112

ZwOpenThread114

ZwTerminateThread115

ZwQueryInformationThread116

ZwSetInformationThread117

THREADINFOCLASS118

ThreadBasicInformation119

ThreadEnableAlignmentFaultFixup120

ThreadImpersonationToken120

ThreadAffinityMask120

ThreadPriority120

ThreadBasePriority120

ThreadEventPair121

ThreadQuerySetWin32StartAddress121

ThreadZeroTlsCell121

ThreadPerformanceCount121

ThreadIsIoPending122

ZwSuspendThread122

ThreadHideFromDebugger122

ThreadPriorityBoost122

ThreadSetTlsArrayAddress122

ThreadIdealProcessor122

ThreadAmlLastThread122

ZwResumeThread123

ZwGetContextThread124

ZwSetContextThread125

ZwQueueApcThread125

ZwAlertThread127

ZwTestAlert127

ZwAlertResumeThread128

ZwRegisterThreadTerminatePort129

ZwImpersonateThread129

ZwImpersonateAnonymousToken130

第6章进程132

ZwCreateProcess132

ZwOpenProcess134

ZwTerminateProcess135

ZwQueryInformationProcess136

ZwSetInformationProcess137

PROCESSINFOCLASS138

ProeessBasicInformation139

ProcessQuotaLimits140

ProcessIoCounters140

ProcessVmCounters141

ProcessTimes142

ProcessBasePriority143

ProeessRaisePriority143

ProcessDebugPort143

ProcessExceptionPort143

ProcessAccessToken144

ProcessDefaultHardErrorMode144

ProcessPooledUsageAndLimits144

ProcessWorkingSetWatch145

ProcessUserModeIOPL146

ProcessEnableAlignmentFaultFixup146

ProcessPriorityClass146

ProcessWx86Information147

ProcessHandleCount147

ProcessAffinityMask147

ProcessPriorityBoost147

ProcessDeviceMap147

ProcessSessionInformation148

ProcessForegroundInformation149

ProeessWow64Information149

RtlCreateProcessParameters149

RtlDestroyProcessParameters150

PROCESS_PARAMETERS151

RtlCreateQueryDebugBuffer154

RtlQueryProcessDebugInformation154

RtlDestroyQueryDebugBuffer155

DEBUC_BUFFER156

DEBUG_MODULE_INFORMATION157

DEBUG_HEAP_INTORMATION158

DEBUG_LOCK_INFORMATION159

例子6．1：分叉一个Win32进程160

例子6．2：创建一个Win32进程164

例子6．3：使用RtlQueryProcessDebugInformatioton实现拓展ToolHelp库168

ZwCreateJobObject175

第7章作业175

ZwOpenJobObject176

ZwTerminateJobObject177

ZwAssignProcessToJobObject177

ZwQueryInformationJobObject178

ZwSetInformationJobObject179

JOBOBJECTINFOCIASS180

JobObjectBasicAccountingInformation180

JobObjectBasicLimitInformation181

JobObjectBasicProessIdList183

JobObjectBasicUIRestrictions184

JobObjectSecurityLimitInformation184

JobObjectEndOfJobTimeInformation185

JobObjectAssociateCompletionPortInformation186

JobObjectBasicAndIoAccountingInformation187

JobObjectExtendedLimitInformation187

第8章标记(Token)189

ZwCreateToken189

ZwOpenProeessToken191

ZwOpenThreadToken192

ZwDuplicateToken193

ZwFilterToken195

ZwAdjustPrivilegesToken196

ZwAdjustGroupsToken197

ZwQueryInformationToken198

ZwSetInformationToken199

TOKEN_INFORMATION_CLASS200

TokenUser200

TokenGroups和TokenRestrictedSids201

TokenPrivileges201

TokenOwner202

TokenPrimaryGroup202

TokenDefaultDacl202

TokenImpersonationLevel203

TokenStatistics203

TokenType203

TokenSource203

TokenSessionId205

例子8．1：为SYSTEM用户创建一个命令窗口205

第9章同步207

ZwWaitForSingleObject207

ZwSignalAndWaitForSingleObject208

ZwWaitForMultipleObjects209

ZwCreateTimer210

ZwOpenTimer211

ZwCancelTimer212

ZwSetTimer213

ZwQueryTimer214

TIMER_INFORMATION_CLASS215

TimeBasicInformation215

ZwCreateEvent215

ZwSetEvent217

ZwOpenEvent217

ZwPulseEvent218

ZwResetEvent219

ZwClearEvent220

ZwQueryEvent220

EVENT_INFORMATION_CLASS221

EventBasicInformation221

ZwCreateSemaphore222

ZwOpenSemaphore223

ZwReleaseSemaphore224

ZwQuerySemaphore224

SEMAPHORE_INFORMATION_CLASS225

SemaphoreBasicInformation226

ZwCreateMutant226

ZwOpenMutant227

ZwReleaseMutant228

ZwQueryMutant228

MUTANT_INFORMATION_CLASS229

ZwCreateIoCompletion230

MutantBasicInformation230

ZwOpenIoCompletion231

ZwSetIoCompletion232

ZwRemoveIoCompletion233

ZwQueryIoCompletion234

IoCompletionBasicInformation235

ZwCreateEventPair235

IO_COMPLETION_INFORMATION_CLASS235

ZwOpenEventPair236

ZwWaitLowEventPair237

ZwWaitHighEventPair238

ZwSetLowWaitHighEventPair238

ZwSetHighWaitLowEventPair239

ZwSetLowEventPair240

ZwSetHighEventPair240

ZwSetSystemTime242

第10章时间242

ZwQuerySystemTime242

ZwQueryPerformanceCounter243

ZwSetTimerResolution244

ZwQueryTimerResolution245

ZwDelayExecution245

ZwYieldExecution246

ZwGetTickCount246

第11章执行配置248

KPROFTLE_SOURCE248

ZwCreateProfile248

ZwSetIntervalProfile249

ZwQueryIntervalProfile250

ZwStartProfile251

ZwStopProfile251

例子11．1∶配置内核252

PORT_MESSAGE256

第12章端口(局部过程调用)256

PORT_SECTION_WRITE257

PORT_SECTION_READ258

ZwCreatePort259

ZwCreateWaitablePort260

ZwConnectPort261

ZwSecureConnectPort262

ZwListenPort263

ZwAcceptConnectPort264

ZwCompleteConnectPort265

ZwRequestPort266

ZwRequestWaitReplyPort266

ZwReplyPort267

ZwReplyWaitReplyPort268

ZwReplyWaitReceivePort268

ZwReplyWaitReceivePortEx269

ZwReadRequestData270

ZwWriteRequestData271

ZwQueryInformationPort272

PORT_INFORMATION_CLASS273

PortBasicInformation273

ZwImpersonateClientOfPort274

例子12．1∶连接到一个命名端口274

第13章文件278

ZwCreateFile278

ZwOpenFile281

ZwDeleteFile284

ZwFlushBuffersFile284

ZwCancelIoFile285

ZwReadFile286

ZwWriteFile287

ZwReadFileScatter288

ZwWriteFileGather290

ZwLockFile291

ZwUnlockFile293

ZwDeviceIoControlFile294

ZwFsControlFile295

ZwNotifyChangeDirectoryFile297

FILE_NOTIFY_INFORMATION298

ZwQueryEaFile299

ZwSetEaFile300

FILE_FULL_EA_INFORMATION301

FILE_GET_EA_INFORMATION302

ZwCreateNamedPipeFile302

ZwCreateMailslotFile305

ZwQueryVolumeInformationFile306

ZwSetVolumeInformationFile307

FS_INFORMATION_CIASS308

FileFsVolumeInformation309

FileFsLabelInformation309

FileFsDeviceInformation310

FileFsSizeInformation310

FileFsAttributeInformation311

FileFsControlInformation312

FileFsFullSizeInformation312

FileFsObjectIdInformation313

ZwQueryQuotaInformationFile313

ZwSetQuotaInformationFile315

FILE_USER_QUOTA_INFORMATION316

FILE_QUOTA_LIST_INFORMATION316

ZwQueryAttributesFile317

ZwQueryFullAttributesFile318

ZwQueryInformationFile318

ZwSetInformationFile319

ZwQueryDirectoryFile320

ZwQueryOleDirectoryFile322

FileDirectoryInformation324

FILE_INFORMATION_CLASS324

FileFullDirectoryInformation326

FileBothDirectoryInformation328

FileBasicInformation329

FileStandardInformation330

FileInternalInformation331

FileEalnformation331

FileRenameInformation和FileLinkInformation332

FileNameInformation332

FileAccessInformation332

FileNamesInformation333

FileDispositionInformation334

FilePositionInformtion334

FileModeInformation334

FileAlignmentInformation335

FileAllInformation335

FileEndOfFileInformation336

FileStreamInformation336

FileAllocationInformation336

FilePipeInformation337

FilePipeLocalInformation337

FilePipeRemoteInformation338

FileMailslotQueryInformation339

FileMailslotSetInformation339

FileCompressionInformation340

FileQuotaInformation341

FileReparsePointInformation341

FileCompletionInformation341

FileMoveClusterInformation341

FileObjectIdInformation341

FileNetworkOpenInformation342

FileAttributeTagInformation343

例子13．1∶通过文件标识符打开一个文件344

第14章注册表关键项345

ZwCreateKey345

ZwOpenKey346

ZwDeleteKey347

ZwFlushKey348

ZwSaveKey349

ZwSaveMergedKey349

ZwRestoreKey350

ZwLoadKey351

ZwLoadKey2352

ZwQueryOpenSubKeys353

ZwUnloadKey353

ZwReplaceKey354

ZwSetInformationKey355

KEY_SET_INFORMATION_CLASS356

KeyLastWriteTimeInformation356

ZwQueryKey356

ZwEnumerateKey357

KEY_INFORMATION_CLASS358

KeyNodeInformation359

KeyBasicInformation359

KeyFullInformation360

KeyNameInformation361

ZwNotifyChangeKey361

ZwNotifyChangeMultipleKeys363

ZwDeleteValueKey365

ZwSetValueKey366

ZwQueryValueKey367

ZwEnumerateValueKey368

KEY_VALUE_INFORMATION_CLASS369

KeyValueBasicInformation369

KeyValueFullInformation和KeyValueFullInformationAlign64370

KeyValuePartialInformation371

ZwQueryMultipleValueKey372

KEY_VALUE_ENTRY373

ZwInitializeRegistry374

ZwPrivilegeObjectAuditAlarm375

ZwPrivilegeCheck375

第15章安全性和审计375

ZwPrivilegedServiceAuditAlarm377

ZwAccessCheck378

ZwAccessCheckAndAuditAlarm379

ZwAccessCheckByType380

ZwAccessCheckByTypeAndAuditAlarm382

ZwAccessCheckByTypeResultList384

ZwAccessCheckByTypeResultListAndAuditAlarm386

ZwAccessCheckByteResultListAndAuditAlarmByHandle388

ZwOpenObjectAuditAlarm390

ZwCloseObjectAuditAlarm392

ZwDeleteObjectAuditAlarm392

第16章即插即用和电源管理394

ZwRequestWakeupLatency394

ZwRequestDeviceWakeup394

ZwCancelDeviceWakeupRequest395

ZwSetThreadExecutionState396

ZwIsSystemResumeAutomatic396

ZwGetDevicePowerState397

ZwSetSystemPowerState398

ZwInitiatePowerAction399

ZwPowerInformation401

POWER_INFORMATION_LEVEL402

SystemPowerPolicyAc,SystemPowerPolicDc,SystemPowerPolicyCurrent402

SystemPowerCapabilities403

SystemBatteryState404

SystemPowerStateHandler404

ProcessorStateHandler404

AdministratorPowerPolicy404

ProcessorInformation405

SystemPowerInformation405

ZwPlugPlayControl405

ZwGetPlugPlayEvent406

ZwRaiseException408

第17章其他系统服务408

ZwContinue409

ZwW32Call409

ZwCallbackReturn411

ZwSetLowWaitHighThread412

ZwSetHighWaitLowThread412

ZwLoadDriver413

ZwUnloadDriver414

ZwFlushInstructionCache414

ZwFlushWriteBuffer415

ZwQueryDefaultLocale416

ZsSetDefaultLocale416

ZwQueryDefaultUILanguage417

ZwSetDefaultUILanguage418

ZwQueryInstallUILanguage418

ZwAllocateUuids419

ZwAllocateLocallyUniqueId419

ZwSetUuidSeed420

ZwRaiseHardError421

ZwSetDefaultHardErrorPort422

ZwDisplayString423

ZwCreatePagingFile424

ZwAddAtom424

ZwFindAtom425

ZwDeleteAtom426

ZwQueryInformationAtom427

ATOM_INFORMATION_CLASS428

AtomBasicInformation428

AtomListInformation428

ZwSetLdtEntries429

ZwVdmControl429

Unimplemented System Services430

附录A 从内核模式调用系统服务431

例子A．1：重新实现NtQueryEvent434

例子A．2：动态粘接到ntdll.dl435

附录B 内核模式具体针对Intel平台的入口点438

KiTrap03438

KiTrap04438

KiGetTickCount438

KiCallbackReturn439

KiSetLowWaitHighThread439

KiDebugService439

KiSystemService439

附录C 异常和调试441

例子C．1：KiDispatchException的伪代码441

例子C．2：KiUserExceptionDispatcher的伪代码443

内核调试器444

例子C．3：DebugService的伪代码444

DEBU_MESSAGE445

用户模式调试器445

调试消息路由446

由路由进程添加的值447

OutputDebugString447

跟踪对DLL所导出的例程的调用447

例子C．4：跟踪实用程序447

附录D 取NTFS盘上结构460

NTFS_RECORD_HEADER460

FILE_RECORD_HEADER461

ATTRLBUTE462

RESIDENT_ATTRIBUTE463

NONRESIDENT_ATTRIBUTE464

AttributeStandardInformation465

AttributeAttributeList467

AttributeFileName468

AttributeObjectId469

AttributeVolumeInformation470

AttributeSecurityDescriptor470

AttributeVolumeName470

AttributeData471

AttributeIndexBoot471

AttributeIndexAllocation471

DIRECTORY_INDEX472

DIRECTORY_ENTRY472

AttributeBitmap473

AttributeReparsePoint473

AttributeEAInformation474

AttributeEA474

AttributePropertySet475

AttributeLoggedUtilityStream475

特殊文件475

从被删除的文件恢复数据478

例子D．1：从一个文件恢复数据478

例子D．2：对被恢复的数据解压缩484