windows 系列操作系统平台版本检测-windows os detect

Purpose Aim to setup a small system above the OS layer , implement the message queue of process or thread and simulate the function of watchdog used to detect the deadlock of the system. - introduction 1. Purpose Aim to setup a s

Many people do not realize the real danger from rootkit technology. One reason for this probably that publicly available rootkits for Windows OS are relatively easy to detect by conventional methods (i.e. memory scanning based). However, we can i

NT/2K provides a set of APIs, known as "Process Structure Routines" [2] exported by NTOSKRNL. One of these APIs PsSetCreateProcessNotifyRoutine() offers the ability to register system-wide callback function which is called by OS each time when a new