How to Get the WDK (repalce the old DDK)

http://www.microsoft.com/whdc/DevTools/WDK/WDKpkg.mspx

How to remove .inf files from the system

http://support.microsoft.com/kb/813449

虚拟打印的实现-DDK部分

http://www.cppblog.com/iniwf/archive/2009/03/24/77009.html#77777

Windows network driver (NDIS)

XP, 2003:
http://msdn.microsoft.com/en-us/library/aa505001.aspx

Convert virtual addr to physical addr by using WinDbg

http://msdn.microsoft.com/en-us/library/cc267483.aspx

about physical_address:
http://www.hex.cn/WordPress/index.php/2009/02/wince%E4%B8%8B%E8%AE%BF%E9%97%AE%E7%89%A9%E7%90%86%E5%86%85%E5%AD%98%E7%A8%8B%E5%BA%8F/

To find out the meaning of symbols in the System.map

man nm

Writing windows device drivers

http://forum.eviloctal.com/redirect.php?tid=20389&goto=lastpost
http://www.osronline.com/article.cfm?article=20#Q12
http://www.catch22.net/tuts/kernel101 (includes a driver loader)
http://www.adp-gmbh.ch/win/misc/writing_devicedriver.html

about "error 'jvc' is not recognized as an internal or external command"
The source folder cannot contain spaces.
http://www.codeguru.com/forum/archive/index.php/t-351274.html
http://www.tech-archive.net/Archive/Development/microsoft.public.development.device.drivers/2004-03/0736.html

Windows rootkti blogs

MJ001:

http://hi.baidu.com/mj0011

SUDAMI:

http://hi.baidu.com/sudami/blog/item/5ba21ceeb495a6fcb3fb9552.html

Tophet:

http://forum.eviloctal.com/thread-34574-1-1.html

http://www.harmonysecurity.com/blog/labels/Exploitation.html

WINDOW PE format

Under the hood:

http://msdn.microsoft.com/en-us/magazine/ms809762.aspx

read here: Section table.

http://msdn.microsoft.com/en-us/magazine/bb985992.aspx
http://msdn.microsoft.com/en-us/magazine/cc301808.aspx

Others:
http://sec.chinabyte.com/418/8918418.shtml

http://blog.sina.com.cn/s/blog_515d153e0100dr3o.html###

http://book.51cto.com/art/200904/120994.htm

IDT FOR WINDOWS, _KPCR etc.

http://blog.csdn.net/imquestion/archive/2003/11/14/16432.aspx
http://bbs.pediy.com/showthread.php?t=75617
http://bbs.pediy.com/showthread.php?p=641084
http://forum.eviloctal.com/thread-31594-1-1.html

Linux driver code for Hyper-V

http://port25.technet.com/archive/2009/07/20/the-hyper-v-linux-integration-components.aspx

BIOS and SMM

Bios forum:
http://www.biosren.com/
http://www.ufoit.com/bbs/

SMM:
http://topic.csdn.net/u/20090501/18/7d60cd3e-b815-4193-a333-ffccfa4298fe.html
http://www.rootkit.com/vault/chpie/chpie_smm_sniff.zip
http://www.rootkit.com/vault/chpie/chpie_smm_keysniff_ENG.pdf
http://bbs.cqvip.com/html/40/532333.shtml
http://phrack.org/issues.html?issue=66&id=11#article
http://bbs.pediy.com/showthread.php?t=84835

svn tutorial

http://artis.imag.fr/~Xavier.Decoret/resources/svn/index.html

Windows client:
http://tortoisesvn.net/downloads

Examine history:

http://svnbook.red-bean.com/en/1.1/ch03s06.html

Install Bochs on CentOS 5 from src

0. Install similar package as qemu, Download src from bochs.sourceforge.net
1. yum install gcc-c++ libXpm-devel
2. ./.conf.linux (./configure reports some error but .conf.linux works)
3. make
4. make install

Install QEMU on CentOS 5.3 from src

0. download qemu from qemu.org.
tar xzf qemu-0.10.5.tar.gz
1. Download zlib from http://www.zlib.net
tar xzf zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure
make
make install
2. Install SDL develop lib
yum install SDL-devel
3. cd qemu-0.10.5
./configure
make
make install

VM in VM: QEMU, Xen, VMware ESXi and HyperV

I am trying to test some virtualization technologies. I don't want to install them on the real hardware directly. It is hard to change and maintain. So I want to install a VM in another VM. Following is a short summary:

----------------------------------Xen------------ Hyper-V--------- VMware ESX i
Underlying virtualization:
QEMU 0.10.5 -----------------\/--------------- X-------------------------- X
Virtual Box 3 ------------------?-----------------X-------------------------- X
VMware WS 6.5 --------------\/----------------?---------------------------- \/

It means Xen can run in a QEMU VM, but hyper-v and ESXi cannot run on current QEMU.

Install Hyper-V

Server core:
http://blogs.msdn.com/virtual_pc_guy/archive/2007/12/26/installing-the-hyper-v-beta-in-a-core-configuration.aspx
http://rickyfang.blog.51cto.com/1213/125167

Hyper-V manager:
http://go.microsoft.com/fwlink/?LinkId=122188
http://technet.microsoft.com/en-us/library/cc512503(WS.10).aspx

Develop GPL VMware ESXi drivers

http://open-vdrivers.wiki.sourceforge.net/Getting_Started

Install VMware ESXi in a VMware workstaion VM

http://wangchunhai.blog.51cto.com/225186/91400
http://wangchunhai.blog.51cto.com/225186/127783
http://wangchunhai.blog.51cto.com/225186/104710

Hyper-V architecture

http://msdn.microsoft.com/en-us/library/cc768520.aspx

Installing HyperV in QEMU VM.

fig 1


1. Use this cmd:


qemu-system-x86_64 -cdrom GRIC1HVxFRE1_DVD.iso -hda win2k8-2.img -m 2047 -boot d -no-kqemu -vga std

got BSOD in fig1. This happend when it lets the user choose the language.
Check the error code from here: http://msdn.microsoft.com/en-us/library/ms793648.aspx
It means: 1E is the error code of KeBugCheckEx(). The four parameters is defined in the above link. The exception code is 0xffffffffc0000005. It means access deny. The address of the exception occured is the second parameter: 0xFFFFF80010c1c3DE. The address that the driver attemps to access is the fourth parameter: 0xfffffffffffffff. It seems a serious problem.

2. Then I used this cmd:

qemu-system-x86_64 -cdrom GRIC1HVxFRE1_DVD.iso -hda win2k8-2.img -m 2047 -boot d -no-kqemu

Got BSOD in fig2. This happend when it lets the user choose the language.

Check the error code again.

It is here: http://msdn.microsoft.com/en-us/library/ms795930.aspx

Windows Driver Kit: Driver Development Tools
Bug Check 0xD1: DRIVER_IRQL_NOT_LESS_OR_EQUAL

The DRIVER_IRQL_NOT_LESS_OR_EQUAL bug check has a value of 0x000000D1. This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

3. Then I used this cmd:
qemu-system-x86_64 -cdrom GRIC1HVxFRE1_DVD.iso -hda win2k8-2.img -m 2047 -boot d -no-kqemu -vga vmware
Got BSOD in fig3. This happend when it lets the user choose the language.

4. On qemu 0.9.1 on Windows, cmd:

qemu-system-x86_64.exe -L . -hda win2k8.img -m 1024 -M pc -soundhw all -localtime -cdrom GRC1HVxFRE1_DVD.iso -boot d

Got BSOD in fig 4.

5. On qemu 0.10.5, CentOS 5.3 , cmd:

qemu-system-x86_64 -cdrom GRIC1HVxFRE1_DVD.iso -hda win2k8.img -m 2047 -boot d -no-kqemu

Got BSOD in fig 5.

Discussions about hyper-v:

http://lists.gnu.org/archive/html/qemu-devel/2009-01/msg01831.html

Install WIN 2008 and x64 on QEMU

2003 x64
http://qemu-forum.ipi.fi/viewtopic.php?f=9&t=4906

win2008
http://qemu-forum.ipi.fi/viewtopic.php?f=9&t=5052

qemu all the verisons for download

http://ftp.riken.go.jp/pub/FreeBSD/distfiles/qemu/

《软件安全》电子期刊

http://www.sinoit.org.cn/

Using STREAM benchmark on CentOS 5

1. Download binary from here:
http://www.cs.virginia.edu/stream/ref.html#start
2. chomd +x stream_l
3. Download libstdc++-lib and install it:
http://rpm.pbone.net/index.php3/stat/4/idpl/8076489/com/compat-libstdc++-296-2.96-138.i386.rpm.html
4. Since stream_l is linked with a old version of the libstdc++-lib, we have to "fake" one:
ln -s libstdc++-3-libc6.2-2-2.10.0.so libstdc++-libc6.0-1.so.2
5. ./stream_l 2400 20

Cross platform compiling

windows service for unix:
http://technet.microsoft.com/en-us/library/bb463212.aspx
cmake: (free)
http://www.cmake.org/cmake/help/runningcmake.html
http://www.mangoscn.com/thread-30209-1-1.html
Magic C++ ($$$)
http://www.magicunix.com/install_guide_ch_v2.5.htm