fruitfoxlu.blogspot.com
Lu Chien-Hua's Blog: 7/1/07 - 8/1/07
http://fruitfoxlu.blogspot.com/2007_07_01_archive.html
Tuesday, July 17, 2007. 其實不作菜的話,時間也是拿去上網打電動花掉了。還不如拿來學習作菜燒飯,自我成長。 Posted by Royce Lu. Links to this post. Friday, July 13, 2007. 昨天太忙了,沒有時間寫。 昨天的便當菜有小k煮的花耶菜 地瓜飯,一片火腿跟一片起司,然後飯上面加上海苔醬 蒸便當的時候起司跟海苔醬就會黏在一起,還滿好吃的 今天的便當有牛肉,不過吃起來很像排骨肉@ @ 還有小k煮的萵苣,再配上地瓜飯 家裡面昨天晚上有煮玉米濃湯 其實只是買個康寶濃湯加個蛋而已 最近在公司裡比較忙,但是還是堅持三餐都是我們自己弄 像昨天晚上九點才到家,小k更晚。 自己弄的成就感真的不錯 對於煮飯也覺得不是那麼困難的事情了. Posted by Royce Lu. Links to this post. Wednesday, July 11, 2007. Posted by Royce Lu. Links to this post. Tuesday, July 10, 2007. Posted by Royce Lu. Links to t...
fruitfoxlu.blogspot.com
Lu Chien-Hua's Blog: 2/1/09 - 3/1/09
http://fruitfoxlu.blogspot.com/2009_02_01_archive.html
Saturday, February 28, 2009. Nt Insider : 常用的Windbg技巧(2). 相關知識: Windows知識, Windbg指令, Windows Kernel Driver, Live Debug, PE格式 , x86 assembly. 原文連結 : Debugging Techniques: Take one.Give one. 這是一個相當實用的偵錯技巧。舉個例子,現在我們正在練習寫一支很基本的Driver,做的事情很簡單,不過只是在 DriverEntry. 去C:底下讀個檔。但是不知怎麼了,每次讀檔都會失敗。如果想要把中斷點下在ZwCreateFile,那可以說很難達到偵錯的效果,因為這個系統函式實在是太常、太容易被呼叫了。那該怎麼用Windbg解決這件問題呢? 65292;PE格式裡面有個Table可以派上用場:Import Address Table,簡稱 IAT. Call dword ptr [BasicDriver! Kd dps f79cd004 L1 f79cd004 804ff08c nt! Kd ba r4 f79cd004.
fruitfoxlu.blogspot.com
Lu Chien-Hua's Blog: 1/1/08 - 2/1/08
http://fruitfoxlu.blogspot.com/2008_01_01_archive.html
Monday, January 28, 2008. Posted by Royce Lu. Links to this post. Tuesday, January 1, 2008. 之前試用過禹鴻的FX33,輕薄短小的機身留下深刻印象。前陣子跟同事去台東玩,感覺沒有一台相機在手很不方便,於是就打算跟女友合購入兩人的第一台DC。 2008年的一月一號,敗家行動終於展開了。原本計畫要手入FX33,但是看到FX55的3吋液晶螢幕,我就投降了。我對攝影一竅不通,只知道畫素越大好像越不錯,其他的名詞都不懂。所以要求很簡單,而FX55也讓我跟女友很滿意。 首先就是要防手震!之前跟別人借相機去東京,為了拍地鐵車票重試了不下數十次,就因為一手拿車票一手拿相機會抖。接著就是外型,FX55 時髦的黑色讓人越看越喜歡,機身還算輕薄&#...運行中的捷運,拍攝車窗外。防手震效果令人滿意。 2G SD 機套 第二個電池:1300. Posted by Royce Lu. Links to this post. Subscribe to: Posts (Atom). View my complete profile.
fruitfoxlu.blogspot.com
Lu Chien-Hua's Blog: 9/1/09 - 10/1/09
http://fruitfoxlu.blogspot.com/2009_09_01_archive.html
Friday, September 4, 2009. 加油,相信你會發展的很好. :). Posted by Royce Lu. Links to this post. Subscribe to: Posts (Atom). Know something about PC endpoint anti-malware and Kernel programming and art of the vulnerability exploitation. View my complete profile.
fruitfoxlu.blogspot.com
Lu Chien-Hua's Blog: Understanding oplock and avoid sharing violation
http://fruitfoxlu.blogspot.com/2010/03/understanding-oplock-and-avoid-sharing.html
Sunday, March 28, 2010. Understanding oplock and avoid sharing violation. Opportunistic locking (oplock) is a cache coherence protocol. General relations between Local FSD(file system driver), Server FSD, user and filter driver can be described in the picture below :. In this sharing we are going to disscus the problem that oplock wants to solve, FILE COMPLETE IF OPLOCKED flag, and different types of oplock. Although we give a kernel mode example here,. We can use filter oplock in user mode. FILE OPEN IF,.
fruitfoxlu.blogspot.com
Lu Chien-Hua's Blog: How to develop a user mode debugger under Windows / x86 platform
http://fruitfoxlu.blogspot.com/2010/03/how-to-develop-user-mode-debugger-under.html
Friday, March 19, 2010. How to develop a user mode debugger under Windows / x86 platform. Have you ever wonder how Visual Studio do debugging things like the picture below? I made a slide about how to implement a debugger on Windows / x86 platform. In this sharing, we will discuss the challenge for OS to support a ring 3 debugger, the overview of Windows Ring 3 debugging, and how to implement the basic features of a debugger. Posted by Royce Lu. March 20, 2010 at 10:03 AM. March 20, 2010 at 10:25 AM.
fruitfoxlu.blogspot.com
Lu Chien-Hua's Blog: 3/1/09 - 4/1/09
http://fruitfoxlu.blogspot.com/2009_03_01_archive.html
Wednesday, March 25, 2009. 有人古典音樂可以百聽不膩,可惜我沒有那個福氣與慧根,不論如何用心欣賞都會想睡。爵士樂就好多了,尤其是 Bill Evans. 這兩位大師的曲子,可以一邊聽一邊思考問題、撰寫程式。 腦海中的爵士樂手的名字非常之少,能說出名字的只有這兩位。(Thelonious Monk的first name還不會念,常常以專輯名稱Solo Monk來稱呼之。)介紹這兩位大師的音樂給我的正是恩師, 路德維希先生. 明天是老師重要的日子,這裡以一曲輕快的 I hadn't anyone till you. Posted by Royce Lu. Links to this post. Sunday, March 15, 2009. Nt Insider : 常用的Windbg技巧(3). 相關知識:Windows kernel driver,x86 knowledge, Windbg command. 160; 題外話,我覺得周大師這篇 Live Debugging環境設定. 65292;也可以使用條件中斷,檢查 ExAllocatePoolWithTag.
fruitfoxlu.blogspot.com
Lu Chien-Hua's Blog: 6/1/10 - 7/1/10
http://fruitfoxlu.blogspot.com/2010_06_01_archive.html
Friday, June 18, 2010. How to check top level unhandle exception filter by windbg. Many applications use SetUnhandledExceptionFilter. To catch unexpeted exception. This API let application be able to hook top-level exception handler of a process. Through it app has a chance to dump debugging information or report abnormal status before process exit. This function also be used as an anti-debugging trick. How to check top-level exception handler by windbg? Kd dd 76d0a5d0 L1. Kd dt EPROCESS 83625d90. 0x088 ...
fruitfoxlu.blogspot.com
Lu Chien-Hua's Blog: 12/1/08 - 1/1/09
http://fruitfoxlu.blogspot.com/2008_12_01_archive.html
Wednesday, December 10, 2008. 最近在讀Memory Dump Analysis Anthology. It's very good to be able to understand and even write everything. From GUI down to machine language instructions or up. Certainly. Understanding how software works at every level is very helpful.(略). Debugging is not about stepping through the code. This is a very narrow view of a specialist programmer. Programmer. Universalis can do debugging at every possible level and therefore can. Write any possible software layer. Posted by Royce Lu.
