[winio介紹]
winioNew stuff at internals.com
Here is the cool stuff added to the site:
WinIo - This library allows direct I/O port and physical memory access under Windows 9x/NT/2000 and XP. Version 2.0 provides faster I/O port access, better memory mapping support and can be used from non-administrative accounts under Windows NT/2000 and XP.
apispy32 - Version 3.0 of the most sophisticated API spying utility is here. With its redesigned interception engine, APISpy32 now offers better accuracy and is more reliable and powerful than ever !
Internals.com has a new mailing list. Join now to get free programming tips, source code examples and undocumented system-level information directly to your mailbox.
A comprehensive article that presents the techniques used by API spying utilities.
MailControl - The personal e-mail firewall that protects your system from hostile viruses and trojans.
ProcSpy32 - A VB utility that monitors the execution and termination of processes under Windows 9x.
NtDriverList - A utility which uses an undocumented API to obtain a list of loaded drivers under NT.
StickyApp32 - A visual Basic application which fools the Windows NT task manager.
What is internals.com ?
This site's purpose is to reveal undocumented aspects of Windows 9x/NT/2000/ME and explore the inner workings of these operating systems. Since information regarding these issues is extremely scarce, many programmers are not familiar with these topics and have to settle with the formal Windows documentation. By providing free utilities and comprehensive tutorials, internals.com attempts to shed some light on these issues and help programmers achieve more in less time. Internals.com will continue to evolve in the future until it covers all key aspects of low-level programming. This includes subjects such as: device driver development, PC internal architecture, undocumented file formats and more.
[winio的使用]
WinIO程式庫允許在32位的Windows應用程式中直接對I/O連線埠和物理記憶體進行存取操作。通過使用一種核心模式的設備驅動器和其它幾種底層編程技巧,它繞過了Windows系統的保護機制。
WinNT/2000/XP下,WinIO函式館只允許被具有管理者許可權的應用程式調用。如果使用者不是以管理者的身份進入的,則WinIO.DLL不能夠被安裝,也不能激活WinIO驅動器。通過在管理者許可權下安裝驅動器軟體就可以克服這種限制。然而,在這種情況下,ShutdownWinIo函式不能在應用程式結束之前被調用,因為該函式將WinIO驅動程式從系統註冊表中刪除。
該函式館提供8個函式功能調用:
bool _stdcall InitializeWinIo();
本函式初始化WioIO函式館。
必須在調用所有其它功能函式之前調用本函式。
如果函式調用成功,返回值為非零值。
如果調用失敗,則返回值為0。
void _stdcall ShutdownWinIo();
本函式在記憶體中清除WinIO庫
本函式必須在中止套用函式之前或者不再需要WinIO庫時調用,
bool _stdcall GetPortVal(WORD wPortAddr, PDWORD pdwPortVal, BYTE bSize);
使用此函式從一個輸入或輸出連線埠讀取一個位元組/字/雙字數據。
參數:
wPortAddr – 輸入輸出連線埠地址
pdwPortVal – 指向雙字變數的指針,接收從連線埠得到的數據。
bSize – 需要讀的位元組數,可以是1 (BYTE), 2 (WORD) or 4 (DWORD).
如果調用成功,則返回非零值。
如果函式調用失敗,則函式返回值為零。
bool _stdcall SetPortVal(WORD wPortAddr, DWORD dwPortVal, BYTE bSize);
使用本函式將一個位元組/字/雙字的數據寫入輸入或輸出接口。
參數:
wPortAddr – 輸入輸出口地址
dwPortVal – 要寫入口的數據
bSize – 要寫的數據個數,可以是 1 (BYTE), 2 (WORD) or 4 (DWORD).
如果調用成功,則返回非零值。
如果函式調用失敗,則函式返回值為零。
PBYTE _stdcall MapPhysToLin(PBYTE pbPhysAddr, DWORD dwPhysSize, HANDLE *pPhysicalMemoryHandle)
使用此函式將物理記憶體的一部分映射到一個32位應用程式的線性地址空間。
下面是一個例子:
PBYTE pbLinAddr;
HANDLE PhysicalMemoryHandle;
pbLinAddr = MapPhysToLin(0xA0000, 65536, &PhysicalMemoryHandle);
該函式將把物理地址範圍為0xA0000 - 0xAFFFF的地址空間映射到與應用程式對應的線性地址空間。 返回值為一個與物理地址0xA0000相關的線性地址。如果出現錯誤,則返回值為NULL。
參數:
pbPhysAddr – 指向物理地址的指針
dwPhysSize – 需要映射的位元組數
pPhysicalMemoryHandle – 變數指針,如果調用成功,負責接收物理記憶體句柄。隨後本句柄在調用UnmapPhysicalMemory函式時作為其第一個參數。
bool _stdcall UnmapPhysicalMemory(HANDLE PhysicalMemoryHandle, PBYTE
pbLinAddr)
使用本函式解除原先使用MapPhysToLin函式映射的一段線性物理記憶體區域,該區域被映射到應用程式所屬的線性地址空間。
Windows 9x 應用程式不需要調用此函式。
參數:
PhysicalMemoryHandle – 物理記憶體區域所屬的句柄,此參數由對MapPhysToLin函式的調用返回。
pbLinAddr – MapPhysToLin函式調用返回的線性地址。
bool _stdcall GetPhysLong(PBYTE pbPhysAddr, PDWORD pdwPhysVal);
從指定的物理地址讀取一個雙字數據。
參數:
pbPhysAddr – 指向物理地址的指針。
pdwPhysVal – 指向一個雙字變數的指針,接收從物理記憶體中傳來的數據。
如果此函式調用成功,返回一個非零值。
如果函式調用失敗,則返回一個零值。
bool _stdcall SetPhysLong(PBYTE pbPhysAddr, DWORD dwPhysVal);
將一個雙字型數據寫入指定的物理地址。
參數:
pbPhysAddr – 指向物理地址的指針。
pdwPhysVal – 指定待寫入物理記憶體地址出的雙字型數據。
如果此函式調用成功,返回一個非零值。
如果函式調用失敗,則返回一個零值。
參考資料:
1.winio官方網站: http://www.internals.com/
