* | |
 Defrag | This is a program that demonstrates the basics of NT disk defragmenting. Move clusters around your disk! Full source is included. |
| NTRegmon | Another Gui/device driver combo that uses a new technique we've developed, kernel-mode system call hooking, to watch all registry-related activity. An article on kernel-mode system call hooking with full source to NTRegmon appeared in Dr. Dobb's Journal in the January 1997 issue. This latest version works on SP2, and should work on future releases as well. Full Source is included.
|
| NTFilemon | This is an NT Gui/device driver program that layers itself above all the file systems on a system in order that it can watch all file system activity. Check out the February issue of Dr. Dobb's Journal for an article on NT File System organization. This latest version has cleaned-up code and obtains path names in a much more accurate way. Full source is included. |
| CpuHog | Here is literally a 5 line program, runnable without special privilege, that will hang an NT system so hard that there is no way to kill it. Is this a flaw in NT? You decide. |
| This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Full source is included. Ctrl2cap also shows how to use HalDisplayString() to print messages to the initialization blue-screen. | |
| This program will very quickly crash NT by just executing random system calls with garbage parameters into Win32K.SYS. It graphically demonstrates the instability introduced by Microsoft's quick move of the USER and GDI portions of Win32 into the kernel . This program has been used to isolate and identify 13 distinct Win32K.SYS functions that either lack parameter validation, or perform it incorrectly. | |
