{"id":1657,"date":"2019-05-04T20:12:16","date_gmt":"2019-05-04T12:12:16","guid":{"rendered":"https:\/\/blog.dynox.cn\/?p=1657"},"modified":"2023-08-07T00:37:37","modified_gmt":"2023-08-06T16:37:37","slug":"windows%e7%b3%bb%e7%bb%9f%e9%80%9a%e7%94%a8%e5%9b%9e%e8%b0%83","status":"publish","type":"post","link":"https:\/\/blog.dynox.cn\/?p=1657","title":{"rendered":"Windows\u7cfb\u7edf\u901a\u7528\u56de\u8c03"},"content":{"rendered":"

Windows\u7cfb\u7edf\u901a\u7528\u56de\u8c03\n\u672c\u6587\u5c06\u9488\u5bf9Windows\u64cd\u4f5c\u7cfb\u7edf\u6240\u63d0\u4f9b\u7cfb\u7edf\u56de\u8c03\u64cd\u4f5c\u505a\u9010\u4e00\u5206\u6790\uff0c\u4ee5\u4e86\u89e3\u6bcf\u4e2a\u56de\u8c03\u6240\u80fd\u8fbe\u6210\u4ec0\u4e48\u6837\u7684\u529f\u80fd\u53ca\u6548\u679c\u3002\u6bd4\u5982\u90e8\u5206\u56de\u8c03\u53ea\u662f\u7528\u4e8e\u901a\u77e5\uff0c\u6211\u4eec\u53ea\u80fd\u901a\u8fc7\u6b64\u56de\u8c03\u6765\u4e86\u89e3\u67d0\u4e00\u7c7b\u578b\u4e8b\u4ef6\u7684\u53d1\u751f\uff0c\u53ea\u80fd\u505a\u5ba1\u8ba1\uff0c\u62e6\u622a\u52a8\u4f5c\u9700\u8981\u901a\u8fc7\u5176\u5b83\u9014\u5f84\u5b9e\u73b0\uff1b\u4e5f\u6709\u56de\u8c03\u53ef\u4ee5\u5b9e\u73b0\u5373\u65f6\u62e6\u622a\uff0c\u901a\u8fc7\u56de\u8c03\u5373\u53ef\u963b\u6b62\u6076\u610f\u7a0b\u5e8f\u7684\u653b\u51fb\u4f01\u56fe\u3002\nWindows\u7cfb\u7edf\u5728\u5185\u6838\u53ca\u5e94\u7528\u5c42\u5747\u6709\u63d0\u4f9b\u56de\u8c03\u673a\u5236\uff0c\u4e0b\u9762\u5206\u4e3a\u4e24\u90e8\u5206\u4f5c\u4ecb\u7ecd\uff1a<\/p>\n

1 \u5185\u6838\u56de\u8c03<\/h1>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u5185\u6838\u56de\u8c03\u673a\u5236<\/th>\n<\/th>\nOS\u7248\u672c<\/th>\n\u529f\u80fd\u63cf\u8ff0<\/th>\n\u5907\u6ce8<\/th>\n<\/tr>\n<\/thead>\n
PsSetCreateProcessNotifyRoutine<\/td>\n<\/td>\nWIN2K<\/td>\n\u53ea\u662f\u8fdb\u7a0b\u521b\u5efa\u53ca\u9000\u51fa\u901a\u77e5<\/td>\n<\/td>\n<\/tr>\n
PsSetCreateProcessNotifyRoutineEx<\/td>\n<\/td>\nVISTA SP1\/SRV2008<\/td>\n\u53ef\u901a\u8fc7\u8fd4\u56de\u503c\u963b\u6b62\u8fdb\u7a0b\u521b\u5efa<\/td>\n<\/td>\n<\/tr>\n
PsSetCreateProcessNotifyRoutineEx2<\/td>\n<\/td>\nWIN10 1703<\/td>\n\u53ef\u63a5\u6536\u5230WSL\/PICO\u8fdb\u7a0b\u521b\u5efa\u53ca\u9000\u51fa\u901a\u77e5\uff1b\u53ef\u963b\u6b62\u8fdb\u7a0b\u521b\u5efa<\/td>\n<\/td>\n<\/tr>\n
PsSetCreateThreadNotifyRoutine (PsRemoveCreateThreadNotifyRoutine)<\/td>\n<\/td>\nWIN2K<\/td>\n\u7ebf\u7a0b\u521b\u5efa\u53ca\u9000\u51fa\u901a\u77e5<\/td>\n\u521b\u5efa\u65f6\u7684context\u4e3a\u521b\u5efa\u8005\uff0c\u53ef\u7528\u4ee5\u5224\u65ad\u662f\u4e0d\u662f\u8fdc\u7a0b\u7ebf\u7a0b<\/td>\n<\/tr>\n
PsSetCreateThreadNotifyRoutineEx (PsRemoveCreateThreadNotifyRoutine)<\/td>\n<\/td>\nWIN10<\/td>\n\u7ebf\u7a0b\u521b\u5efa\u53ca\u9000\u51fa\u901a\u77e5<\/td>\n\u521b\u5efa\u65f6\u7684context\u4e3a\u65b0\u7ebf\u7a0b\u73af\u5883<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
PsSetLoadImageNotifyRoutine (PsRemoveLoadImageNotifyRoutine)<\/td>\n<\/td>\nWIN2K<\/td>\n\u6a21\u5757\u52a0\u8f7d\u901a\u77e5\uff1a\u652f\u6301\u9a71\u52a8\u53ca\u5e94\u7528\u5c42DLL\u52a0\u8f7d\u901a\u77e5<\/td>\n\u65e0\u6a21\u5757\u5378\u8f7d\u901a\u77e5<\/td>\n<\/tr>\n
PsSetLoadImageNotifyRoutineEx (PsRemoveLoadImageNotifyRoutine)<\/td>\n<\/td>\nWIN10 1709<\/td>\n\u6a21\u5757\u52a0\u8f7d\u901a\u77e5\uff1a\u652f\u6301\u9a71\u52a8\u53ca\u5e94\u7528\u5c42DLL\u52a0\u8f7d\u901a\u77e5<\/td>\n\u65e0\u6a21\u5757\u5378\u8f7d\u901a\u77e5<\/td>\n<\/tr>\n
IoRegisterBootDriverCallback (IoUnRegisterBootDriverCallback)<\/td>\n<\/td>\nWIN8<\/td>\nBoot-Start\u9a71\u52a8\u52a0\u8f7d\u901a\u77e5\uff0c\u53ef\u62e6\u622a\uff0c\u4f46\u62e6\u622a\u7684\u540e\u679c\u5373BSOD<\/td>\n\u52a0\u8f7d\u987a\u5e8f\u95ee\u9898\uff1bELAM\u9a71\u52a8\u6700\u65e9\u52a0\u8f7d\uff0c\u9700\u8981\u7279\u6b8a\u7b7e\u540d<\/td>\n<\/tr>\n
SeRegisterImageVerificationCallback (SeUnregisterImageVerificationCallback)<\/td>\n<\/td>\nWIN8.1 ?<\/td>\n\u9a71\u52a8\u52a0\u8f7d\u56de\u8c03\uff0c\u53ef\u4ee5\u9a8c\u8bc1\u9a71\u52a8\u7b7e\u540d\u4fe1\u606f<\/td>\n\u51fd\u6570\u672a\u516c\u5f00\uff0c\u76ee\u524dWindows Defender\u4f1a\u4f7f\u7528<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
ObRegisterCallbacks (ObUnRegisterCallbacks)<\/td>\n<\/td>\nVISTA SP1 SRV2008<\/td>\n\u9488\u5bf9\u8fdb\u7a0b\u53ca\u7ebf\u7a0b\u5bf9\u8c61\u53e5\u67c4\u7684\u521b\u5efa\u63d0\u4f9b\u524d\u7f6e\u53ca\u540e\u7f6e\u56de\u8c03\uff0c\u53ef\u4fee\u6539\u53e5\u67c4\u6743\u9650\uff0c\u5982\u9488\u5bf9\u8fdb\u7a0b\u5bf9\u8c61\u65e0VM\u6620\u5c04\u6743\u9650\u3002\u5b50\u8fdb\u7a0b\u7ee7\u627f\u53e5\u67c4\u4e0d\u4f1a\u901a\u77e5<\/td>\nWIN7\u7cfb\u7edf\u53ef\u76d1\u63a7\u6587\u4ef6\u53e5\u67c4\u7684\u521b\u5efa\uff0c\u9700\u8981\u4fee\u6539\u672a\u516c\u5f00\u7684\u7cfb\u7edf\u7ed3\u6784\uff08ObjectType->SupportsObjectCallbacks\uff09\uff0cWIN8\u540ePG\u4f1a\u76d1\u63a7\u3002WIN10\u7cfb\u7edf\u589e\u52a0\u4e86\u684c\u9762\u5bf9\u8c61\u7684\u76d1\u63a7\u652f\u6301<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
CmRegisterCallback (CmUnRegisterCallback)<\/td>\n<\/td>\nXP<\/td>\n\u6ce8\u518c\u8868\u64cd\u4f5c\u56de\u8c03\uff0c\u53ef\u4fee\u6539\u3001\u8f6c\u5411\u6216\u62e6\u622a\u539f\u8bbf\u95ee\u8bf7\u6c42<\/td>\nXP\/SRV2003\/VISTA\u884c\u4e3a\u6709\u5dee\u5f02<\/td>\n<\/tr>\n
CmRegisterCallbackEx (CmUnRegisterCallback)<\/td>\nVISTA<\/td>\n\u6ce8\u518c\u8868\u64cd\u4f5c\u56de\u8c03\uff0c\u53ef\u4fee\u6539\u3001\u8f6c\u5411\u6216\u62e6\u622a\u539f\u8bbf\u95ee\u8bf7\u6c42<\/td>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
ExRegisterCallback<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
-- \\Callback\\SetSystemTime<\/td>\n<\/td>\nWIN2K<\/td>\n\u7cfb\u7edf\u65f6\u949f\u4fee\u6539\u56de\u8c03<\/td>\n<\/td>\n<\/tr>\n
-- \\Callback\\PowerState<\/td>\n<\/td>\nWIN2K<\/td>\n\u7535\u6e90\u72b6\u6001\u6539\u53d8\u56de\u8c03\uff08AC\/DC\uff0c\u7535\u6e90\u7b56\u7565\uff0c\u5f85\u673a\u6216\u5173\u673a\uff09<\/td>\n\u65e9\u4e8ePower Manager\u7684IRP_SET_POWER\u8bf7\u6c42<\/td>\n<\/tr>\n
-- \\Callback\\ProcessorAdd<\/td>\n<\/td>\nVISTA<\/td>\n\u52a8\u6001\u589e\u52a0\u65b0CPU\u4e8b\u4ef6\u901a\u77e5<\/td>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
KeRegisterBoundCallback (KeDeregisterBoundCallback)<\/td>\n<\/td>\nWIN10<\/td>\n\u7528\u4ee5\u6355\u83b7\u5e94\u7528\u5c42\u8fb9\u754c\u68c0\u6d4b\u5f02\u5e38\uff0c\u53ef\u7528\u4e8e\u5e94\u7528\u5c42HOOK<\/td>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
Standard Event Objects for VM :<\/td>\n<\/td>\n\u6240\u6709<\/td>\n\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u5185\u5b58\u72b6\u6001<\/td>\n<\/td>\n<\/tr>\n
-- \\KernelObjects\\HighMemoryCondition<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
-- \\KernelObjects\\LowMemoryCondition<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
-- \\KernelObjects\\HighPagedPoolCondition<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
-- \\KernelObjects\\LowPagedPoolCondition<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
-- \\KernelObjects\\HighNonPagedPoolCondition<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
-- \\KernelObjects\\LowNonPagedPoolCondition<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
-- \\KernelObjects\\LowCommitCondition<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
-- \\KernelObjects\\HighCommitCondition<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
-- \\KernelObjects\\MaximumCommitCondition<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
KeRegisterBugCheckCallback (KeDeregisterBugCheckCallback)<\/td>\n<\/td>\nWIN2K<\/td>\n\u7cfb\u7edf\u51fa\u9519\u51c6\u5907\u84dd\u5c4f\u65f6\u7684\u56de\u8c03\u901a\u77e5<\/td>\n<\/td>\n<\/tr>\n
KeRegisterBugCheckReasonCallback (KeDeregisterBugCheckReasonCallback)<\/td>\n<\/td>\nXP SP1 SRV2003<\/td>\n\u84dd\u5c4f\u540eDUMP\u751f\u6210\u901a\u77e5\uff0c\u53ef\u5199\u5165\u989d\u59161-PAGE\u4fe1\u606f<\/td>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
FsRtlRegisterFileSystemFilterCallbacks<\/td>\n<\/td>\nXP<\/td>\n\u6587\u4ef6\u7cfb\u7edf\u6216\u8fc7\u6ee4\u9a71\u52a8\u56de\u8c03\uff0c\u4e00\u822c\u7531I\/o Manager\uff0cVM\u53caCM\u53d1\u8d77<\/td>\n<\/td>\n<\/tr>\n
IoRegisterFsRegistrationChange (IoUnregisterFsRegistrationChange)<\/td>\n<\/td>\n\u6240\u6709<\/td>\n\u6587\u4ef6\u7cfb\u7edf\u6ce8\u518c\u4e8b\u4ef6\u901a\u77e5\u56de\u8c03<\/td>\nWIN2K: \u5df2\u6ce8\u518c\u6587\u4ef6\u7cfb\u7edf\u9a71\u52a8\u4e0d\u518d\u901a\u77e5\uff1bXP: \u5747\u4f1a\u901a\u77e5<\/td>\n<\/tr>\n
IoRegisterFsRegistrationChangeEx (IoUnregisterFsRegistrationChange)<\/td>\n<\/td>\nWIN2K SP4<\/td>\n\u6587\u4ef6\u7cfb\u7edf\u6ce8\u518c\u4e8b\u4ef6\u901a\u77e5\u56de\u8c03\uff0c\u5ffd\u7565RAW\u8bbe\u5907<\/td>\n\u540cIoRegisterFsRegistrationChange<\/td>\n<\/tr>\n
IoRegisterFsRegistrationChangeMountAware (IoUnregisterFsRegistrationChange)<\/td>\n<\/td>\nWIN7<\/td>\n\u6587\u4ef6\u7cfb\u7edf\u6ce8\u518c\u4e8b\u4ef6\u901a\u77e5\u56de\u8c03\uff0c\u5ffd\u7565RAW\u8bbe\u5907<\/td>\n\u4f1a\u989d\u5916\u5904\u7406\u4e0e\u6302\u8f7d\/Mount\u7684\u7ade\u4e89\u95ee\u9898<\/td>\n<\/tr>\n
TmEnableCallbacks<\/td>\n<\/td>\nVISTA<\/td>\n\u6587\u4ef6\u4e8b\u52a1\u64cd\u4f5c\u56de\u8c03<\/td>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
IoRegisterContainerNotification (IoUnregisterContainerNotification)<\/td>\nWIN7<\/td>\n\u4f1a\u8bdd\/Session\u6539\u53d8\u901a\u77e5\uff0c\u5982\u65b0\u7528\u6237\u767b\u5f55\u6216\u767b\u51fa\uff0c\u529f\u80fd\u7c7b\u4f3c\u4e8e\u7528\u6237\u5c42\u7684WTSRegisterSessionNotification<\/td>\n<\/td>\n<\/tr>\n
KeRegisterProcessorChangeCallback (KeDeregisterProcessorChangeCallback)<\/td>\n<\/td>\nWIN2K<\/td>\n\u52a8\u6001CPU\u6dfb\u52a0\u4e8b\u4ef6\u56de\u8c03<\/td>\n\u6709Pre\u548cPost\u5904\u7406<\/td>\n<\/tr>\n
KeRegisterNmiCallback (KeDeregisterNmiCallback)<\/td>\n<\/td>\nSRV2003<\/td>\n\u53d1\u751f\u4e0d\u53ef\u5c4f\u853d\u4e2d\u65ad\u65f6\u7684\u56de\u8c03\u901a\u77e5<\/td>\n<\/td>\n<\/tr>\n
IoRegisterShutdownNotification (IoUnregisterShutdownNotification)<\/td>\n<\/td>\nWIN2K<\/td>\nIRP_MJ_SHUTDOWN\u8bf7\u6c42\u56de\u8c03<\/td>\n<\/td>\n<\/tr>\n
IoRegisterLastChanceShutdownNotification (IoUnregisterShutdownNotification)<\/td>\n<\/td>\nWIN2K<\/td>\nIRP_MJ_SHUTDOWN\u8bf7\u6c42\u56de\u8c03<\/td>\n\u8c03\u7528\u65f6\u673a\u665a\uff0c\u5728\u6587\u4ef6\u7cfb\u7edf\u5904\u7406\u5b8c\u6bd5\u4e4b\u540e<\/td>\n<\/tr>\n
PoRegisterPowerSettingCallback (PoUnregisterPowerSettingCallback)<\/td>\n<\/td>\nVISTA<\/td>\n\u7535\u6e90\u7ba1\u7406\u4e8b\u4ef6\u54cd\u5e94\u56de\u8c03<\/td>\n<\/td>\n<\/tr>\n
IoRegisterPlugPlayNotification (IoUnregisterPlugPlayNotification[Ex])<\/td>\n<\/td>\nWIN2K<\/td>\nPNP\u4e8b\u4ef6\u56de\u8c03\uff08\u8bbe\u5907\u70ed\u63d2\u62d4\uff09<\/td>\n<\/td>\n<\/tr>\n
IoWMISetNotificationCallback<\/td>\n<\/td>\nXP<\/td>\nWMI\u4e8b\u4ef6\u56de\u8c03<\/td>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
DbgSetDebugPrintCallback<\/td>\n\u672a\u516c\u5f00<\/td>\nVISTA<\/td>\n\u6355\u83b7\u5185\u6838\u6253\u5370\u4e8b\u4ef6\uff08DbgPrint\uff09<\/td>\n<\/td>\n<\/tr>\n
IoRegisterPriorityCallback (IoUnregisterPriorityCallback)<\/td>\n\u672a\u516c\u5f00<\/td>\nWIN7 SP1 ?<\/td>\nI\/O \u8bf7\u6c42\u4f18\u5148\u7ea7\u8c03\u6574<\/td>\n<\/td>\n<\/tr>\n
PoRegisterCoalescingCallback (PoUnregisterCoalescingCallback)<\/td>\n\u672a\u516c\u5f00<\/td>\nWIN8.1<\/td>\nCM\u548c\u6587\u4ef6\u7cfb\u7edf\u76f8\u5173\uff1a\u5728\u7cfb\u7edf\u7a7a\u95f2\u7684\u65f6\u5019\u5b9e\u65bdcache\u7684\u805a\u5408\u5237\u65b0<\/td>\n<\/td>\n<\/tr>\n
PsSetLegoNotifyRoutine<\/td>\n\u672a\u516c\u5f00<\/td>\nXP<\/td>\n\u7c7b\u4f3cTLS\uff0c\u53ef\u4ee5\u5b9e\u73b0\u7ebf\u7a0b\u7ec8\u7ed3\u65f6\u7684\u56de\u8c03\u901a\u77e5<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

2 \u5e94\u7528\u5c42\u56de\u8c03<\/h1>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u5e94\u7528\u5c42\u56de\u8c03<\/th>\n<\/th>\nOS<\/th>\n\u529f\u80fd<\/th>\n\u5907\u6ce8<\/th>\n<\/tr>\n<\/thead>\n
LdrRegisterDllNotification (LdrUnregisterDllNotification)<\/td>\n<\/td>\nVISTA<\/td>\n\u53ef\u63a5\u6536\u8fdb\u7a0b\u5185DLL\u6a21\u5757\u52a0\u8f7d\u53ca\u5378\u8f7d\u4e8b\u4ef6\uff0c\u4e0d\u53ef\u62e6\u622a<\/td>\n<\/td>\n<\/tr>\n
ProcessInstrumentationCallback<\/td>\n<\/td>\nWIN7<\/td>\n\u53ef\u5728\u7a0b\u5e8f\u6bcf\u6b21Ring 0\u81f33\u5207\u6362\u540e\u6536\u5230\u901a\u77e5\uff0c\u5728\u7cfb\u7edf\u670d\u52a1\u8c03\u7528\u7ed3\u675f\u65f6\u523b<\/td>\n\u9700\u8981\u8fdb\u7a0b\u6ce8\u5165\u540e\u4e3b\u52a8\u8c03\u7528NtSetInformationProcess\uff0c\u9700\u8981SeDebugPrivilege\u7b49<\/td>\n<\/tr>\n
RegisterServiceCtrlHandler(Ex)<\/td>\n<\/td>\nXP<\/td>\n\u5728\u5e94\u7528\u5c42\u670d\u52a1\u4e2d\u63a5\u6536\u7cfb\u7edf\u4e8b\u4ef6\uff1a\u8bbe\u5907\u70ed\u63d2\u62d4\u3001\u7528\u6237\u767b\u5f55\u3001\u7535\u6e90\u7ba1\u7406\u7b49<\/td>\n<\/td>\n<\/tr>\n
RegisterDeviceNotification<\/td>\n<\/td>\n\u6240\u6709<\/td>\nGUI\u7a0b\u5e8f\u83b7\u53d6\u786c\u4ef6\u6539\u53d8\u901a\u77e5<\/td>\n<\/td>\n<\/tr>\n
RegNotifyChangeKeyValue<\/td>\n<\/td>\nWIN2K<\/td>\n\u76d1\u63a7\u6ce8\u518c\u8868\u6307\u5b9a\u952e\u7684\u5b50\u952e\u53ca\u503c\u7684\u6539\u53d8<\/td>\n<\/td>\n<\/tr>\n
ReadDirectoryChange<\/td>\n<\/td>\n\u6240\u6709<\/td>\n\u76d1\u63a7\u6307\u5b9a\u76ee\u5f55\u4e2d\u7684\u6587\u4ef6\u53ca\u5b50\u76ee\u5f55\u7684\u53d8\u5316<\/td>\n<\/td>\n<\/tr>\n
AddSecureMemoryCacheCallback (RemoveSecureMemoryCacheCallback)<\/td>\n<\/td>\nVISTA SP1<\/td>\n\u53ef\u76d1\u63a7Secure\u7c7b\u578b\u7684\u5171\u4eab\u5185\u5b58\u7684\u91ca\u653e<\/td>\n<\/td>\n<\/tr>\n
LdrSetDllManifestProber<\/td>\n\u672a\u516c\u5f00<\/td>\nXP<\/td>\n\u53ef\u6536\u5230DLL\u6a21\u5757\u52a0\u8f7d\u4e8b\u4ef6\uff0c\u53ef\u7528\u4e8e\u62e6\u622a<\/td>\n<\/tr>\n
LdrInitShimEngineDynamic<\/td>\n\u672a\u516c\u5f00<\/td>\nWIN7<\/td>\n\u53ef\u63a5\u6536Shim Engine\u901a\u77e5\uff0c\u53ef\u63a5\u7ba1DLL\u52a0\u8f7d\u7b49<\/td>\n\u8c03\u7528\u65f6\u673a\u6709\u8981\u6c42\uff0c\u9700\u8981R3 HOOK; \u4e0d\u540cWindows\u7248\u672c\u5982WIN7\u53ca8.1\u5dee\u522b\u8f83\u5927<\/td>\n<\/tr>\n
RtlSetThreadPoolStartFunc<\/td>\n\u672a\u516c\u5f00<\/td>\nWIN2K<\/td>\n\u8bbe\u7f6e\u7ebf\u7a0b\u521d\u59cb\u5316\u53ca\u9000\u51fa\u51fd\u6570\uff0ckernel32\u5185\u90e8\u4f7f\u7528<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

3 \u901a\u7528\u56de\u8c03\u7684\u9650\u5236<\/h1>\n

Windows\u7cfb\u7edf\u867d\u7136\u63d0\u4f9b\u4e86\u56de\u8c03\u63a5\u53e3\uff0c\u4f46\u56e0\u4e3a\u6027\u80fd\u7b49\u5404\u79cd\u56e0\u7d20\u7684\u539f\u56e0\u8fd8\u4f1a\u9650\u5b9a\u56de\u8c03\u7684\u6570\u91cf\uff1a<\/p>\n