Undocumented Windows 2000 Secrets이 pdf 버전으로 있었군요.
웬만한 인터널에 관한 지식은 총망라 되어 있어서 꽤 유용합니다.
pdb 파일을 사용해서 커널 후킹을 한다는 것과 SSDT훅이 하닌 IDT훅을 사용하기 때문에 오버헤드가 좀 있을 듯 하지만, 여전히 좋은 코드들이죠.
레퍼런스로 쓰기에 좋을 듯 하네요.
http://www.rawol.com/features/undocumented/sbs-w2k-preface.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-1-windows-2000-debugging-support.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-2-the-windows-2000-native-api.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-3-writing-kernel-mode-drivers.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-4-exploring-windows-2000-memory.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-5-monitoring-native-api-calls.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-6-calling-kernel-api-functions-from-user-mode.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-7-windows-2000-object-management.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-a-kernel-debugger-commands.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-b-kernel-api-functions.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-c-constants-enumerations-and-structures.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-bibliography.pdf
http://www.rawol.com/features/undocumented/sbs-w2k-index.pdf
예전에 버그트럭 에 포스팅한 내용입니다.
