这两天一夜，做了一些代码和库，为了干掉cnnic 3721的保护，就象icesword那样

这两天一夜，做了一些代码和库，为了干掉cnnic 3721的保护：
1. hook ssdt for reg
2. hook ssdt for file
3. hook ssdt for gdi
4. kernel file io wrapper (delete file by nativeapi=ZwXXX, deleteonclose)
5. fsd direct file io wrapper (delete file by nativeapi=SetXXX,send irp to fsd vdo)
6. send irp to fsd vdo bypass filters
7. shadow device of fsd filter in order to fix reentry bug
8. restore fsd driver majorfunction pointer and entry code by signature of ntfs.sys fastfat.sys from memory and disk image
9. hook pe library
10. delete cnnic,3721.fuck.

FSD的VDO CDO 和Storage 的PDO CDO FDO，呵呵，你熟悉么？
FileObject->DeviceObject是VPB->RealObject，是Storage的PDO
VPB->DeviceObject是FSD VDO
FSD VDO和Storage PDO通过VPB绑定

这个是最重要的,如果你要bypass filter

需要代码的，找我要