资源列表
ShawSsdtHook
- ShadowSsdtHook,类似于ssdt hook,不过寻找shadowssdt表方法不一样。而且要列出地址需要附加一个图形进程。-ShadowSsdtHook, SSDT is similar to hook, but for shadowssdt method is not the same. And to list the addresses the need for an additional graphics process.
ssdt_hook
- ssdt hook,最简单的内核技术,多用于保护进程。-ssdt hook
2222
- 编码与译码程序\212test.cpp .......................\212test.dsp .......................\212test.dsw .......................\212test.ncb .......................\212test.opt .......................\212test.plg 212卷积码编码与译码程序 请评价:推荐↑ 一般 有密
SimplePrint
- 驱动打印-Driver Print
PrtDll
- 打印进驱动,包含了打印机的常用功能,封装比较完善-Print into the drive that contains the printer s common features, a more complete package
driver
- 1:将内核文件映射到我内核空间去; 2:path KiFastCallEntry重定向 一:加载内核 1:关于加载 我代码里用了两种方法,一种被我注释了的: a:使用ZwCreateSection + ZwMapVieOfSection 结合 SEC_IMAGE 标志来加载,此时加载的地址必定是位于user-mode空间,可以简单的用MDL锁定,然后映射这些页面到kernel-mode空间,也可以直接ExAllocatePool 然后 copy加载的镜像
tnts_bai3l
- it is my picture in test iee of USMT.It is very very good and useful
HideKd
- 隐藏调试器的功能代码,躲避驱动保护检测,达到调试的目的,是驱动分析入门不可多得的资料。-Hidden debugger function code, avoid drive protection testing, to debugging purposes, is a rare entry data driven analysis.
KernelEasyCode
- 内核调试简易代码,是研究内核调试不可多得的代码,希望可以给大家带来帮助,共同进步和努力.-Easy debugging kernel code, is a rare study of kernel debugging code, I hope you can give us some help, common progress and effort.
AGPVirtualKD0.3
- 解决TX驱动保护的虚拟机屏蔽的功能代码,使虚拟机调试游戏毫无障碍,是研究游戏驱动的基本工具.-Solving TX driver protection shield features a virtual machine code so that the virtual machine debugging games without a hitch, is the basic tool to study the game drive.
LoadKernel
- 驱动保护一个非常有用的技术,内核的重载,通过重载内核可以避过很多驱动级的防火墙和游戏保护等!-Drive protection a very useful technique, the kernel of overloading, by overloading the kernel can avoid many of the driver-level firewall protection, and games!
HelloWorld
- NT驱动,Hello word NT驱动,Hello word-NT驱动,Hello word