搜索资源列表
NdisHookDrv
- 一个截取网络包的驱动。它与DDK文档正是NDIS中间驱动不同,是通过HOOK内核NDIS API来实现的。听说诺顿也是使用此方法来实现。-an interception network packet driver. It DDK documentation is NDIS Intermediate Driver, through HOOK kernel NDIS API to achieve. Norton also heard that the use of this method is to
ObjectHook.code
- 内核OBJECT HOOK代码-大家可以-OBJECT HOOK kernel code- everyone can see
SSDT-hook
- Windows内核态SSDT-hook实现进程隐藏和文件隐藏,代码很规整,学习内核编程的好例子 -a good example of studying kernel programing or driver developing, SSDT hook
kernel-reload
- 这份是重载内核,知道重载内核能干什么了,基本所有的ssdt和shadow ssdt都能恢复,神马hook之类的弱爆了-This is overloaded kernel know to reload the kernel can do the basic the all ssdt and shadow ssdt, will recover, of Shenma hook like a weak burst
NtQuerySystemInformation
- 这是介绍如何在Windows驱动层 HOOK NtQuerySystemInformation内核 函数的文章。 这篇文章超级详细的介绍了这个函数的每一个参数以及用法。-This is how the Windows kernel function driver layer HOOK NtQuerySystemInformation article. This article describes the super-detailed each parameter of this function
anti-ssdt
- Windows XP是通过sysenter调用KiFastCallEntry将ntdll.dll的调用切换到内核的。KiFastCallEntry的原理是通过在SSDT中查找函数地址跳转。所以只要伪造一张原始SSDT,就可以使得SSDT-HOOK无效了。-Windows XP by calling KiFastCallEntry sysenter ntdll.dll call will switch to the kernel. KiFastCallEntry SSDT principle i
inlineKiInsertQueueApc
- 内核hook KiInsertQueueApc apc级保护进程-Kernel-level hook KiInsertQueueApc apc protection process
antihook_src
- 创建一个内核驱动,伪造一个ssdt表,使得ssdt钩子失效。-Create a kernel driver, forged a ssdt table, making failure ssdt hook.
DiskMon
- DiskMon运行在NT4上才加载驱动,在W2k以上平台其使用kernel event tracing实现磁盘活动的监视, 但其驱动可以跑在W2k/XP/2K3/Vista上 该驱动Hook了disk的driver dispatch例程,不仅可以监视磁盘活动,稍微改下还能拦截、修改上层对磁盘的读写, 很容易就可以搞个什么 基于Disk的 -DiskMon only run on NT4 load on the drive, more than W2k platform in i
InlineHookScan
- 驱动层搜索内连HOOK,查看SSDT中的内核函数的开头是否被内连HOOK-Search within driving layer with HOOK, see SSDT in the beginning of the kernel function is to be in with HOOK
kernel-Inline-Hook-word-doc
- kernel Inline Hook word doc 详谈内核三步走Inline Hook实现-kernel Inline Hook word doc go into the details to achieve core three-step Inline Hook
VB-Del-Kernel-Hook
- VB恢复内核钩子的一个示例工程文件。可以调试。-VB restore a core sample project file hook. For debugging.
Linux-Network-Kernel-Stack
- Linux网络核心堆栈。本文讨论模块编写者如何利用Netfilter hook 来实现任意目的以及如何将将网络通信在基于Libpcap 的应用程序中隐藏。-Linux core of the network stack. This article discusses how to use Netfilter hook module writers to achieve any purpose and how the network communications applications base
hook-kernel-tut-1
- hook kernel tut 1, code in c++, build with wdk
hook-kernel-tut-2
- hook kernel tut 2, code in c++, build with wdk
hook-kernel-tut-4
- hook kernel tut 4, code in c++, build with wdk
hook-kernel-tut-5
- hook kernel tut 5, code in c++, build with wdk
hook-kernel-tut-3
- hook kernel tut 3, code in c++, build with wdk
Kernel Inline Hook
- 目前流行和成熟的kernel inline hook技术就是修改内核函数的opcode,通过写入jmp或 push ret等指令跳转到新的内核函数中,从而达到修改或过滤的功能。这些技术的共同点 就是都会覆盖原有的指令,这样很容易在函数中通过查找jmp,push ret等指令来查出来, 因此这种inline hook方式不够隐蔽。本文将使用一种高级inline hook技术来实现更隐蔽的 inline hoo技术(Currently popular and mature kernel in
HOOK graphics driver_
- hook d3d显卡驱动源码,内核驱动hook(hook D3D graphics driver source code, kernel driven hook)