搜索资源列表
ndiswrapper-0.10
- Some wireless LAN vendors refuse to release hardware specifications or drivers for their products for operating systems other than Microsoft Windows. The ndiswrapper project makes it possible to use such hardware with Linux by means of a loadable ker
NdisHookDrv
- 一个截取网络包的驱动。它与DDK文档正是NDIS中间驱动不同,是通过HOOK内核NDIS API来实现的。听说诺顿也是使用此方法来实现。-an interception network packet driver. It DDK documentation is NDIS Intermediate Driver, through HOOK kernel NDIS API to achieve. Norton also heard that the use of this method is to
SDTrestore
- Win32 Kernel Rootkits modify the behaviour of the system by Kernel Native API hooking. This technique is typically implemented by modifying the ServiceTable entries in the Service Descr iptor Table (SDT). 有关钩子-Win32 Kernel Rootkits modify the behavio
ls
- LS by Cao Siqin, 2007.7.17 ls [-l/-w/-s][-d/-f][-acpo!?] [path or file name mask1] [mask2 ...] Options: -? : display this help -l : list details -a : list all files -w/s : list in a line, file names are sepatated by tab -p : file n
windows-driver-Dev
- 本书非常适合熟悉Windows应用编程的读者转向驱动开发。所有的内容都从最基础的编程方法入手。介绍相关的内核API,然后举出示范的例子。这本书只有不到70页,是一本非常精简的小册子。所以它并不直接指导读者开发某种特定类型的驱动程序。而是起到一个入门指导的作用。 -The book is suitable for readers familiar with the Windows application programming turned to the driver development.
UnDoc
- 一些未公开API,通用对话框,一些Shell函数, The Undocumented Functions的`经典`参考书,从源码提取的内核级函数包含2K和NT的, 作为参考.-Some unpublished API, common dialog boxes, some Shell function, The Undocumented Functions of the `classic` reference source extracted from the kernel-level f
RegDriver
- Ring0级操作注册表!在驱动开发中,经常会用到对注册表的操作,与Win32的API不同,DDK提供另外一套对注册表操作的相关函数,本代码给出了内核模式下对注册表的所有操作实例!-Ring0 registry class operation! At driver development, often used for the operation of the registry with Win32' s API different, DDK provide another set of r
Windows
- 本书非常适合熟悉Windows应用编程的读者转向驱动开发。所有的内容都从最基础的编程方法入手。介绍相关的内核API,然后举出示范的例子。这本书只有不到70页,是一本非常精简的小册子。所以它并不直接指导读者开发某种特定类型的驱动程序。而是起到一个入门指导的作用。-This book is very familiar with the Windows application programming for the development of readers turn to drive. All o
B05
- 本书非常适合熟悉Windows应用编程的读者转向驱动开发。所有的内容都从最基础的编程方法入手。介绍相关的内核API,然后举出示范的例子。这本书只有不到70页,是一本非常精简的小册子。所以它并不直接指导读者开发某种特定类型的驱动程序。而是起到一个入门指导的作用。-This book is very familiar with the Windows application programming for the development of readers turn to drive. All o
Windows_programming_source_code
- 通过多个实例,由浅入深地讲述Win32 API程序设计、类库框架设计、MFC程序设计、内核模式程序设计等-Through multiple instances, implemented progressively to about Win32 API programming, class library framework design, MFC programming, kernel-mode program design
SIG2_DefeatingNativeAPIHookers
- Defeating Kernel Native API Hookers by Direct Service Dispatch Table Restoration
Windows2000API
- 内核API 参考文档 E文版 前缀 MM PNP KE SE-Kernel API reference documentation E version
conpro
- 描述生产者和消费者问题的Windows内核程序,包含了API内核函数-Producer and consumer issues described in Windows kernel, the kernel function contains the API
arktool
- 1、息钩子监视:列举系统上的消息钩子。 2、块加载监视:列举系统上加载的所有内核模块 3、SSDT监视:通过得到原始的SSDT地址来得到被恶意程序HOOK的API以及恢复SSDT 4、注册表保护:对一些重要的注册表项进行保护,防止恶意程序对其进行修改。 5、隐藏进程检测:检测出系统中隐藏的进程。 6、隐藏端口检测:检测出系统中隐藏的端口。 7、进程强杀:能够*系统中的对自身保护的恶意进程。-1, the interest rate hook monitor
HookOdROBH
- Hook内核API-ObReferenceObjectByHandle,实现进程保护,防止被保护的进程被kill掉(360杀不掉它)。-Hook the kernel API-ObReferenceObjectByHandle, in order to protect process so that the protected process can not be killed by others.
DefeatingKernelNativeAPIHookers
- Defeating Kernel Native API Hookers.内核书籍.-Defeating Kernel Native API HDefeating Kernel Native API Hookers.ookers.
SSDT--11
- SSDT的全稱是System Services Descr iptor Table,系統服務描述符表。這個表就是一個把ring3的Win32 API和ring0的內核API聯繫起來。SSDT並不僅僅只包含一個龐大的位址索引表,它還包含著一些其他有用的資訊,諸如位址索引的基底位址、服務函數個數等。 通過修改此表的函數位址可以對常用windows函數及API進行hook,從而實現對一些關心的系統動作進行過濾、監控的目的。一些HIPS、防毒軟體、系統監控、註冊表監控軟體往往會採用此介面來實現自
SSDT
- 详解系统服务描述符表,即SSDT。作用是把ring3的win32 api和ring0的内核api联系起来-Detailed system service descr iptor table, the SSDT. Role is to the win32 api and ring0 ring3 kernel api link
APIHOOK
- hook内核API函数 hook内核API函数-hook the kernel API functions
HookDemo_SSDT
- SSDT hook 内核api,实现进程隐藏和进程保护功能的源码,备份资料,仅供参考。-SSDT hook kernel api, hidden process and process protection function of the source, the backup data is for reference only.