搜索资源列表
WDK_protect
- Fake_NtQuerySystemInfo 断链进程隐藏,Fake_NtOpenProcess 保护进程,Fake_NtCreateSection进程创建等,SSDT hook-Fake_NtQuerySystemInfo hide my process, Fake_NtOpenProcess protect my process, code is simple, all are ssdt hook
EnumSsdt
- 通过驱动获取ssdt地址,遍历各个ssdt函数以及获取源ssdt地址-By drive to get ssdt address, traversing the function of each ssdt and access to source ssdt address
ReSSDT
- 一个获取原始ssdt的源码希望能对大家有用-A get the original ssdt the source
registry-monitor
- windows注册表监控源码。Ring0级中HOOKSSDT实现。-Windows registry monitoring source. The level Ring0 hook SSDT achieve.
Driver Loader/Unloader Example Source Code
- self explantator winddk needed
Hook_SSDT_NtOpenProcess
- Hook SSDT NtOpenProcess,驱动实现Hook内核函数。- Hook SSDT NtOpenProcess, drive to achieve Hook kernel function.
HookDemo_SSDT
- SSDT hook 内核api,实现进程隐藏和进程保护功能的源码,备份资料,仅供参考。-SSDT hook kernel api, hidden process and process protection function of the source, the backup data is for reference only.
RemoveQQProtect_src
- 过QQ驱动 解决了一些QQ改了的SSDT的内核 应该算是比较新的软件吧-Drive through QQ solved some QQ changed SSDT kernel should be relatively new software
HOOKSSDTPROCESS
- HOOK SSDT进程保护用户层的无法关闭 -HOOK SSDT process layer to protect the user can not close
mini_ddk
- 郁金香第18课读出SSDT表当前函数地址-Tulip Lesson 18 reads SSDT address table of the current function
ssdt_hook
- ssdt hook,最简单的内核技术,多用于保护进程。-ssdt hook
ShawSsdtHook
- ShadowSsdtHook,类似于ssdt hook,不过寻找shadowssdt表方法不一样。而且要列出地址需要附加一个图形进程。-ShadowSsdtHook, SSDT is similar to hook, but for shadowssdt method is not the same. And to list the addresses the need for an additional graphics process.
Driver
- 一款劫持ssdt关机函数的代码 需要的朋友可以自行下载-Ssdt shutdown function hijacking a friend in need can code to download
instruder
- ark工具源码,包括用户态与核态两部分。支持ssdt hook、inline hook检测与恢复。-ark,ssdt hook、inline hook.
356
- 内核环境下 一个简单的ssdthook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考- 您是不是要找: 内核环境下 一个简单的ssdt hook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考 A simple kernel environment protection process ssdthook process name after 2000 all x86 compatible systems t
myhideprocess
- 两种不同方法隐藏进程,一个 SSDT,一个是注入到winlog.exe 希望对大家有帮助-two way hide process windows driver soure code
ssdt
- 采用inline hook高级方式hook所有函数,易语言开发驱动源代码-Advanced mode uses inline hook hook all functions, easy language development driver source code
DxTiTanTools
- C++驱动编程,获取SSDT表,驱动层和应用层的互交-Drive c++ programming, obtain the SSDT table, intercrossing driver layer and application layer
SSDTHook
- it is a ssdt hooking example for requirement, most know ddk.
SDT_UnHook_Code
- 通过读取ntoskrnl.exe文件的导出函数API相对虚拟地址,找到ntoskrnl.exe在内存中的基地址,计算各个API真正的起始地址,比较SSDT表中对应的API地址,不同则去掉SSDT钩子的驱动代码-First,the driver code acquires the RVA of APIs the export table of ntoskrnl.exe.Second,program acquires the base address of ntoskrnl.exe loaded