搜索资源列表
DuplicateHandle
- 使用DuplicateHandle DOS界面 可以查询当前开启文件句柄 将文件句柄插入到系统进程 保护文件不被删除 接触保护功能几个选项 有源码 能运行
ReadMemoryNotByAPI.rar
- 不使用API跨进程内存读写,通过自己编写驱动进行内存读写。可以绕过通过监控API进行保护的软件,API does not use inter-process memory read and write, write drivers, through their own reading and writing to memory. Can bypass the protection by monitoring software API
HookSSDT
- hook SSDT 表保护进程,防止进程被非法结束-hook SSDT biao bao hu jin cheng
ProtectMon
- 驱动开发,根据PID保护进程,HOOK了 SSDT NtOpenProcess函数,至少可以抵御一切R3病毒终结你的进程!!适合新手学习HOOK ssdt的入门研究-Driven development, the protection under the PID process, HOOK the SSDT NtOpenProcess function, at least the end of you against all the process of virus R3!! Suitabl
DEp0i3Ec
- 进程保护程序,可以保护多个进程,包含测试程序-Process protection program that can protect the multiple processes, including test procedures
ObReferenceObjectByHandle
- Inline HOOK ObReferenceObjectByHandle 保护进程-Inline HOOK ObReferenceObjectByHandle
protector_driver
- 系统进程保护驱动rotector_driver-protector_driver,protector_driver.
protector_driver
- 利用钩子技术配合驱动来控制进程创建,想学驱动保护的可以下载研究下-With the use of hook-driven technology to control the process of creating, want to learn driving under the protection of study can be downloaded
RootKit_pediy
- 来自看雪的RootKit的学习与研究专题的电子书。 Rootkit是什么?估计很多朋友并不明白,简单的说,Rootkit是一种特殊的恶意软件,它的功能是在安装目标上隐藏自身及指定的文件、进程和网络链接等信息,比较多见到的是Rootkit一般都和木马、后门等其他恶意程序结合使用。Rootkit通过加载特殊的驱动,修改系统内核,进而达到隐藏信息的目的。技术是双刃剑,我们研究它的目的在于,透过我们的研究,用这项技术来保护我们的系统,使我们的系统更加健壮,充分发挥这个技术的正面应用。-RootKit
Hook_Open
- wdk源码,进程保护,可以保护进程不被调试器打开-wdk source
HookDemo_SSDT
- SSDT hook 内核api,实现进程隐藏和进程保护功能的源码,备份资料,仅供参考。-SSDT hook kernel api, hidden process and process protection function of the source, the backup data is for reference only.
HOOKSSDTPROCESS
- HOOK SSDT进程保护用户层的无法关闭 -HOOK SSDT process layer to protect the user can not close
Drive-process-protection
- 通过加载驱动实现进程保护和隐藏的易语言模块-By loading the driver implementation process to protect and hide
ProcessProtectShare
- 用ObRegisterCallbacks实现进程保护 来自看雪大神kfysck&tianhz,WinDDK编译确认OK,被我改做别用了,再此分享-Implement process protection with ObRegisterCallbacks see snow the Great God kfysck & tianhz, WinDDK compile confirm OK, is I do not use a change, then this share
Windows-Process-Protection
- 里面包括了实现进程保护的具体原理的PPT。该文档和代码是本人在3年前在一个组织授课时所用的文档和源程序,所有文档PPT和代码均为原创。-Which includes the principles of the process to achieve specific protection of PPT. The documentation and code is himself three years ago when an organization teaching documentation
Yh_SP
- 可以利用系统的CALLBACK实现不HOOK内核函数实现进程保护-Can use the system to achieve the CALLBACK HOOK kernel function to achieve the process of protection
src
- c++下的隐藏进程保护进程驱动源代码 VS2013 配WDK8.1编辑 64位系统-C++ under the hidden process to protect the process-driven source code VS2013 with WDK8.1 editing X64
ProtectProcess
- 进程保护,支持WIN7,已经在VS2010的环境WINDDK7600.16385.1下编译通过,代码中硬编码了cacl.exe这个进程,可以测试通过任务管理器不能关闭cacl.exe,但是,可以通过taskkill /pid来关闭进程,因此还需要升级。-Process protection, support WIN7, already at ambient WINDDK7600.16385.1 VS2010' s compiler, code hard-coded cacl.exe thi
ProcessProtect
- 进程防杀,一种保护进程 的批处理机制,附上源码,放心下载,Vc++版本,请下载最新版,安全软件会误杀(Anti death process, a batch process protection mechanism, with source code, rest assured download, Vc++ version, please download the latest version of security software, wil)
DirverProtect
- win7 x64 位系统下用驱动保护进程不被关闭与读写的三种实例。(Three examples of driving and protecting processes not closed and read and write under win7 x64 bit system.)