搜索资源列表
ProcList
- 利用内核中的eprocess读取进程列表,目前能兼容xp win8平台,win7改下就能支持了-The use of the kernel in the eprocess read process list, is currently compatible with the win8 XP platform, win7 will be able to support the
EnumRemoveObCallback
- 对象回调是目前绝大多数游戏保护用于保护游戏进程用的回调。-Callback is a callback object is to protect the vast majority of the game to protect the game process used.
[7-1]EnumRemoveProcessThreadNotify
- 枚举与删除进线程回调,进程回调可以监视进程的创建和退出-Enumerate and delete into the thread callback, the callback process can monitor the process of creating and exit
MyCreateProcess
- 这个源码是通过在驱动中启动想要的进程,而不是在系统层进行进程的创建-Driver CreateProcess
Windows-Process-Protection
- 里面包括了实现进程保护的具体原理的PPT。该文档和代码是本人在3年前在一个组织授课时所用的文档和源程序,所有文档PPT和代码均为原创。-Which includes the principles of the process to achieve specific protection of PPT. The documentation and code is himself three years ago when an organization teaching documentation
SSDT
- 驱动开发的ark工具,支持扫描ssdt,进程操作,服务操作,注册表操作-ark tool
hook-zwquerysysteminformation
- ring 0 hook zwquerysysteminformation 可以达到隐藏进程操作-ring 0 hook zwquerysysteminformation 可以达到隐藏进程操作
testdeamon
- linux守护进程实现,centos6.2上编译通过-linux daemon
ProcessOperationTest
- 64位驱动程序,用于枚举进程,内含枚举线程和模块-62 Process
qudongbaohu
- 利用魔鬼作坊模块编写的驱动级保护进程、隐藏进程的源码-Use devil workshop module prepared by the driver level protection process, the hidden process source
InjectDll
- 驱动级注入程序,在驱动中把dll文件注入到目标进程-Driver level injection procedures, in the drive to the DLL file into the target process
Yh_SP
- 可以利用系统的CALLBACK实现不HOOK内核函数实现进程保护-Can use the system to achieve the CALLBACK HOOK kernel function to achieve the process of protection
HideHandleTable
- 简单的隐藏EPROCESS进程下面的句柄表,适合新手学习-Hide EPROCESS simple process handle table below for novice learning
GetProcessMd5
- 通过拦截IRP_MJ_CREATE,获得在该irp上下文中的进程,并md5该进程后输出。 可以控制进程是否可以访问某个文件夹,或者打开某个文件。-By intercepting IRP_MJ_CREATE, get the process in the context of the IRP, and MD5 the process after the output. Can control the process of access to a folder, or open a file
WatchProcess
- win7 32位操作系统可用,驱动级别,获取当前系统中运行的进程信息
EipInject
- win7 32位操作系统才可使用,劫持指定进程中的进程对象的EIP,然后注入dll,驱动级别,小心使用-win7 32-bit operating systems can only be used in the process of hijacking EIP specified process object, and then injected into the dll, drive level, be careful to use ....
HideProcessHookMDL
- 一个windows驱动程序,通过挂载MDL实现隐藏进程的目的,能够防止各种应用程序找到隐藏的进程。-A windows driver realize the hidden processes by mounting MDL purpose, can prevent a variety of applications to find hidden processes.
HIDEPROCESS
- 驱动隐藏进程源码 通过 SSTD 实现-Driver hidden processes the source code
src
- c++下的隐藏进程保护进程驱动源代码 VS2013 配WDK8.1编辑 64位系统-C++ under the hidden process to protect the process-driven source code VS2013 with WDK8.1 editing X64
ZUNHUN
- 代码进程相关模块方面的源码模块,可以学习参考-Code process-related modules of the source module, you can learn reference