搜索资源列表
ProcessMon
- 在ring0层通过内存扫描,检测系统中的隐藏进程-Detection Based on memory scanning hidden processes
Hideprocess
- 直接修改内核对象隐藏进程驱动,应用层无法看到隐藏的进程。-Directly modify the kernel object hidden process-driven application layer can not see the hidden process.
protectproc
- 一小段实现windows驱动底层进程自保护的源码程序。-Driver underlying processes to achieve self-protection
HOOKSSDTPROCESS
- HOOK SSDT进程保护用户层的无法关闭 -HOOK SSDT process layer to protect the user can not close
ssdt_hook
- ssdt hook,最简单的内核技术,多用于保护进程。-ssdt hook
ShawSsdtHook
- ShadowSsdtHook,类似于ssdt hook,不过寻找shadowssdt表方法不一样。而且要列出地址需要附加一个图形进程。-ShadowSsdtHook, SSDT is similar to hook, but for shadowssdt method is not the same. And to list the addresses the need for an additional graphics process.
processprotect
- 通过inline Hook为公开函数实现进程防杀-Achieved through the process of killing anti-public functions as inline Hook
HideProcess
- AGP的进程隐藏源码。XP使用正常。其他系统重写结构体即可-AGP s process hidden source.. XP properly used. Other systems can rewrite the structure
InlineReHOOK
- 利用驱动结束进程,在驱动层面做比应用层面做更准确,权限更高-kill process by driver
Drive-process-protection
- 通过加载驱动实现进程保护和隐藏的易语言模块-By loading the driver implementation process to protect and hide
356
- 内核环境下 一个简单的ssdthook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考- 您是不是要找: 内核环境下 一个简单的ssdt hook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考 A simple kernel environment protection process ssdthook process name after 2000 all x86 compatible systems t
Test
- windows内核查找指定进程 涉及IO定时器,线程,初学者可以参考,带详细注释。-Find windows kernel timers specified process involves IO, threading, beginners can refer to, with detailed notes.
CsrssEnmuProcess
- Csrss枚举进程列表。驱动层面枚举进程的一种方法。-Csrss Enum Process。
myhideprocess
- 两种不同方法隐藏进程,一个 SSDT,一个是注入到winlog.exe 希望对大家有帮助-two way hide process windows driver soure code
ProcessProtect
- 驱动编程中有关进程防护的相关代码,需要的朋友们可以参考一下。-Driven programming related processes relevant code protection, and friends need to be able to refer to.
hookSSDT
- 使用HOOKSSDT可以调用用于保护进程被结束,多用于杀毒程序,或是公司要求的实时监控软件,想保进程不被其他程序结束,HOOKSSDT是个不错的选择。-Using HOOKSSDT can call for the protection of the process is finished, and more for the antivirus program, or real-time monitoring software company requirements, to ensure th
KILL
- 暴力强制杀除进程的驱动程序代码,写杀进程的工具可以参照。-Violence, strong kill the process of driver code
Killer
- Killer.sys用DriverMonitor加载,KillerIoCTL.exe是通信程序。输入ProcessID结束进程 可终止卡巴,毒霸,360,冰刃,PowerTool,PcHunter等。 果然不能终止江民,在PsLookupProcessByProcessId()这步读取进程的EProcess失败,想必江民在这里挂了钩。 下一步准备搜索PsLookupProcessByProcessId恢复钩子试试看。-Killer.sys DriverMonitor Ki
wdf-get-process-info
- wdf获取创建的进程信息,包括进程id,进程名字以及线程id等信息。-wdf obtain information creation process, including the process id, process name, and thread id information.
ProcessProtectShare
- 用ObRegisterCallbacks实现进程保护 来自看雪大神kfysck&tianhz,WinDDK编译确认OK,被我改做别用了,再此分享-Implement process protection with ObRegisterCallbacks see snow the Great God kfysck & tianhz, WinDDK compile confirm OK, is I do not use a change, then this share