搜索资源列表
驱动级隐藏进程
- 驱动级隐藏进程代码,SSDT HOOK
RING0.RING0下检测用HOOK SSDT隐藏进程的代码
- RING0下检测用HOOK SSDT隐藏进程的代码,直接build,适用于XP,2000系统。短小实用。,RING0 detect hidden process by HOOK SSDT code directly build, apply to XP, 2000 systems. Short and practical.
Su1xDriver 该驱动通过hook ssdt ZwOpenProcess
- 该驱动通过hook ssdt ZwOpenProcess,来保护保护suserice.exe。 只是练练手,含金量不高。 锐捷客户端Su1xDriver.sys逆向,附源码-The drive through the hook ssdt ZwOpenProcess, to protect the protection suserice.exe. Just practice your hand, gold is not high. Ruijie client Su1xDriver.s
Miss920
- Miss920程序行为监视器,运用SSDT HOOK技术,可以简单有效的监控程序行为,现在已经实现了进程监控,文件监控,注册表监控,并且可以有效快捷地进行二次开发。-Miss920 monitor program behavior, the use of SSDT HOOK technology, can be simple and effective monitoring of program behavior, the process has already been realized to
HookSSDT
- hook SSDT 表保护进程,防止进程被非法结束-hook SSDT biao bao hu jin cheng
ProtectMon
- 驱动开发,根据PID保护进程,HOOK了 SSDT NtOpenProcess函数,至少可以抵御一切R3病毒终结你的进程!!适合新手学习HOOK ssdt的入门研究-Driven development, the protection under the PID process, HOOK the SSDT NtOpenProcess function, at least the end of you against all the process of virus R3!! Suitabl
myhook
- 利用SSDT HOOK 巧过 LINK HOOK的驱动源码。。合适新手熟悉内核学习-Clever use of SSDT HOOK LINK HOOK been driven source. . Appropriate learning novice familiar with the kernel
SSDT-Shadow-Hook
- Hook 了以下函数: NtUserFindWindowEx FindWindow NtUserGetForegroundWindow GetForegroundWindow NtUserQueryWindow GetWindowThreadProcessId NtUserWindowFromPoint WindowFromPoint NtUserBuildHwndList EnumWindows NtUserSetWindowLong SetWindowLong
antiTX
- 1.恢复shadow ssdt 2.恢复 NtReadVirtualMemory NtWriteVirtualMemory NtOpenProcess NtOpenThread KiAttachProce-1.恢复shadow ssdt 2.恢复 NtReadVirtualMemory NtWriteVirtualMemory NtOpenProcess NtOpenThread KiAttachProcess
Kehook
- 对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-The hook, from ring3 there are many, ring3 to ring0 there are many, according to api call progressive sequen
SSDT_Unhook
- SSDT恢复源代码,恢复被挂钩的SSDT(系统服务调用函数表)-SSDT unhook sourcecode
CCRootkit-V0.1
- 一般网上找到的都是需要Ring3传输需要补丁的地址过去... 002就是直接用最标准的方法进行SSDT定位以及修复的 支持多核系统,当然还有003(加入shadow ssdt hook),004(加入inline hook) 基本上是现在最稳定的恢复方式了,大家可以用KMDLoader测试.加载就脱钩.不需要通讯 -Generally find on the Internet are required Ring3 address transmission needs a patc
UTM4XP
- 一个简单ARK源码。包括进线程操作,隐藏进程检测,SSDT,SHADOW SSDT hook查看-An anti-rookit tool
HOOK
- SSDT 及 SSDT Shadow HOOK通用框架及保护模块-SSDT and the SSDT Shadow HOOK common framework and protection module
unfilewrite
- HOOK SSDT 不让创建文件初学者看。高手飘过-HOOK SSDT Not to create the file。master drifting away
SSTDForVB
- SSDT HOOK VB实现源码,调用底层函数,实现的SSDT HOOK.适合VB研究驱动。-SSDT HOOK VB to achieve source, call the underlying function, to achieve the SSDT HOOK. For VB research-driven.
SSDT-Hook-Driver-and-mfc-interface
- HOOK SSDT中SetInformation 函数的 驱动程序 配有mfc的用户模式界面 实现了Createfile readfile writefile IOCTL 这几个分发函数 在IOCTL中实现了对SetInformation函数的HOOK-SSDT Hook Driver test with mfc interface
ssdt
- windows平台下ssdt hook的示例代码 -ssdt hook for windows
ssdt
- 易语言SSDT HOOK编程框架,在此基础上,可以快速实现SSDT HOOK 驱动开发-The easy language SSDT HOOK programming framework, on this basis, you can quickly achieve SSDT HOOK-driven development
HOOK-API
- 一个寒江老师的课件,单独出来发的目的是,让初级入门的驱动程序员们,很快的了解驱动如何对SSDT挂钩以及Windows应用程序如何简单的调用驱动接口的流程。 代码非原创,但是是我看到的最简单和最清楚的流程之一,非常适合刚入门驱动员们的口味,需要的就赶快下载吧。(It`s hanjiang teacher courseware, the purpose is to separate out, let the driver programmer entry-level, quickly unders