搜索资源列表
dvKrnlData
- 该代码为我学习winnt内核时所写,主要功能是在ring3下通过DeviceIoControl与驱动进行通信,获取内核的数据以及sdt,idt信息等。并实现了hook NtQuerySystemInformation函数来实现进程隐藏的功能-The code for the kernel, I am learning winnt wrote, Its main function is in ring3 through DeviceIoControl communication with the
NdisHookDrv
- 一个截取网络包的驱动。它与DDK文档正是NDIS中间驱动不同,是通过HOOK内核NDIS API来实现的。听说诺顿也是使用此方法来实现。-an interception network packet driver. It DDK documentation is NDIS Intermediate Driver, through HOOK kernel NDIS API to achieve. Norton also heard that the use of this method is to
2kHookDriver
- windows hook driver的范例程序。对于开发基于hook的windows平台网络驱动程序有很大借鉴作用,可直接修改使用。
ExcpHookMonitor_0.0.4
- ExcpHook is an open source (see license.txt) Exception Monitor for Windows made by Gynvael Coldwind (of Team Vexillium). t uses a ring0 driver to hook KiExceptionDispatch procedure to detect the exceptions, and then shows information about the except
RestoreInlinehook
- 恢复DNF内核inline hook的驱动源代码-Recovery DNF kernel driver source code inline hook
Klog
- Sample kayboard hook driver
DiskMon
- DiskMon运行在NT4上才加载驱动,在W2k以上平台其使用kernel event tracing实现磁盘活动的监视, 但其驱动可以跑在W2k/XP/2K3/Vista上 该驱动Hook了disk的driver dispatch例程,不仅可以监视磁盘活动,稍微改下还能拦截、修改上层对磁盘的读写, 很容易就可以搞个什么 基于Disk的 -DiskMon only run on NT4 load on the drive, more than W2k platform in i
ZwCreateFile
- HOOK ZwCreateFile 配合 ZwDeleteFile 实现监视不许指定文件创建-HOOK ZwCreateFile with monitoring the realization of ZwDeleteFile not create the specified file
SimplePacketFilterFirewall
- Simple Packet - Filter Firewall A simple packet filtering based open source Firewall. It uses Filter hook driver for its basic working-Simple Packet- Filter Firewall A simple packet filtering based open source Firewall. It uses Filter hook driver
DetectUsbHubInternelIoCtl
- 这是一个驱动程序源码,主要的功能是检测UsbHub是否被非法hook了。可以用来判断usb键盘的深度hook。-This is a driver source code, the main function is to detect whether the illegal hook the UsbHub. Usb keyboard can be used to determine the depth of the hook.
SSDT-Hook-Driver-and-mfc-interface
- HOOK SSDT中SetInformation 函数的 驱动程序 配有mfc的用户模式界面 实现了Createfile readfile writefile IOCTL 这几个分发函数 在IOCTL中实现了对SetInformation函数的HOOK-SSDT Hook Driver test with mfc interface
driver
- 易语言驱动源码模版.对ssdt hook 的处理-Yi language driver source code templates. SSDT hook handle
HideProcess.sys
- ssdt hook实现隐藏进程功能的驱动代码文件-ssdt hook hidden process driver code files
keyboardhooksrc
- 驱动级键盘钩子所用的源代码,对需要做键盘钩子有帮助。-Dynamic library for keyboard hook driver source code, the need for keyboard hook to help.
hook_NtLoadDriver
- 某强删工具sys的逆向学习. 该驱动主要功能如下:首先是对FSD的hook的处理,RestoreFSDDispatchRoutine-A strong delete tool sys reverse learning the driver main function is as follows: First, the treatment of FSD' s hook, RestoreFSDDispatchRoutine
Driver Loader/Unloader Example Source Code
- self explantator winddk needed
Ghost
- 驱动级ROOTKIT范例集合,包括sstd hook,idthook, irphook,sysenterhook等-Driver stage ROOTKIT sample collection, including SSTD hook, idthook, irphook, sysenterhook, etc
DRIVER
- hook硬盘序列号的驱动,支持win7、xp、2000等操作系统-support win7 system
HOOK-API
- 一个寒江老师的课件,单独出来发的目的是,让初级入门的驱动程序员们,很快的了解驱动如何对SSDT挂钩以及Windows应用程序如何简单的调用驱动接口的流程。 代码非原创,但是是我看到的最简单和最清楚的流程之一,非常适合刚入门驱动员们的口味,需要的就赶快下载吧。(It`s hanjiang teacher courseware, the purpose is to separate out, let the driver programmer entry-level, quickly unders
Source
- 用于对指定设备驱动的信息分发调用序列的记录。(Driver's Dispatch Routines Hooking The driver allows you to log dispatch routines calls (and their relative sequence) for given device object(s).)