搜索资源列表
list
- 内核下的使用LIST_ENTRY实现的双链表,非进程安全 加入 删除 清空 功能. 包括一个自己定义的结构里面 ,根据某字符项删除某节点-Kernel LIST_ENTRY implemented the use of double linked list, deletion of non-empty process security features. Including a definition of the structure of their own which, accordi
Code
- Hiding process with DKOM !采用断开系统中进程的双向链表方式,隐藏指定进程。本程序采用了硬编码,所以只能隐藏XP的进程,如果是其他系统需要修改编码地址!-Hiding process with DKOM! Disconnect system using two-way linked list in the process of the way, hidden designation process. This procedure uses hard-coded, so c
Process
- 从零学驱动(一)进程列举。利用驱动列举出当前系统的进程列表。代码注释非常详细。-Studies from zero drive (1) process list. Drive to list using the current system list of processes. Code is very detailed comments.
53607944driver
- 一个最简单的驱动程序,就像其他的可执行程序一样,每个驱动程序也有一个入口点, 这是当驱动被装载到内存中时首先被调用的,驱动的入口点是DriverEntry过程(注:过程也就是子程序), DriverEntry这个名称只是一个标记而已,你可以把它命名为其他任何名字--只要它是入口点就行了。-One of the most simple driver, just like other executable programs, each driver has one entry point,
ShawSsdtHook
- ShadowSsdtHook,类似于ssdt hook,不过寻找shadowssdt表方法不一样。而且要列出地址需要附加一个图形进程。-ShadowSsdtHook, SSDT is similar to hook, but for shadowssdt method is not the same. And to list the addresses the need for an additional graphics process.
ProcList
- 利用内核中的eprocess读取进程列表,目前能兼容xp win8平台,win7改下就能支持了-The use of the kernel in the eprocess read process list, is currently compatible with the win8 XP platform, win7 will be able to support the