搜索资源列表
KernelExec
- 从RING0级下启动RING3级的应用程序源代码-from RING0 activated RING3-level application program source code
R3toR0
- 从RING3进入RING0的方法,不需要驱动
ExcpHookMonitor_0.0.4
- ExcpHook is an open source (see license.txt) Exception Monitor for Windows made by Gynvael Coldwind (of Team Vexillium). t uses a ring0 driver to hook KiExceptionDispatch procedure to detect the exceptions, and then shows information about the except
CheckHiddenFile
- 使用内核方法检测隐藏文件,包括ring0,ring3的代码。
CallRing3FormRing0
- 在Ring0层中调用Ring3层的功能 需要安装DDK-in Rign0 layer called Ring3 layer functions need to install DDK
r3_2_r0
- Windows2000 XP 从Ring3层进入Ring0层的一种方法-Windows XP Ring3 layer from the layer into Rign0 a way
Rootkit 内核hook 隐身术
- Rootkit 1。 内核hook 隐身术 ring0中调用ring3程序 其他
Kehook
- 对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-The hook, from ring3 there are many, ring3 to ring0 there are many, according to api call progressive sequen
delphi_PspTerminateProcess
- delphi版内核调用PspTerminateProcess杀进程源码,在ring3下搜索PspTerminateProcess地址,传给ring0,然后在ring0下调用。-delphi kernel call PspTerminateProcess kill the process, source code, in the next ring3 search PspTerminateProcess address, passed ring0, and then ring0 invoked.
Ring0MessageBox_Src
- 驱动层主动与应用层通讯的例子,需要一定的驱动基础-Ring0MessageBox from ring0 to ring3
avscan
- 杀毒软件MiniFilter框架源码,包括ring3应用程序和ring0驱动程序。-The antivirus software MiniFilter framework, including ring3 application and ring0 driver.
[7-2]EnumRemoveImageNotify
- 枚举与删除映像回调,映像回调可以拦截RING3 和 RING0的映像加载。- Enumerate and delete image correction, image correction can intercept RING3 and RING0 the image is loaded.