该BOOTKIT是基于NTLDR的文件型BOOTKIT。NTLDR是最接近内核的，而且对它做HOOK，可以避免编写针对各种类型外设的代码，提高通用性。-The BOOTKIT is based on the NTLDR file type BOOTKIT. NTLDR is the closest to the kernel, but it did HOOK, to avoid the preparation of the code for the various types of periph

本文从难易程度上主要分三块详细介绍：一．用户模式Hook:IAT-hook,Dll-inject 二．内核模式Hook:ssdt-hook,idt-hook,int 2e/sysenter-hook 三．Inline Function Hook -In this paper, Difficulty Level 3 detail the main points: 1. User Mode Hook: IAT-hook, Dll-inject 2. Kernel-mode Hook: ssdt-ho

ZwOpenProcess SSDT Hook test to catch open process information. Compile it with Meerkat Advanced kernel mode driver GUI for KmdKit4D. Link: http://www.mediafire.com/?hbhjorv8797k2-ZwOpenProcess SSDT Hook test to catch open process information.

易语言多类模块的内核源码，如果键盘钩子，内存，驱动，QQ 软件类，进程内，窗口的原实例，可以查看与学习！-Easy language class module kernel source, if the keyboard hook, memory, drives, QQ software class process, the original instance of the window, you can view and learn!