搜索资源列表
ssdt查看恢复工具源码,界面程序
- ssdt查看恢复工具源码,界面程序,具有查看和恢复ssdt功能,可以编译通过,View source ssdt recovery tools, interface procedures ssdt with the view and the restoration of function can be compiled through
RING0.RING0下检测用HOOK SSDT隐藏进程的代码
- RING0下检测用HOOK SSDT隐藏进程的代码,直接build,适用于XP,2000系统。短小实用。,RING0 detect hidden process by HOOK SSDT code directly build, apply to XP, 2000 systems. Short and practical.
SSDT_Helper_src.rar
- HOOK SSDT Hook系统服务描述表.查看SSDT.是个好东西哈哈,HOOK SSDT that s may be is you need
Process_protection.rar
- 基于ssdt hook 的进程保护,防止自己的进程被恶意关闭。包含应用层与应用层通信的代码,based on ssdt hook the process of protection against their own process of being shut down malicious. Contains application-layer and application layer communication code
SSTD.ZIP
- SSDT HOOK Source code,SSDT HOOK Source code
SSDT
- 建立新的SSDT表,修改可以绕过,某些游戏保护系统的SSDT HOOK 或 INLINE HOOK-SSDT table to create a new, modified to bypass certain game protection system SSDT HOOK or INLINE HOOK
Miss920
- Miss920程序行为监视器,运用SSDT HOOK技术,可以简单有效的监控程序行为,现在已经实现了进程监控,文件监控,注册表监控,并且可以有效快捷地进行二次开发。-Miss920 monitor program behavior, the use of SSDT HOOK technology, can be simple and effective monitoring of program behavior, the process has already been realized to
SSDT-hook
- Windows内核态SSDT-hook实现进程隐藏和文件隐藏,代码很规整,学习内核编程的好例子 -a good example of studying kernel programing or driver developing, SSDT hook
SSDT-HOOK
- XP下SSDT Hook ZwCreateThread的代码,仅适用于XP,由驱动和用户模式下控制程序组成,是从以前写的另一个程序修改过来的,所以代码中部分结构体的成员的定义是多余的,要写SSDT Hook的可以参考一下-XP, SSDT Hook ZwCreateThread code only applies to XP, drivers and user mode by the control program component is written in another program
anti-ssdt
- Windows XP是通过sysenter调用KiFastCallEntry将ntdll.dll的调用切换到内核的。KiFastCallEntry的原理是通过在SSDT中查找函数地址跳转。所以只要伪造一张原始SSDT,就可以使得SSDT-HOOK无效了。-Windows XP by calling KiFastCallEntry sysenter ntdll.dll call will switch to the kernel. KiFastCallEntry SSDT principle i
Kehook
- 对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-The hook, from ring3 there are many, ring3 to ring0 there are many, according to api call progressive sequen
anti-hook-ssdt
- ssdt钩子检测,利用查找ntkrnlpa.exe中导出的ssdt的起始地址和大小,比较实际的ssdt地址表中的内容,找出钩子-ssdt hook detection, the use of export ntkrnlpa.exe Find ssdt the start address and size, a more realistic ssdt address the contents of the table to find out hook
antihook_src
- 创建一个内核驱动,伪造一个ssdt表,使得ssdt钩子失效。-Create a kernel driver, forged a ssdt table, making failure ssdt hook.
biostelnet
- 向BIOS中植入模块,HOOK中断向量表,HOOK NTLDR加载过程以及HOOK内核函数,SSDT hook。-Add module into bios,HOOK IVT,HOOK NTLDR loder process and hook knrnel function,just as SSDT HOOK
Hook
- 本文从难易程度上主要分三块详细介绍:一.用户模式Hook:IAT-hook,Dll-inject 二.内核模式Hook:ssdt-hook,idt-hook,int 2e/sysenter-hook 三.Inline Function Hook -In this paper, Difficulty Level 3 detail the main points: 1. User Mode Hook: IAT-hook, Dll-inject 2. Kernel-mode Hook: ssdt-ho
CCRootkit-V0.1
- 一般网上找到的都是需要Ring3传输需要补丁的地址过去... 002就是直接用最标准的方法进行SSDT定位以及修复的 支持多核系统,当然还有003(加入shadow ssdt hook),004(加入inline hook) 基本上是现在最稳定的恢复方式了,大家可以用KMDLoader测试.加载就脱钩.不需要通讯 -Generally find on the Internet are required Ring3 address transmission needs a patc
UTM4XP
- 一个简单ARK源码。包括进线程操作,隐藏进程检测,SSDT,SHADOW SSDT hook查看-An anti-rookit tool
HOOK
- SSDT 及 SSDT Shadow HOOK通用框架及保护模块-SSDT and the SSDT Shadow HOOK common framework and protection module
code
- SSDT Hook Source with Visual Stuio 6.0 (C++)
全新ssdt hook
- 全新的ssdt hook引擎 劫持 windows xp windows win7 x86