搜索资源列表
NdisHookDrv
- 一个截取网络包的驱动。它与DDK文档正是NDIS中间驱动不同,是通过HOOK内核NDIS API来实现的。听说诺顿也是使用此方法来实现。-an interception network packet driver. It DDK documentation is NDIS Intermediate Driver, through HOOK kernel NDIS API to achieve. Norton also heard that the use of this method is to
hook-linux.rar
- Linux 2.6 内核下劫持系统调用,代码比较简单,还是可以参考参考的。,Linux 2.6 kernel system call hijacking, the code is relatively simple, or can refer to as a reference.
SSDT-hook
- Windows内核态SSDT-hook实现进程隐藏和文件隐藏,代码很规整,学习内核编程的好例子 -a good example of studying kernel programing or driver developing, SSDT hook
antihook_src
- 创建一个内核驱动,伪造一个ssdt表,使得ssdt钩子失效。-Create a kernel driver, forged a ssdt table, making failure ssdt hook.
DiskMon
- DiskMon运行在NT4上才加载驱动,在W2k以上平台其使用kernel event tracing实现磁盘活动的监视, 但其驱动可以跑在W2k/XP/2K3/Vista上 该驱动Hook了disk的driver dispatch例程,不仅可以监视磁盘活动,稍微改下还能拦截、修改上层对磁盘的读写, 很容易就可以搞个什么 基于Disk的 -DiskMon only run on NT4 load on the drive, more than W2k platform in i
KernelHook
- Example of kernel hook (MS Visual Studio 2005) of system call NtOpenProcess to prevent opening process from user mode
kernel.txt.tar
- Sometimes, we run into a situation when we badly need to hook some kernel function, but are unable to do it via conventional PE-based hooking. This article explains how kernel functions can be directly hooked. As a sample project, we are going to pre
Hook
- 本文从难易程度上主要分三块详细介绍:一.用户模式Hook:IAT-hook,Dll-inject 二.内核模式Hook:ssdt-hook,idt-hook,int 2e/sysenter-hook 三.Inline Function Hook -In this paper, Difficulty Level 3 detail the main points: 1. User Mode Hook: IAT-hook, Dll-inject 2. Kernel-mode Hook: ssdt-ho
InlineHookScan
- 驱动层搜索内连HOOK,查看SSDT中的内核函数的开头是否被内连HOOK-Search within driving layer with HOOK, see SSDT in the beginning of the kernel function is to be in with HOOK
kernel-Inline-Hook-word-doc
- kernel Inline Hook word doc 详谈内核三步走Inline Hook实现-kernel Inline Hook word doc go into the details to achieve core three-step Inline Hook
VB-Del-Kernel-Hook
- VB恢复内核钩子的一个示例工程文件。可以调试。-VB restore a core sample project file hook. For debugging.
Linux-Network-Kernel-Stack
- Linux网络核心堆栈。本文讨论模块编写者如何利用Netfilter hook 来实现任意目的以及如何将将网络通信在基于Libpcap 的应用程序中隐藏。-Linux core of the network stack. This article discusses how to use Netfilter hook module writers to achieve any purpose and how the network communications applications base
VCPP-driver-Hook-kernel-system-call
- VC++ 驱动层Hook系统内核调用 VC++ driver Hook kernel system call VC++ driver Hook kernel system ca-VC++ driver Hook kernel system call
hook-kernel-tut-1
- hook kernel tut 1, code in c++, build with wdk
hook-kernel-tut-2
- hook kernel tut 2, code in c++, build with wdk
hook-kernel-tut-4
- hook kernel tut 4, code in c++, build with wdk
hook-kernel-tut-5
- hook kernel tut 5, code in c++, build with wdk
hook-kernel-tut-3
- hook kernel tut 3, code in c++, build with wdk
Kernel Inline Hook
- 目前流行和成熟的kernel inline hook技术就是修改内核函数的opcode,通过写入jmp或 push ret等指令跳转到新的内核函数中,从而达到修改或过滤的功能。这些技术的共同点 就是都会覆盖原有的指令,这样很容易在函数中通过查找jmp,push ret等指令来查出来, 因此这种inline hook方式不够隐蔽。本文将使用一种高级inline hook技术来实现更隐蔽的 inline hoo技术(Currently popular and mature kernel in
HOOK graphics driver_
- hook d3d显卡驱动源码,内核驱动hook(hook D3D graphics driver source code, kernel driven hook)