搜索资源列表
SSDT
- 城里城外看SSDT,ring3与ring0之间-Outside the city to see SSDT, ring3 and between ring0
SuperKillFile.exe
- RING0强删文件 其实驱动既不是jupiter写的,也不是我写的。顺便说一句我的深度解析360马上就写好啦!请多多关注底层版。 -RING0 strong drive deleted file is not a jupiter in fact written, nor is my writing. By the way, the depth of resolution 360 I immediately write it ri
safe-access
- 可以防止ring0下直接对IO监控来获取密码的密码框源码-Can prevent ring0 directly on the IO control to obtain the source code of the password box
adetours_ring0_2.1
- Ring0 version of the detours by microsoft.
DriverCheck
- 用驱动进入Ring0扫描所有进程Delphi代码,XP Sp3测试成功-With a drive into the Ring0 Delphi code to scan all processes, XP Sp3 tested successfully
SSDT--11
- SSDT的全稱是System Services Descr iptor Table,系統服務描述符表。這個表就是一個把ring3的Win32 API和ring0的內核API聯繫起來。SSDT並不僅僅只包含一個龐大的位址索引表,它還包含著一些其他有用的資訊,諸如位址索引的基底位址、服務函數個數等。 通過修改此表的函數位址可以對常用windows函數及API進行hook,從而實現對一些關心的系統動作進行過濾、監控的目的。一些HIPS
SSDT
- 详解系统服务描述符表,即SSDT。作用是把ring3的win32 api和ring0的内核api联系起来-Detailed system service descr iptor table, the SSDT. Role is to the win32 api and ring0 ring3 kernel api link
Ring0levelprocessprotection
- HOOK技术的Ring0级进程保护组件设计与实现-HOOK technology Ring0 protection component level design and implementation process
SSDTRecovery
- 简单的SSDT ring0级恢复,方法是导出SSDT表最原始的位置,记录下来,然后打开程序对比其他进程是否更改SSDT位置,如果更改了,则用原始SSDT覆盖。-Simple SSDT ring0-level recovery method is to export the location of the most original SSDT table, record, and then open the program compare
direct-IO-disk-
- 直接读写硬盘源代码,包含RING0和RING3代码 -Direct DISK to read and write the source code, including RING0 and RING3 code
test_blue
- 一个进入ring0并且能调用ntoskrnl.exe的导出函数的源码。十分整蛊。-This is the code to enter RING0 and call the export function in ntoskrnl.exe ...Very tricky.
hooklib
- 一个hooklib,使用distorm解析指令 支持 ring0 & ring3 以及 x86 & amd64 -A hooklib use distorm parsing instructions Support ring 0, & ring3 as well as x86 & amd64
ring0
- 0级硬件中断VxD的设计实现及常见问题解决。-0 levels of hardware interrupt in VxD design and solution to common problem.
ExKillProc_vbsrc
- 驱动结束进程,ring0秒杀任何进程的VB编写-Drive end of the process, the ring 0 spike of any process written in VB
Ring0DeleteFile
- Ring0删除文件,使用Visual Basic实现 -The Ring0 delete file
Kkerrnelfindpe
- 内核级编程与开发实践之检测进程工具与代码..ring0级别的进程检测。需要DDK环境。 -Detection process of the kernel-level programming and development practices, tools and code .. ring 0 level of the process of detection. Requires DDK environmental.
HookCreateProcess
- C++开发的驱动,VB写的接口程序,希望对大家有用,拦截进程的创建,Ring0-C++ development of driver interface program written in VB, hope to be useful, intercept process creation, Ring0
MyCopyFile
- 文件拷贝,驱动实现,在内核层对指定的文件进行拷贝-copy file in the Ring0
Ring0MessageBox_Src
- 驱动层主动与应用层通讯的例子,需要一定的驱动基础-Ring0MessageBox from ring0 to ring3
ORegDriveerp
- Ring0级操作注册表!在驱动开发中,经常会用到对注册表的操作,与Win32的API不同同,DDK提供另外一套对注册表操作的相关函数,本代码给出了内核模式下对注册表的所有操作实例! -Ring0 level operation of the registry! Driven development, often used in the operation of the registry, with the Win32 API, DD