搜索资源列表
keyboardfilter
- 键盘过滤驱动的基本框架,可以在里面方便地添加自己的代码,工具为DDK-Keyboard filter driver
user
- 用户态与内核态的通信,是windows内核的ring3与ring0 的通信
ntring0
- windows,2000xp下采用无驱Ring0-windows, 2000xp adopt hassel Ring0
asmcodebin
- 这是一只纯ASM编写的病毒,具备文件感染,入口代码变形,自身加密,EPO等功能,是一只无任何 特征码的病毒,设计目的是为对抗反病毒软件的特征码杀毒、行为杀毒和虚拟机杀毒,现有代码 未提供任何破坏功能,但会主动感染可执行文件,而且被感染过的文件很难再还原,这点请注意 另外这东西也提供了Ring0功能,主要用于感染运行中的可执行文件 这东西写完后放了很久,不太记得怎么用了,把代码放上来有兴趣的朋友拿去研究研究,汇
WinRing
- 通过对本代码中的函数简单调用可以取到系统的Ring0权限。-Through a simple function of the code to the system call can take Ring0 permission.
NtOpenProcess[InlineHook]
- r0 inline hook sample.
X86IL
- 可以将机器码计算为汇编指令并且算出指令长度的C头文件。在编写Ring0或Ring3的Inline Hook时不可缺少的东西。-Can be calculated as the compilation of binary instructions and directives to calculate the length of the C header file. In the preparation of the Ring0 or R
baoliBreak
- 通过驱动编程,写强力文件删除. 在Ring0级下删除文件内容.-Through-driven programming, writing powerful file delete. Ring0 level in the next delete the contents of the documents.
rr0d_snapshot.tar
- rr0d ring0 windows/unix debugger
hidefile-0.3.1.tar
- 文件隐藏代码,实现在Linux环境下,要四个文件夹全部下载下来,才能看懂。该代码实现在Ring0环境下-hidefile
Kehook
- 对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-The hook, from ring3 there are many, ring3 to ring0 there are many, according
Win_proc_list_2
- Source windows ring0 programming example2
GetCurrentProcessName
- 一个从内核态获取Eprocess结构中获取,进程名偏移的代码;采用内联汇编完成功能;- Get the offset of the name of the process from ring0
bin
- WLReset源码 如果有ring0保护,清除后重起即可. 时间限制的,清除后改系统时间-If there is WLReset source ring0 protection, re-starting can be removed. Time limit for the time after the removal of
Ring0HOOKSSDTReg
- DDK开发的在Ring0中通过HOOK SSDT,实现对注册表监控-DDK development in Ring0 through HOOK SSDT, to realize the Registry Monitor
ObReferenceObjectByHandle
- Inline HOOK ObReferenceObjectByHandle 保护进程-Inline HOOK ObReferenceObjectByHandle
98commhook
- 在win98下对串口数据进行捕获,采用了vxd技术在ring0层对串口实现了Hook操作。-In the under win98 serial data capture, using vxd in ring0 layer serial interface operation of the Hook.
intoring0
- 采用VC++编写的,中断门无驱动进入ring0. 是学习驱动开发的好资料-Written using VC++, interrupt-driven into the gate without ring0. Is to learn from the good data-driven development
code_5
- commmunication between application with ring0 driver-communication between application with ring0 driver
keyspy
- ring3下读取物理地址执行ring0代码,在ring0代码嵌入汇编指令直接读取I/O端口。优秀的*源码.-ring3 to read the physical address of the next Executive ring0 code, the code embedded in the ring0 assembly instructions directly read I/O ports. Excellent keylog