搜索资源列表
svv-2.3-bin
- Detector rootkit kernel mode ring0 sys driver
CsrssWalker
- 在Csrss.exe中,保存着所有Win32子系统进程的进程信息,这些信息以链表的形式保存。 正常情况下,每一个新创建的进程都会通知Csrss.exe,Csrss.exe接收这些信息然后保存起来,所以遍历这个链表就可以得到所有Win32子系统进程的信息。首先就是找链表头了,链表头为CsrssRootProcess,在CSRSRV.DLL导出的函数中有对CsrssRootProcess的操作,因此可以通过CSRSRV.DLL的导出函数
Regmon
- 一个已经停止开发的软件,但是里面有一部分与ROOTKIT的内容可以参考下。有驱动的加入。-A software has stopped, but there are ROOTKIT part of the content and can refer to the next. Have driven to join.
Zion
- Rootkit实现,做技术探讨,非常具有参考价值,请不要拿来做非法的事-Rootkit achieve, so the technical discussion is very valuable, please do not use to do illegal things
hideprocess
- windows 系统下 隐藏 进程的代码 此代码使用了rootkit技术-windows system code to hide the process of the code used rootkit technology
He4Boot
- 俄罗斯的文件隐藏rootkit,用到了Boot启动技术-Russia' s documents hidden rootkit, used to start the Boot Technology
cmcark_cw.0.2.2.9.12
- A rootkit detector that allows you to remove the SSDT hooks maden in the OS kernel.
XXXXXXX
- Fu rootkit source code-Fu rootkit source code
RkU_102_source
- Rootkit detector to find system hook and user code hooks, hidden driver, hidden files, hidden proccess.
BiosRootkit
- Bios Rootkit Bios Rootkit-Bios Rootkit
RkU3.8.342.554
- Rootkit unhooker last version
darkspy105
- darkspy是一款针对rootkit(攻击者用来隐藏自己的踪迹和保留root访问权限的工具)的多通道检测工具,它联合了多种扫描技术,-darkspy is a targeted rootkit (the attacker to hide their tracks and keep root access tool) multi-channel detection tool, it combined a variety of scann
HideProc
- dkom rootkit it will hide files on windows 2k, xp, vista
NTRootKit
- Nt rootkit, developed in delphi
FU_Rootkit
- 最初的一个rookit版本,功能比较简单,但是是学习rootkit以及windows驱动程序开发的最好例子。-This rootkit is an example of Rootkit learning and Windows drivers developping,its easy and simple,but important!hope it would help u!
evilrootkit
- 一个很邪恶的rootkit,他工作在windows下面,并不是那些可以公开下载到的-A very evil rootkit, his work in the windows below, is not that can be downloaded to the public
Rootkit
- 这是内核有名的irphook的源码 ,大家可以自己测试,功能不错啊 -This is a well-known irphook the kernel source code, we can test its own functions well ah
bkit
- Bootkit 等同于rootkit的程序源代码-Bootkit equivalent rootkit program source code
RKU
- Rootkit Unhooker是一款较新的RK检测工具,来自俄罗斯.其检测手段比IceSword可靠得多(虽然功能还不如IceSword齐全).有服务描述表钩子检测和恢复,强大的进程检测,强大的驱动检测,隐藏进程杀除,API钩子检测,驱动转储,生成报告等等功能. 修复加载器崩溃问题,:) v3.8.342.554版更新: + 能够跳过用户模式扫描 + 添加整个中断描述表列表选项 + 改进中断描述表检查 +