搜索资源列表
Ring3SSDT
- Ring3下安全获取原始SSDT地址 enjoy it-Ring3 under secure access to the original SSDT Address enjoy it
Hook
- 本文从难易程度上主要分三块详细介绍:一.用户模式Hook:IAT-hook,Dll-inject 二.内核模式Hook:ssdt-hook,idt-hook,int 2e/sysenter-hook 三.Inline Function Hook -In this paper, Difficulty Level 3 detail the main points: 1. User Mode Hook: IAT-hook, Dll-injec
CCRootkit-V0.1
- 一般网上找到的都是需要Ring3传输需要补丁的地址过去... 002就是直接用最标准的方法进行SSDT定位以及修复的 支持多核系统,当然还有003(加入shadow ssdt hook),004(加入inline hook) 基本上是现在最稳定的恢复方式了,大家可以用KMDLoader测试.加载就脱钩.不需要通讯 -Generally find on the Internet are required Ring3 add
ProcessProtect
- 在Ring0下实现保护进程,通过HOOK SSDT实现保护进程-The Ring0 achieve protection process, achieved through the protection process HOOK SSDT
SSDT_UnHook_C
- SSDT_UnHook_C ssdt 绕过杀毒软件主动防御-SSDT_UnHook_C ssdt to bypass anti-virus software, Active Defense
UTM4XP
- 一个简单ARK源码。包括进线程操作,隐藏进程检测,SSDT,SHADOW SSDT hook查看-An anti-rookit tool
Rookit
- 一个Rookit工具源码,功能强大,SSDT,包括驱动部分-1 Rookit tool source, powerful, SSDT, including the driven part of
HOOK
- SSDT 及 SSDT Shadow HOOK通用框架及保护模块-SSDT and the SSDT Shadow HOOK common fr a mework and protection module
NtReadVirtualMemorysswe
- SSDT 下恢复 ntreadvirtualmemory 对抗一些反病毒程序 -SSDT resume ntreadvirtualmemory against some anti-virus program
DriverTutorial
- Writing drivers to perform kernel-level SSDT hooking
code
- SSDT Hook Source with Visual Stuio 6.0 (C++)
ProtectMon
- 驱动开发,根据PID保护进程,HOOK了 SSDT NtOpenProcess函数,至少可以抵御一切R3病毒终结你的进程!!适合新手学习HOOK ssdt的入门研究-Driven development, the protection under the PID process, HOOK the SSDT NtOpenProcess function, at least the end of you against all the
HookSSDT
- hook SSDT 表保护进程,防止进程被非法结束-hook SSDT biao bao hu jin cheng
unfilewrite
- HOOK SSDT 不让创建文件初学者看。高手飘过-HOOK SSDT Not to create the file。master drifting away
MyIS
- 一个类似icesword的东西,驱动级,有显示进程、内核模块、启动组、SSDT、消息钩子、等功能。-A similar icesword things, drive level, showing the process, the kernel module, start the group, SSDT, news hooks, and other functions.
vcvcvccSSDT
- ssdt自动修复程序vc编程。windowsXP SP2-ssdt automatically fix vc programming. windowsXP SP2
InlineHookScan
- 驱动层搜索内连HOOK,查看SSDT中的内核函数的开头是否被内连HOOK-Search within driving layer with HOOK, see SSDT in the beginning of the kernel function is to be in with HOOK
KProcecss
- Vb Kill Process SSDT
NtOpenProcessSSDTHook
- 驱动级SSDT 钩子 打造完美不死程序 挂接NtOpenProcess 函数,防护进程不被关闭-SSDT hooks create the perfect drive-level program articulated NtOpenProcess die function, the process of being shut down protection
SSDT
- SSDT恢复的程序源 参考调试信息: Linking f:\driver\3 directory ******************** nmake.exe /c BUILDMSG=Stop. -i LINKONLY=1 NOPASS0=1 NTTEST= UMTEST= 386=1 link -out:.\i386\DrvTest.sys -machine:ix86 @C:\DOCUME~1\LANGO