搜索资源列表
bh-us-04-tsyrklevich
- API hooking bypass ideas, ring0/ring3
rewolf.wow64ext.v1.0.0.6
- Heavens gate injection library in ring3, x64->x86.
kblogger
- ring3层 通过获取键盘状态 实现键盘记录-ring3 getanykeystate keyboard logger
srccode
- DeviceIoControl函数在ring0和ring3的交互示例 不用多说了吧-DeviceIoControl function in an interactive example ring0 and ring3 Needless to say it. . .
MzfHipsTray
- 一个简易版Hips, 目前实现的有程序运行监控, 注册表修改监控, 驱动加载监控, 时间修改监控 RING3-A simple version of the Hips, the current implementation of the program to run monitoring, registry changes to monitor, drive load monitoring, time to modify the monitoring This is ring3
全局句柄表枚举进程(支持x64)
- 使用ring3与ring0层通信,遍历内核全局句柄表完成进程枚举,有对僵尸进程的判断处理。支持x86,x64。
DeviceControl
- ring3与ring0通信,配合之前的Shadow hook!简单明了-ring3 communicate with ring0, with the previous Shadow hook! Foolproof
Ring0_inlink_Hook
- 2015年9月底,自己编写的前5字节的内联hook!带Ring3通信器-By the end of September 2015, he has written the first 5 bytes of inline hook! Communicator with Ring3
[7-2]EnumRemoveImageNotify
- 枚举与删除映像回调,映像回调可以拦截RING3 和 RING0的映像加载。- Enumerate and delete image correction, image correction can intercept RING3 and RING0 the image is loaded.
[6-2]Ring3InlineHookAntiHook
- RING3 环境下的INLINE HOOK和反 Hook-INLINE HOOK and anti Hook RING3 Environment
[6-1]RemoteThreadToSystemProcess
- 在RING3环境下完成注入DLL到系统进程,实现破解session隔离机制-Done under RING3 environment to system process DLL injection, to achieve break session isolation mechanism
dwaddcc
- RING3部分直接用了C++代码 LO.e 是驱动代码 实现了驱动的基本功能 创建链接符号等等 先运行Dbgview.exe 选中capture capture kernel 再运行LOApp.exe 输1,2...回车看看输出 -RING3 section of code directly with the C++ too lazy to use easy language to write code LO.e is driving the basic func
39009
- Ring3 ZwQuerySystemInformation Hook(HideProcess) 环境是xp sp2。需要注意的是在Debug版本中可能会存在问题,因为在使用WriteProcessMemory的时候可能会把int 3拷贝过去,所以大家要使用最好使用Release版。-ZwQuerySystemInformation Hook Ring3 (HideProcess) environment is SP2 xp. It should be noted that the Debug
NtSystemDebugContrl_ring0_beep
- ring3下使用NtSystemDebugContrl写端口播放声音-ring3 use NtSystemDebugContrl write port to play a sound
rtl
- RTL special definitions for ring0 & ring3 in one header.
user
- 用户态与内核态的通信,是windows内核的ring3与ring0 的通信
NtSystemDebugContrl_ring0_beep
- ring3下使用NtSystemDebugContrl写端口播放声音-ring3 use NtSystemDebugContrl write port to play a sound
rtl
- RTL special definitions for ring0 & ring3 in one header.
Suspend_Resume
- Ring3层挂起进程和恢复进程运行源码 代码流畅整洁- Ring3 layer hang process and restore process running source The code is clean and tidy
sedirected
- Switch ring3 to ring0 从ring3切换到ring0的代码-The Switch ring3 to ring0 Switch ring3 to ring0 code