搜索资源列表
SSDTHook
- 对付ring0 inline hook的基本思路是这样的,自己写一个替换的内核函数,以NtOpenProcess为例,就是 MyNtOpenProcess。然后修改SSDT表,让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是,实现NtOpenProcess前10字节指令,然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了,在ring3直接调用OpenProcess再也毫无影响。
HookShadowSSDT
- 一个演示如何hook shadow ssdt表的例子。
KillIceSword(SSDT_and_Inline_Hook_in_Ring0)
- 通过SSDT绕过IceSword的inline Hook来关闭IceSword
hookssdt
- 再谈内核及进程保护,利用hook掉系统ssdt保护进程的例子。
注册表监控系统
- 监控注册表的软件,在驱动层hook ssdt表,拦截所有关于注册表的操作
Hook_ZwQueryInformationProcess_VC
- hook ssdt的驱动的实现,隐藏进程。-hook driver
kernel-reload
- 这份是重载内核,知道重载内核能干什么了,基本所有的ssdt和shadow ssdt都能恢复,神马hook之类的弱爆了-This is overloaded kernel know to reload the kernel can do the basic the all ssdt and shadow ssdt, will recover, of Shenma hook like a weak burst
WIN64_SSDTHOOK
- 相比WIN32,WIN64的SSDT发生了较大的变化,在WIN32下挂钩SSDT的代码已经不能在WIN64下使用了。该代码实现win64下挂钩 ssdt-Compared to the WIN32, WIN64 the SSDT occur larger hook SSDT under WIN32 code has been used in WIN64. The code to achieve win64 hook ssdt
falkssdtHOOK
- 通过伪造SSDT来拦截对SSDT的HOOK调用-By forging SSDT to intercept calls to the SSDT' s HOOK
_123_
- 利用HOOK SSDT表达到隐藏进程信息,内有驱动代码和加载代码-Use the expression to hide the process HOOK SSDT information, there are driver code and load code
drv-HOOKSSDT
- HOOK SSDT的代码,SSDT不用我说了吧,懂驱动的都明白。-HOOK SSDT code, SSDT I do not say it, understand the drivers can understand.
RESSDTEX
- reset 系统SSDT表,恢复被其他驱动hook修改的函数-SSDT table reset the system, restore the hook to modify the function of other drivers
hookSSDT
- 关于恢复hook ssdt的源码,可以过一般的游戏保护-Recovery hook ssdt on the source, can be protected over most games
SSDTviewer
- ssdt恢复的。可以恢复被hook的ssdt,达到过游戏保护的功能-ssdt recovery
Hidden-process-detection
- 进程隐藏与检测,在驱动中通过hook ssdt表来实现进程隐藏的目的!-Hidden process detection process hidden in the drive through the hook ssdt table!
Read_SSDT
- 这是一份读取SSDT表的源代码,里面也有HOOk的例子-a code which can read SSDT and Hook some SSDT funtion NtUserFindWindowEx FindWindow NtUserGetForegroundWindow GetForegroundWindow NtUserQueryWindow GetWindowThreadProcessId NtUserWindowFromPoint WindowFromPoint NtUserBuild
HookShadowSSDT
- hook系统描述表,ssdt表,vs2005编译通过-hook system descr iption table, ssdt table
zhuoran
- 主要通过hook ssdt api 进行驱动保护 -Mainly driven by hook ssdt api protection
registry-monitor
- windows注册表监控源码。Ring0级中HOOKSSDT实现。-Windows registry monitoring source. The level Ring0 hook SSDT achieve.
Driver Loader/Unloader Example Source Code
- self explantator winddk needed