搜索资源列表
irpHook
- IRP钩子隐藏所有通讯端口加图片IRP hooks hide all communication ports plus pictures-IRP hooks hide all communication ports plus pictures
Handling-IRPs
- 详细了解Windows Driver里面的重要概念IRP。-This paper presents an overview of the I/O request packet (IRP) mechanism that is used in the Microsoft® Windows® family of operating systems. It is intended to provide driver writers with a greater understandi
Windows-Rootkits
- Rootkits技术在信息安全领域越来越受到重视,各种Anti-rootkits新技术不断出现。在各种Anti-root- kits工具的围剿下,常规的Rootkits隐藏技术难以遁形。在系统分析和深入研究传统内核级Rootkits隐藏技术的基 础上,提出了一个集驱动模块整体移位、内核线程注入、IRP深度内联Hook 3种技术为一体的Rootkits隐藏技术体 系。-Rootkits technology in the field of information security mo
sector--read-write
- This Tool is for reading/writing directly from/to disk sectors by sending the IRP s to disk class driver.
Hook8034
- 可以实现兼容PS/2键盘和USB键盘的Logge 源代码 键盘Logger是Hook 键盘类驱动Kbdclass的分发函数,在类驱动的下面是端口驱动。用DeviceTree 可以看到PS/2键盘的端口驱动是i8042prt,USB键盘的端口驱动是Kbdhid。无论是PS/2 键盘还是USB键盘,在端口驱动处理完IRP之后都会调用上层处理的回调函数,即KbdClass 处理输入数据的函数。-Can realize the compatibility of PS/2 keyboard and USB
ReadSector
- ReadSector是一个通过来发送IRP读取磁盘信息的工具(源码)。-eadSector to send an IRP to read through the disk information tool (source code).
cancel
- This sample demonstrates the use of new cancel safe queue (IoCsqInitialize, IoCsqInsertIrp, IoCsqRemoveIrp, IoCsqRemoveNextIrp) APIs introduced on Windows XP for queuing IRPs in the driver s internal device queue. By using these APIs, driver writers
KeyBoardFilter
- 这是非常好的一个键盘记录源码 主要功能完成了 不过还有个问题 就是加载完过滤驱动后第一个按键截不到,因为在attach到KBDCLASS之前,已经有一个read irp已经发下去了,我还没找到办法如何把之前发下去的这个IRP给弄掉,谁有好的建议 小弟在此多谢了-This is a keylogger
FFilleFiltteri
- 文件过滤驱动driver程序源码,这这个源码实例用来过滤IRP 。 -File filter driver driver program source, the source code examples used to filter IRP complete source code.
irphook3
- IRP hook源码-The IRP the hooksource
file-filter-driver
- 文件过滤驱动DOC详解,讲述了各种文件过滤及保护机制,IRP消息的传递,最后面还附了部分网络及其他类型过滤驱动简介。-DOC, file system filter driver, explain about file filtering and protection mechanisms, the IRP message passing, the final surface is also attached to the Introduction of a part of the networ
RenameFile
- 网络中已经有一些实用IRP直接操作文件的例子,不过文件重命名操作有点特俗,且没例子。这里是一个内核中文件重命名的示例-Network has some examples of practical the IRP direct operating file, but the file rename operation is a bit special customs and no examples. Here is an example of the kernel file rename
ExTools-src-v1.2
- 内核级别的hexviewer,文件操作直接采用IRP操作,源码,vc-The kernel level hexviewer, file operations directly IRP operation, source, vc++,
kssd-rootkit
- 看雪学院Rootkit学习,1.内核Hook:对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-See snow Institute Rootkit learning, kernel Hook: hook from ring3 many, ring3 to ring
rwWithIrp.tar
- IRP Dev sample and others things
gpio
- Android GPIO/IRP 中断代码-Android GPIO/IRP interrupts code
CancelIRPTest
- 取消IRP测试-Cancel IRP test
kernel_driver
- 基于三星S3C6410的内核驱动程序,其中包括irp,字符设备,内存申请,系统调用,驱动模块,led驱动-Based on samsung S3C6410 kernel driver, including the irp, character device, memory application, system calls, driver module, the led driver
odm_debug
- For example, IRP Packet OID canceled, device suprisely unremoved and so on.
TestDriver
- 基于WDK环境,开发了分层驱动程序。分层驱动可以将功能复杂的驱动程序分解为多个功能间的驱动程序。-It can finish IRP request.