搜索资源列表
kill---HideToolz
- VB Ring3枚举进程 可以检测到HideToolz隐藏的进程!-VB Ring3 enumeration process can detect hidden processes HideToolz!
hookzwquery
- 用汇编实在Ring3 和 Ring0 下的Inline HooK-It Ring3 and assembly under the Inline HooK Ring0
Ring3Drive
- Ring3下模拟NtSystemdebugControl实现驱动功能-Ring3 drive functions to achieve simulated NtSystemdebugControl
CheatEngine
- 这是一段游戏修改工具的源代码.ring3功能由dephi开发,驱动是C开发.希望对大家有帮助-This is game modification tools section of the source code. Ring3 features developed by Delphi, the drive is the C development. I hope all of you help
NtSystemDebugContrl_ring0_beep
- ring3下使用NtSystemDebugContrl写端口播放声音-ring3 use NtSystemDebugContrl write port to play a sound
ring3_inline_hook_demo
- tat hook api 在一个文件中对自身调用的api进行hook的一个例子。-tat hook api in a document of its own hook to call api
Packet_Analysis
- 基于Passthru的扩展,抓取IP数据包,并在内核中利用队列、系统线程实时将IP数据包解析到磁盘文件中,同时提供用户控制,在RING3使用SDK编写界面。 本程序可以帮助您熟悉驱动编写、windows编程、用户态和内核态交互编程以及网络知识的基础应用。 驱动安装使用snetcfg,已集成到用户界面中。-Based on the expansion of passthru, crawl IP packet, and the use of the kernel queue, the sys
antidebug_nt_ring3
- The example that shows how to use int2e trick to use ZwSetInformationThread to hide from ring3 debuggers
EnumIFEO
- 检查IFEO的劫持项目,只能检查出来,Ring3程序,没写修复功能-IFEO hijacking inspection projects, only to check out, Ring3 procedures, did not repair Writing
hidefile-0.3.2.tar
- 文件隐藏代码2,实现在Linux环境下,Ring3下实现-filehide
Kehook
- 对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-The hook, from ring3 there are many, ring3 to ring0 there are many, according to api call progressive sequen
MagicAPiHook
- Magic ApiHook Ring3(usermode) hooks
orz
- 这个是我反汇编出来了机器狗的ring3层的代码,差不多都是从IDA里复制过来的,我基本上看不懂,欢迎来聊机器狗。qq295333637-This is my dog out disassemble ring3 layer of code, almost all come from the IDA in copy, and I basically can not read, welcome to dog chat. qq295333637
NtfdDisk20090710
- 这个机器狗创建的符号链接是NtfdDisk 基本原理都是修复补丁,再断开AttackDevice,再在ring3层直接寻址感染-This dog is a symbolic link created the basic principles are NtfdDisk repair patch, and then disconnect AttackDevice, then layer in the direct addressing ring3 infection
delphi_PspTerminateProcess
- delphi版内核调用PspTerminateProcess杀进程源码,在ring3下搜索PspTerminateProcess地址,传给ring0,然后在ring0下调用。-delphi kernel call PspTerminateProcess kill the process, source code, in the next ring3 search PspTerminateProcess address, passed ring0, and then ring0 invoked.
CCRootkit-V0.1
- 一般网上找到的都是需要Ring3传输需要补丁的地址过去... 002就是直接用最标准的方法进行SSDT定位以及修复的 支持多核系统,当然还有003(加入shadow ssdt hook),004(加入inline hook) 基本上是现在最稳定的恢复方式了,大家可以用KMDLoader测试.加载就脱钩.不需要通讯 -Generally find on the Internet are required Ring3 address transmission needs a patc
ProMgr
- 用Native API写的任务管理器源码,集合了Ring3下结束进程的大部分方法,能够检测内核隐藏模块和内核级隐藏进程-An internal task manager
getdiskinfo
- 获取磁盘内信息,用于WinNT/Win2000,对Win9X无效 通过MS的S.M.A.R.T.接口,直接从RING3调用 API DeviceIoControl()来获取硬盘信息-Access to the information in the disk, for WinNT/Win2000, valid for Win9X By MS, S.M.A.R.T. interface calls directly from the RING3 API DeviceIoControl
rtl
- RTL special definitions for ring0 & ring3 in one header.
VC_ProcessMgr
- 在ring3下就能结束很多进程的强大的任务管理器,VC版的。-Many will end in ring3 process under the powerful Task Manager, VC version.