搜索资源列表
menu_hook_effect
- 利用钩子实现菜单阴影效果 有很多人对Office XP里面的菜单的阴影效果羡慕不已,它不需要在Windows XP 中就可以在菜单后面显示阴影, 当然在Windows XP中, 已经完全支持菜单阴影了。 虽然我们不一定很有必要自己来实现这个较难实现的效果。但是正如有很多人想实现那种IE风格的菜单栏一样,尽管它们并不能为我们带来更多实用的功能, 却可以使我们的程序看起来与众不同。 -use menus hook shadow effect of a lot of pe
hookN
- 国外收集的多个hook代码 Let s talk about kernel and drivers --- --- --- --- --- ----- Author: Holy_Father <holy_father@phreaker.net> / When you see the shadow, think about the light that causes it / Version: 1.0 english Birthday:
ShadowTableHook
- Shadow table hook,一种新的Hook方式
HookShadowSSDT
- 一个演示如何hook shadow ssdt表的例子。
kernel-reload
- 这份是重载内核,知道重载内核能干什么了,基本所有的ssdt和shadow ssdt都能恢复,神马hook之类的弱爆了-This is overloaded kernel know to reload the kernel can do the basic the all ssdt and shadow ssdt, will recover, of Shenma hook like a weak burst
SSDT-Shadow-Hook
- Hook 了以下函数: NtUserFindWindowEx FindWindow NtUserGetForegroundWindow GetForegroundWindow NtUserQueryWindow GetWindowThreadProcessId NtUserWindowFromPoint WindowFromPoint NtUserBuildHwndList EnumWindows NtUserSetWindowLong SetWindowLong
antiTX
- 1.恢复shadow ssdt 2.恢复 NtReadVirtualMemory NtWriteVirtualMemory NtOpenProcess NtOpenThread KiAttachProce-1.恢复shadow ssdt 2.恢复 NtReadVirtualMemory NtWriteVirtualMemory NtOpenProcess NtOpenThread KiAttachProcess
antihook_src
- 创建一个内核驱动,伪造一个ssdt表,使得ssdt钩子失效。-Create a kernel driver, forged a ssdt table, making failure ssdt hook.
MenuHook
- VC++利用Hook钩子实现的阴影菜单,不要误认为是Winodws系统自带的阴影菜单,仔细看你就会发现两者是不一样的,一样令人羡慕不已,尤其是使用钩子实现,相信对VC++编程者来说,有空的时候还是要看一下哦!虽然大家对这种效果已经司空见惯了,但实现起来没有想像的那么简单,因此具有参考价值。-VC++ to use the realization of the shadow of hook Hook menu, do not mistakenly think it is the shadow of
FU_Lite
- Shadow Walker is not a weaponized attack tool. Its functionality is limited and it makes no effort to hide it s hook on the IDT or its page fault handler code. It provides only a practical proof of concept implementation of virtual memory sub
CCRootkit-V0.1
- 一般网上找到的都是需要Ring3传输需要补丁的地址过去... 002就是直接用最标准的方法进行SSDT定位以及修复的 支持多核系统,当然还有003(加入shadow ssdt hook),004(加入inline hook) 基本上是现在最稳定的恢复方式了,大家可以用KMDLoader测试.加载就脱钩.不需要通讯 -Generally find on the Internet are required Ring3 address transmission needs a patc
UTM4XP
- 一个简单ARK源码。包括进线程操作,隐藏进程检测,SSDT,SHADOW SSDT hook查看-An anti-rookit tool
HOOK
- SSDT 及 SSDT Shadow HOOK通用框架及保护模块-SSDT and the SSDT Shadow HOOK common framework and protection module
hook_shadow
- VC++利用Hook钩子实现的阴影菜单,希望对大家有所帮助-VC++ implementation using the shadow of the menu hook Hook
XueTr
- 1.进程、线程、进程模块、进程窗口、进程内存信息查看,热键信息查看,杀进程、杀线程、卸载模块等功能 2.内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、IDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查
HookSSDTShadow
- Hook SSDT shadow 示例,首先找到csrss进程然后attach,最后修改ssdt shadow table-Hook SSDT shadow sample, first find the csrss process then attach, last modified ssdt shadow table
shadow-hook
- 采用HOOK界面跟踪达到界面控件随鼠标移动略过个产生随影效果很好看的-The HOOK interface to interface with the tracking control the mouse skip a produce effect is very good with the shadow
ssdt-shadow-hook
- 易语言 ssdt shadow hook 保护窗口,挂钩多个函数,兼容X86 XP~2008所有32位操作系统。包含调用和驱动源代码,使用sys边源包可编译-The easy language ssdt shadow hook Protection window, linked to more than one function, compatible with X86 XP ~ 2008 all 32-bit operating system. Contains call and driver
shadow-ssdt
- 遍历shadow ssdt 的代码 会win窗体HOOK 很有帮助-Traverse shadow ssdt code will win form HOOK helpful
DeviceControl
- ring3与ring0通信,配合之前的Shadow hook!简单明了-ring3 communicate with ring0, with the previous Shadow hook! Foolproof