搜索资源列表
注册表监控系统
- 监控注册表的软件,在驱动层hook ssdt表,拦截所有关于注册表的操作
DelphiRESSDT.rar
- 就是delphi还原SSDT,效果还不错,Delphi is to restore the SSDT, the results were good
Miss920
- Miss920程序行为监视器,运用SSDT HOOK技术,可以简单有效的监控程序行为,现在已经实现了进程监控,文件监控,注册表监控,并且可以有效快捷地进行二次开发。-Miss920 monitor program behavior, the use of SSDT HOOK technology, can be simple and effective monitoring of program behavior, the process has already been realized to
Hook_ZwQueryInformationProcess_VC
- hook ssdt的驱动的实现,隐藏进程。-hook driver
WIN64_SSDTHOOK
- 相比WIN32,WIN64的SSDT发生了较大的变化,在WIN32下挂钩SSDT的代码已经不能在WIN64下使用了。该代码实现win64下挂钩 ssdt-Compared to the WIN32, WIN64 the SSDT occur larger hook SSDT under WIN32 code has been used in WIN64. The code to achieve win64 hook ssdt
SDTrestore-0.2
- SSDT 恢复代码 SSDT 恢复代码-SSDT code to restore to restore SSDT code
antiTX
- 1.恢复shadow ssdt 2.恢复 NtReadVirtualMemory NtWriteVirtualMemory NtOpenProcess NtOpenThread KiAttachProce-1.恢复shadow ssdt 2.恢复 NtReadVirtualMemory NtWriteVirtualMemory NtOpenProcess NtOpenThread KiAttachProcess
vice
- 能够找出给种类型的系统Hook,包括IAT表,SSDT表等相关的钩子-VICE is a tool to find hooks. Features include: 1. Looks for people hooking IAT s. 2. Looks for people hooking functions in-line aka detouring. 3. Looks for hooks in the System Call Table. Thanks to Tan perh
antihook_src
- 创建一个内核驱动,伪造一个ssdt表,使得ssdt钩子失效。-Create a kernel driver, forged a ssdt table, making failure ssdt hook.
biostelnet
- 向BIOS中植入模块,HOOK中断向量表,HOOK NTLDR加载过程以及HOOK内核函数,SSDT hook。-Add module into bios,HOOK IVT,HOOK NTLDR loder process and hook knrnel function,just as SSDT HOOK
Registry_protection
- 在内核状态下拦截注册表操作,保护您的注册表不受病毒和木马修改。主要是通过ssdt hook实现,含有完整的代码,包括与应用层通信,和界面代码.-State in the core to intercept registry operation to protect you from viruses and Trojan registry modifications. Mainly through the realization of ssdt hook, contains a complete
SESYS
- 取page段地址的代码 大概包括了ssdt, idt, msr钩子,3种notify,还有从文件读取偏移抗猥琐的代码. 支持这个编程板块-Get page segment address code probably includes ssdt, idt, msr hook, three kinds of notify, also read from the file offset anti-insignificant code. To support the programming plate
_ssdt
- SSDT查看-Show SSDT ........................
UTM4XP
- 一个简单ARK源码。包括进线程操作,隐藏进程检测,SSDT,SHADOW SSDT hook查看-An anti-rookit tool
code
- SSDT Hook Source with Visual Stuio 6.0 (C++)
InlineHookScan
- 驱动层搜索内连HOOK,查看SSDT中的内核函数的开头是否被内连HOOK-Search within driving layer with HOOK, see SSDT in the beginning of the kernel function is to be in with HOOK
KernelLookup
- Open Source SSDT Hook detection utility, it will scan the SSDT Entries in the kernel (ntoskrnl.exe) and find the functions that are hooked & not in the kernel base address range .
_123_
- 利用HOOK SSDT表达到隐藏进程信息,内有驱动代码和加载代码-Use the expression to hide the process HOOK SSDT information, there are driver code and load code
ressdt2
- SSDT 恢复源码,如果你的SSDT表中的函数被hook,可用此代码恢复-SSDT restore source, if your SSDT table function is hook, this code can be used to restore
windows_kernel_tool
- 一:SSDT表的hook检测和恢复 二:IDT表的hook检测和恢复 三:系统加载驱动模块的检测 四:进程的列举和进程所加载的dll检测 -1: SSDT table hook detection and recovery 2: IDT table hook detection and recovery 3: System load driver module test 4: the process list and the process of loading the dll