搜索资源列表
Hooking_the_kernel_directly
- 直接内核钩子。教你如何用C写内核函数钩子。文件里面包含了详细文档和代码。-direct kernel hook. Teach you how to write C kernel function hook. File includes detailed documentation and code.
hook-linux.rar
- Linux 2.6 内核下劫持系统调用,代码比较简单,还是可以参考参考的。,Linux 2.6 kernel system call hijacking, the code is relatively simple, or can refer to as a reference.
SSDT-hook
- Windows内核态SSDT-hook实现进程隐藏和文件隐藏,代码很规整,学习内核编程的好例子 -a good example of studying kernel programing or driver developing, SSDT hook
kernel-reload
- 这份是重载内核,知道重载内核能干什么了,基本所有的ssdt和shadow ssdt都能恢复,神马hook之类的弱爆了-This is overloaded kernel know to reload the kernel can do the basic the all ssdt and shadow ssdt, will recover, of Shenma hook like a weak burst
NtQuerySystemInformation
- 这是介绍如何在Windows驱动层 HOOK NtQuerySystemInformation内核 函数的文章。 这篇文章超级详细的介绍了这个函数的每一个参数以及用法。-This is how the Windows kernel function driver layer HOOK NtQuerySystemInformation article. This article describes the super-detailed each parameter of this function
anti-ssdt
- Windows XP是通过sysenter调用KiFastCallEntry将ntdll.dll的调用切换到内核的。KiFastCallEntry的原理是通过在SSDT中查找函数地址跳转。所以只要伪造一张原始SSDT,就可以使得SSDT-HOOK无效了。-Windows XP by calling KiFastCallEntry sysenter ntdll.dll call will switch to the kernel. KiFastCallEntry SSDT principle i
inlineKiInsertQueueApc
- 内核hook KiInsertQueueApc apc级保护进程-Kernel-level hook KiInsertQueueApc apc protection process
antihook_src
- 创建一个内核驱动,伪造一个ssdt表,使得ssdt钩子失效。-Create a kernel driver, forged a ssdt table, making failure ssdt hook.
DiskMon
- DiskMon运行在NT4上才加载驱动,在W2k以上平台其使用kernel event tracing实现磁盘活动的监视, 但其驱动可以跑在W2k/XP/2K3/Vista上 该驱动Hook了disk的driver dispatch例程,不仅可以监视磁盘活动,稍微改下还能拦截、修改上层对磁盘的读写, 很容易就可以搞个什么 基于Disk的 -DiskMon only run on NT4 load on the drive, more than W2k platform in i
KernelHook
- Example of kernel hook (MS Visual Studio 2005) of system call NtOpenProcess to prevent opening process from user mode
kernel.txt.tar
- Sometimes, we run into a situation when we badly need to hook some kernel function, but are unable to do it via conventional PE-based hooking. This article explains how kernel functions can be directly hooked. As a sample project, we are going to pre
Hook
- 本文从难易程度上主要分三块详细介绍:一.用户模式Hook:IAT-hook,Dll-inject 二.内核模式Hook:ssdt-hook,idt-hook,int 2e/sysenter-hook 三.Inline Function Hook -In this paper, Difficulty Level 3 detail the main points: 1. User Mode Hook: IAT-hook, Dll-inject 2. Kernel-mode Hook: ssdt-ho
kernel-Inline-Hook-word-doc
- kernel Inline Hook word doc 详谈内核三步走Inline Hook实现-kernel Inline Hook word doc go into the details to achieve core three-step Inline Hook
VB-Del-Kernel-Hook
- VB恢复内核钩子的一个示例工程文件。可以调试。-VB restore a core sample project file hook. For debugging.
Linux-Network-Kernel-Stack
- Linux网络核心堆栈。本文讨论模块编写者如何利用Netfilter hook 来实现任意目的以及如何将将网络通信在基于Libpcap 的应用程序中隐藏。-Linux core of the network stack. This article discusses how to use Netfilter hook module writers to achieve any purpose and how the network communications applications base
InLine-HOOK
- 现在没有保护的游戏越来越少了,不管游戏开发商采用的是知名的保护软件,还是自己开发的保护,都涉及到驱动。没办法,谁叫我喜欢分析数据了呢那就过保护吧!怎么过,没头绪。先学习一下内核编程吧。主要是内核HOOK。今天就学习一下InLine HOOK。-Fewer games without protection, regardless of game developers using the well-known protection software, or develop their own pro
Kernel Inline Hook
- 目前流行和成熟的kernel inline hook技术就是修改内核函数的opcode,通过写入jmp或 push ret等指令跳转到新的内核函数中,从而达到修改或过滤的功能。这些技术的共同点 就是都会覆盖原有的指令,这样很容易在函数中通过查找jmp,push ret等指令来查出来, 因此这种inline hook方式不够隐蔽。本文将使用一种高级inline hook技术来实现更隐蔽的 inline hoo技术(Currently popular and mature kernel in
HookSSDT
- 驱动重载 Hook SSDT 绕过钩子 理论上过一切保护(reload-kernel , Hook SSDT)
HOOK graphics driver_
- hook d3d显卡驱动源码,内核驱动hook(hook D3D graphics driver source code, kernel driven hook)
火绒注入(内核hook稳定注入)
- 火绒注入(内核hook稳定注入),功能强大,完美实用各种场景(Tinder injection (kernel hook stable injection), powerful, perfect and practical all kinds of scenes)