搜索资源列表
FireWall
- 采用VC++和Delphi两种编程工具,设计出的一个基于TDI、FireWall-Hook双层过滤的防火墙。界面基于Delphi,驱动基于VC++.-VC++ and Delphi using two kinds of programming tools, to design an on TDI, FireWall-Hook layer filtering firewall.
InlineHookScan
- 驱动层搜索内连HOOK,查看SSDT中的内核函数的开头是否被内连HOOK-Search within driving layer with HOOK, see SSDT in the beginning of the kernel function is to be in with HOOK
SSTDForVB
- SSDT HOOK VB实现源码,调用底层函数,实现的SSDT HOOK.适合VB研究驱动。-SSDT HOOK VB to achieve source, call the underlying function, to achieve the SSDT HOOK. For VB research-driven.
protector_driver
- 利用钩子技术配合驱动来控制进程创建,想学驱动保护的可以下载研究下-With the use of hook-driven technology to control the process of creating, want to learn driving under the protection of study can be downloaded
windows_kernel_tool
- 一:SSDT表的hook检测和恢复 二:IDT表的hook检测和恢复 三:系统加载驱动模块的检测 四:进程的列举和进程所加载的dll检测 -1: SSDT table hook detection and recovery 2: IDT table hook detection and recovery 3: System load driver module test 4: the process list and the process of loading the dll
InlineHook_PspTerminateProcess
- inline hook未导出函数PspTerminateProcess, 驱动,可以用于防止进程关闭-inline hook not exported function PspTerminateProcess, drivers can be used to prevent the process of closure
RESSDTEX
- reset 系统SSDT表,恢复被其他驱动hook修改的函数-SSDT table reset the system, restore the hook to modify the function of other drivers
modifyGame
- 原来写的一个dnf的修改内存工具,采购钩子技术和驱动技术完成内存的追踪和修改。-Originally written in memory of a dnf modification tools, technology and drive technology procurement hook to complete the track and modify memory....
object-hook
- 信息隐藏亮点之一: 将rootkit作为资源隐藏于用户模式程序之中 亮点之二: 将这个用户程序代码作为生成密钥的引子,可以有效地防止逆向后,隐藏信息被纰漏,因为只有逆向后生成的 代码,跟原作者的代码丝毫不差,将来才能打开其隐藏至深的下载者链接及代码。 亮点之三:用一个固定的KEY,通过某种运算,产生出1024个密钥组成的数组。 然后用这个密钥组与用户代码进行运算,最终生成一个4字节的解码KEY。 利用解码KEY,在从加载到内存的驱动中,找出隐藏在其资源中的那份肮脏的 下载
APIHook
- API拦截pdf的手册,里面讲解了Injection\IAT HOOK,以及实现的代码,还讲解了驱动层的HOOK部分-API interception pdf manual, which explains Injection \ IAT HOOK, and the realization of the code, but also explain part of the driver layer HOOK
Source-protection-process
- 无驱动 无hook 纯API编写的保护自身进程源码 防止自身进程,防止被恶意关闭,此源码进程保护强度一般、-No drive no hook pure API code written to protect its own process to prevent its own process, to prevent malicious closed, the source protection process, general strength,
DLL
- 驱动级DLL注入源码。包含有系统兼容性检测、驱动DLL注入技术、API HOOK技术,并且提供应用层测试。-Driver stage DLL into the source code. Contains system compatibility testing, driving the DLL implantation technology, technology, and provide the HOOK API application layer test.
XueTr
- 1.进程、线程、进程模块、进程窗口、进程内存信息查看,热键信息查看,杀进程、杀线程、卸载模块等功能 2.内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、IDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查
SSDT-Hook-Driver-and-mfc-interface
- HOOK SSDT中SetInformation 函数的 驱动程序 配有mfc的用户模式界面 实现了Createfile readfile writefile IOCTL 这几个分发函数 在IOCTL中实现了对SetInformation函数的HOOK-SSDT Hook Driver test with mfc interface
inline-hook-inframe
- 介绍inlinehook的框架,对深入研究驱动非常有好处-inline hook instructions
api-pe-Hook
- api hook ,windows下pe挂钩的, 拦截 改写驱动安装api 的例子 +++++分-api hook ,windows下pe挂钩的, 拦截 改写驱动安装api 的例子+++++分
ssdt-shadow-hook
- 易语言 ssdt shadow hook 保护窗口,挂钩多个函数,兼容X86 XP~2008所有32位操作系统。包含调用和驱动源代码,使用sys边源包可编译-The easy language ssdt shadow hook Protection window, linked to more than one function, compatible with X86 XP ~ 2008 all 32-bit operating system. Contains call and driver
InLine-HOOK
- 现在没有保护的游戏越来越少了,不管游戏开发商采用的是知名的保护软件,还是自己开发的保护,都涉及到驱动。没办法,谁叫我喜欢分析数据了呢那就过保护吧!怎么过,没头绪。先学习一下内核编程吧。主要是内核HOOK。今天就学习一下InLine HOOK。-Fewer games without protection, regardless of game developers using the well-known protection software, or develop their own pro
VCPP-driver-Hook-kernel-system-call
- VC++ 驱动层Hook系统内核调用 VC++ driver Hook kernel system call VC++ driver Hook kernel system ca-VC++ driver Hook kernel system call
hook
- 键盘Hook,在驱动级实现键盘Hook,进而控制键盘-Keyboard Hook