搜索资源列表
SSDTHookTest
- SSDT Hook 简单示例 Hook Native Api ZwQuerySystemInformation 达到隐藏cmd.exe进程的效果,进程名没有大小写限制。(学习agony RootKit的成果)-The SSDT Hook, Native Api the ZwQuerySystemInformation native API to hide the effects of the cmd.exe process, process name is not a case limit.
031_Rustock_2010.pdf
- Document describing rustock rootkit analysis
The_Evolution_of_TDL.pdf
- show overall evolution of tdl rootkit
jynx2
- linux下的最新rootkit,用户层的,使用的是2.6.*下的ld-preload,在多个版本下面测试可用.-The latest rootkits under linux, the user layer, using the 2.6* ld-preload, available in multiple versions of the following tests.
RProtect_32
- RPProtect-主动防御代码,防范Windows系统的RootKit-RPProtect-active defense code, prevent the Windows system RootKit
cboootkitbasso
- 可在系统引导时工作的RootKit,较简单易懂1) It s very small.The basic framework is just about 100 lines of assembly coodee.It supports 2000,XP,20032) It patches the kernel at runtime(no files are patched on disk).(basic -Can work at system boot time RootKit, is rela
BAArpWorml
- 黑色技术蠕虫下载者[完整源码]作者:教主信息来源:邪恶八进制信息安全团队(www.eviloctal.com)作者网站::黑色技术 www.Rootkit.com.cn公开源码用于编程交流。利用此代码修改或传播与作者无任何关系。 已通过测试。 -Black worm that those who download the complete source code] Author: leader of sources of information: the evil the octal inf
TCCRootkith
- 这是个 rootkit 程序,反正什么功能都提供了,文件件、注册表等等都有。-rootkit, -This is a rootkit programs, anyway, what features are available, pieces of files, registry and so on have.-Rootkit,
PageHack
- 隐藏驱动源代码,是学习rootkit的很好的参考资料,值得下载学习-Hide the driver source code, is to study the rootkit' s a good reference, it is worth the download learning
YasFindObject
- rootkit 隐藏文件,进程,等等很多功能-rootkit to hide files, processes, and so many features
src-antisplicing
- driver antisplicing reveal rootkit
ARK__ALL_HOOOl
- 当今WINDOWS系统下全部rootkit比较流行的HOOK方方式,即使被主动hips查杀,也绝对具有学习的价值 -WINDOWS system today all rootkit more popular HOOK square, even if they are active hips killing, absolutely has the value of learning
BIOS_ROOTKIT
- BIOS ROOTKIT 学习资料及源码-The BIOS ROOTKIT learning information and source
BIOS-Rootkidoc
- bios rootkit文档资料 实现代码例子 ntldr分析-Remote control all works in VC6 and VC2005 were compiled by
Driver_RootKit
- 驱动级RootKit工具,可以用来隐藏进程和驱动-The drive level RootKit tools, can be used to hide processes and drive.
drivers
- load and unload driver or rootkit
bhwin_2
- begin 4 rootkit programming
muma
- 木马防御与攻击一书的代码,反弹连接,匿名管道通信,远程cmd,进程管理,rootkit,dll注入等技术-the source code of Trojan defense and attack , the rebound connection, as anonymous pipes communication, remote cmd in the process of management, a rootkit, dll injection technology
ark
- HSQARKH 完整源码(ark),用于安全防护-anti rootkit source code
tsk-xview-src
- Cross-view based rootkit detection tool based on The Sleuth Kit API and Microsoft’s Offline Registry API