搜索资源列表
ProcessProtect.rar
- 在Ring0下实现保护进程,通过HOOK SSDT实现保护进程,The Ring0 achieve protection process, achieved through the protection process HOOK SSDT
hook-process
- hook openprocess免杀 保护进程-hook openprocess
AheadLib_2.2.150_Src.rar
- 一、简介 AheadLib 是用来生成一个特洛伊DLL的工具,用于分析DLL中的函数参数调用(比如记录Socket send了什么等等)、更改函数功能(随心所欲了:)、更改界面功能(比如在Hook里面生成一个按钮,截获事件等等)。 二、使用 1.用 AheadLib 打开要模拟的 DLL,生成一个 CPP 文件。 2.用 Visual Studio 6.0/.NET 建立一个 DLL 工程,把这个 CPP 文件加入到项目中。 3.使用 Releas
HookCreateProcess.rar
- API Hook,实现了对CreateProcess的挂钩,可以监视进程的创建。,API Hook, to achieve the linking of CreateProcess, you can create a monitoring process.
Hook-ZwQueryInformationProcess
- hook ZwQueryInformationProcess 隐藏进程-hook ZwQueryInformationProcess for hide process
HookCode
- VC++写的APIHook实例源代码,大致翻了一下,只挂引入表的函数,注入有SetWindowHookEx和CreateRemoteThread两种方式,进程枚举也区分了不同系统下使用的psai和toolhelp,另外为了获得Process的创建消息,做了一个驱动来注册回调函数,总的来说,在注入部分做得相当棒,如果想挂各种函数,可以结合detour使用。-VC++ to write the source code examples APIHook generally turned a bit,
project
- 是一个简单的跨进程的APIHOOK,目标程序是NOTEPAD.EXE很有学习意义,代码部分是网上学习,部分是自己原作。原大家一起学习,另,由于作者也是刚学习,有什么错误请指出,谢谢,邮箱dake1024@163.com-Is a simple process of cross-APIHOOK, the target procedure is very NOTEPAD.EXE learning the meaning of the code is e-learning part of their
Miss920
- Miss920程序行为监视器,运用SSDT HOOK技术,可以简单有效的监控程序行为,现在已经实现了进程监控,文件监控,注册表监控,并且可以有效快捷地进行二次开发。-Miss920 monitor program behavior, the use of SSDT HOOK technology, can be simple and effective monitoring of program behavior, the process has already been realized to
HookProtect
- 360都无法结束其保护的进程,运用到底层函数的HOOK-360 can not be the end of the process of their protection, apply to the underlying function HOOK
HookSSDT
- hook SSDT 表保护进程,防止进程被非法结束-hook SSDT biao bao hu jin cheng
NtCreateThread
- hookNtCreateThread 可以第一时间注入到目标进程,进程创建后,然后就好调用 NtCreateThread创建主线程-hookNtCreateThread the first time can be injected into the target process, the process is created, then create the main thread is like calling NtCreateThread
hook_wininet_Source
- 一个很好的hook wininet api的示例程序。很好的演示了本进程hook技术,及关于http请求和响应数据的提取的相关技术。完整vc++工程,可直接编译运行。-a very good demo of hook wininet api,there is a good demostration of how to hook a in-process api.
ApiHook
- 通过拦截TerminateProcess和OpenProcess两个API,防止进程被结束-Two by interception TerminateProcess and OpenProcess API, to prevent the process is concluded
APIHook
- 勾了系统函数,可以修改API函数返回值以隐藏进程-Hook a system function, you can modify the return value of API functions to hide the process of
ProtectMon
- 驱动开发,根据PID保护进程,HOOK了 SSDT NtOpenProcess函数,至少可以抵御一切R3病毒终结你的进程!!适合新手学习HOOK ssdt的入门研究-Driven development, the protection under the PID process, HOOK the SSDT NtOpenProcess function, at least the end of you against all the process of virus R3!! Suitabl
KiFastCallEntry
- 挂钩KiFastCallEntry保护进程的代码,做了自旋锁,保证了多核环境安全-Linked KiFastCallEntry protection process code, so the spin lock to ensure safety of multi-core environment
gouziDLL
- 安装DLL钩子源码,用来注入进程所用,做外挂用-Installation DLL hook source, used for injection process
HOOK_CreateProcess
- 一个拦截CreateProcess函数,不允许创建进程的程序例子!
Defender
- VC++6.0编写的系统监控程序Demo包括主程序和DLL,只做演示,DLL采用全局钩子注入所有进程并在加载DLL时改写进程IAT。本程序演示截获MessageBox和MessageBeep-VC++6.0 program written in System Monitor Demo, including the main program and the DLL, Zhi Zuo demonstration, DLL into all processes using the global hoo
ObReferenceObjectByHandle
- Inline HOOK ObReferenceObjectByHandle 保护进程-Inline HOOK ObReferenceObjectByHandle