搜索资源列表
kssd-rootkit
- 看雪学院Rootkit学习,1.内核Hook:对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-See snow Institute Rootkit learning, kernel Hook: hook from ring3 many, ring3 to ring
avscan
- 杀毒软件MiniFilter框架源码,包括ring3应用程序和ring0驱动程序。-The antivirus software MiniFilter framework, including ring3 application and ring0 driver.
a
- The asm is to loader a ring3 dll from ring0,i think good!hope you too!
SSDT
- 城里城外看SSDT,ring3与ring0之间-Outside the city to see SSDT, ring3 and between ring0
SSDT
- 城里城外看SSDT,ring3与ring0之间-Outside the city to see SSDT, ring3 and between ring0
qudongzhongdeneiheguanli
- 驱动中的内存内核管理详细记载用法等 物理内存 B、 虚拟内存 C、 Ring0地址和Ring3地址 D、 驱动程序和进程的关系 E、 分页和非分页内存 F、 分配内核内存 -Driver in the memory core management records in detail, such as the use of
bh-us-04-tsyrklevich
- API hooking bypass ideas, ring0/ring3
srccode
- DeviceIoControl函数在ring0和ring3的交互示例 不用多说了吧-DeviceIoControl function in an interactive example ring0 and ring3 Needless to say it. . .
全局句柄表枚举进程(支持x64)
- 使用ring3与ring0层通信,遍历内核全局句柄表完成进程枚举,有对僵尸进程的判断处理。支持x86,x64。
DeviceControl
- ring3与ring0通信,配合之前的Shadow hook!简单明了-ring3 communicate with ring0, with the previous Shadow hook! Foolproof
[7-2]EnumRemoveImageNotify
- 枚举与删除映像回调,映像回调可以拦截RING3 和 RING0的映像加载。- Enumerate and delete image correction, image correction can intercept RING3 and RING0 the image is loaded.
rtl
- RTL special definitions for ring0 & ring3 in one header.
user
- 用户态与内核态的通信,是windows内核的ring3与ring0 的通信
rtl
- RTL special definitions for ring0 & ring3 in one header.
sedirected
- Switch ring3 to ring0 从ring3切换到ring0的代码-The Switch ring3 to ring0 Switch ring3 to ring0 code
excedtion_hardware
- Windows2000 XP 从Ring3层进入Ring0层的一种方法,还可以-Windows XP Ring3 layer into Ring0 a kind of method, can also
rinp3_The
- Switch ring3 to ring0 从ring3切换到ring0的代码-The Switch ring3 to ring0 Switch ring3 to ring0 code
cide
- The Switch ring3 to ring0 Switch ring3 to ring0 code-The Switch ring3 to ring0 Switch ring3 to ring0 code
kigd
- Windows2000 XP 从Ring3层进入Ring0层的一种方法,还可以(Windows XP from Ring3 layer into Ring0 a kind of method, can also)
riea3-The-Switch
- Switch from ring3 to ring0 从ring3切换到ring0的代码(The Switch from ring3 to ring0 Switch from ring3 to ring0 code)