搜索资源列表
blackreleaver-release
- BlackReleaver is a ring 0 rootkit that can hide files, processes, drivers, registry keys, and more. It uses an inline hook on many ring 0 functions.
hide
- 利用rootkit技术,实现文件的隐藏。-Using rootkit technology, hidden files.
RetroForth-(source)
- The rootkit decompression module for windows x86
rootkitjiance
- 简单的Rootkit检测程序,不改变sysenter地址,而是通过直接在原来sysenter地址里面写跳转代码来实现的,这实际上跟一般的函数头inline hook一样.这样rootkit检测工具就不会认为sysenter已经改变(实际上也是没变).-Rootkit detection program, not change sysenter address, but through direct jump inside original sysenter address write
RK_SRC
- Including lots of samples of technics the rootkit use. DKOM HOOK
kernel-level-hiding-Tec
- 内核级木马隐藏技术研究,内核级木马主要使用内核Rootkit技术来实现对其自身的隐藏-kernel-level Trojan hiding Technology
TCP IRP HOOK
- TCP IRP hook source code from rootkit.com
Ghost
- 驱动级ROOTKIT范例集合,包括sstd hook,idthook, irphook,sysenterhook等-Driver stage ROOTKIT sample collection, including SSTD hook, idthook, irphook, sysenterhook, etc
CodeGate2011.bootkit
- MBR Rootkit Source with Assembly-MBR Rootkit Source
Anti-TP_0.4.3
- 反rootkit代码,里面的反键盘rootkit,可以学习一下,还有vad树暴搜比较好,其他的随便看看吧-anti rootkid code, anti kdboard and search vad tree is good
ScDetective-master
- ScDetective - Full Source A kernel level Anti-Rootkit tool which runs on the windows platform. ## Basic information - GUI : VS2008 - MFC - Driver :VS2005 - ddkwizard - DDK Version:7600.16385.1 - Debug : Windbg - VirtualKD - VMware -
DarkFire-1.0
- Darkfire Rootkit 1.0 Source Code Hide Process Hide RegistryKey Hide Registry Value Redirect URL Prevent execution
deianeira
- Deianeira anti-rootkit is a free and handy toolkit for Windows
adore-0.38-(1).tar
- ROOTKIT ADORES 3.08-Rootkit de MBR. Completo. Leia o read-me
n00bkit
- n00bkit! 本人珍藏很久的经典windows rootkit-n00bkit! a classic windows rootkit
soviet_protector_src
- Rootkit to prevent execution of unauthorized programs by hooking a API function in System Service Table
crash-dump-write-to-disk
- how to bypass the Operating System’s normal input/output (I/O) disk driver path and use the crash dump driver stack (i.e., “crash dump I/O path”) to read the master boot record (MBR). This technique subverted the TDL4 rootkit and would be effective
HookIAT
- IATroot为一款以Hook IAT表中的输入函数为基础的一款RootKit,功能比较完整,其中自带一个Native API的开发库及源代码。-IATroot Hook to one to table the IAT input function-based one RootK it, more functional integrity, which own a Native API development libraries and source code.
reckall
- code to remove rootkit yet
rekall-1.0rc11
- removing memory rootkit