搜索资源列表
DELPHI_SSDT
- DELPHISSDT 完美修复DELPHI_SSDT 完美修复DELPHISSDT 完美修复DELPHI_SSDT 完美修复DELPHISSDT 完美修复-DELPHI_SSDT.rarDELPHI_SSDT.rarDELPHI_SSDT.rarDELPHI_SSDT.rar
DELPHIReverSSDT
- DELPHI恢复SSDT,DELPHI恢复SSDT-DELPHI恢复SSDT
falkssdtOOK
- 伪造ssdt表拦截SSDT的HOOK,可以防止黑客修改SSDT-SSDT Table interception forged ssdt the HOOK, can prevent hackers modify the SSDT
falkssdtHOOK
- 通过伪造SSDT来拦截对SSDT的HOOK调用-By forging SSDT to intercept calls to the SSDT' s HOOK
Draft
- SSDT Hook snippet - so i can download some source code off this site
asdsad
- MVC++ SSDT Process Hooksd
KernelLookup
- Open Source SSDT Hook detection utility, it will scan the SSDT Entries in the kernel (ntoskrnl.exe) and find the functions that are hooked & not in the kernel base address range .
_123_
- 利用HOOK SSDT表达到隐藏进程信息,内有驱动代码和加载代码-Use the expression to hide the process HOOK SSDT information, there are driver code and load code
ssdthooktest
- 易语言也一样能实行恢复SSDT表和SSDT SHODOW-ssdt
K-Trojan_5
- Grab pass: Edialer, The Bat!, Outlook Express, Internet Explorer, ICQ[2003 & Lite], FAR, Windows Commander, Dial-Up [98 & NT]. List of installed program RING0 FW bypass throught hide IExplorer window Intercept passwords: mail, FTP, auth [base
DELPHI_SSDT_HOOK
- this is an example on How to make a rootkit using Delphi
antiAVDLL
- 对抗杀毒软件的代码,来自一个抓取的样本,用了一些猥琐手段加载驱动,恢复SSDT-Against anti-virus software, code, sample from a crawl, with some insignificant means to load the driver and restore SSDT
Ring3ReSDDTVC
- Ring3 下恢复SSDT完整的VC源代码-Ring3 SSDT resume full source code VC
5060309745_hook_inline
- 基于SSDT 挂钩的windows 执行镜像拦截与过虑技术的研究与实现
007
- 随着计算机的发展,越来越多人用上了个人计算机,而主流的操作系统是Microsoft的Windows。这种操作系统占据着PC操作系统市场的90 以上。但问题也随之而来,越来越多的针对该平台的病毒、木马、黑客程序、恶意程序、流氓软件以及间谍程序盗窃和破坏用户数据。 研究发现,大多数上述非法程序是通过注册表来达到自启动的。那么只要我们拦截上述程序对注册表的访问,便可禁止他们启动,达到了保护用户数据的目的。在本次设计中,使用了SSDT Hook这种技术对注册表的访问进行拦截。这种拦截技术通用,功能强
LoadSSDTAddress
- 读出SSDT表函数地址,引用KeServiceDescr iptorTable表、通过ServiceTableBase+偏移读出当前函数地址、用windbg测试读取的值-SSDT table function to read out the address, reference KeServiceDescr iptorTable table, read through the ServiceTableBase+ offset address of the current function, us
Hook-ZWopenprocess
- 内核开发,主要介绍如何通过SSDT表HOOK函数。-Kernel development, focuses on how the SSDT table HOOK function.
RestoreShadowInUser
- Ring0下恢复SSDT Shadow,在用户端的情况下恢复系统描述表-Under the recovery Ring0 SSDT Shadow, in the case of the client to restore the system descr iption
ssdt_hook
- SSDT HOOK引擎,调用HookService()之前应该先调用InitServicesTalbe()来对SSDT进行一次性的保存,避免后面多次HOOK就要保存多次 !-SSDT HOOK engine, called HookService () should be called before InitServicesTalbe () to save on a one-time SSDT avoid HOOK will save many times the back!
drv-HOOKSSDT
- HOOK SSDT的代码,SSDT不用我说了吧,懂驱动的都明白。-HOOK SSDT code, SSDT I do not say it, understand the drivers can understand.