搜索资源列表
_ssdt
- SSDT查看-Show SSDT ........................
cmcark_cw.0.2.2.9.12
- A rootkit detector that allows you to remove the SSDT hooks maden in the OS kernel.
SSDT_Unhook
- SSDT恢复源代码,恢复被挂钩的SSDT(系统服务调用函数表)-SSDT unhook sourcecode
Ring0RestoreSSDTShadow
- Ring0下恢复SSDT Shadow,是一个完整的VC工程,可以学习学习。-Ring0 resume SSDT Shadow
Ring0HOOKSSDTReg
- DDK开发的在Ring0中通过HOOK SSDT,实现对注册表监控-DDK development in Ring0 through HOOK SSDT, to realize the Registry Monitor
driver
- 恢复ssdt 躲过杀软查杀,有利于木马进一步存活!-Soft-recovery ssdt escape the killing killing are conducive to the further survival of Trojan!
SyFbt
- 杀Inline-Hook SSDT的进程的C++源码,DDK编写。可以杀冰刃,无法杀IL-Inline-Hook SSDT kill the process C++ source code, DDK preparation. Kill Frostsaber can not kill IL
SSDT_Helper_src
- 通过搜索 SSDT 并和 ZwSystemDebugControl 获取的内容相比较 * 找出不同的SSDT项-通过搜索 SSDT 并和 ZwSystemDebugControl 获取的内容相比较 * 找出不同的SSDT项
Hook
- 本文从难易程度上主要分三块详细介绍:一.用户模式Hook:IAT-hook,Dll-inject 二.内核模式Hook:ssdt-hook,idt-hook,int 2e/sysenter-hook 三.Inline Function Hook -In this paper, Difficulty Level 3 detail the main points: 1. User Mode Hook: IAT-hook, Dll-inject 2. Kernel-mode Hook: ssdt-ho
CCRootkit-V0.1
- 一般网上找到的都是需要Ring3传输需要补丁的地址过去... 002就是直接用最标准的方法进行SSDT定位以及修复的 支持多核系统,当然还有003(加入shadow ssdt hook),004(加入inline hook) 基本上是现在最稳定的恢复方式了,大家可以用KMDLoader测试.加载就脱钩.不需要通讯 -Generally find on the Internet are required Ring3 address transmission needs a patc
UTM4XP
- 一个简单ARK源码。包括进线程操作,隐藏进程检测,SSDT,SHADOW SSDT hook查看-An anti-rookit tool
Rookit
- 一个Rookit工具源码,功能强大,SSDT,包括驱动部分-1 Rookit tool source, powerful, SSDT, including the driven part of
HOOK
- SSDT 及 SSDT Shadow HOOK通用框架及保护模块-SSDT and the SSDT Shadow HOOK common framework and protection module
NtReadVirtualMemorysswe
- SSDT 下恢复 ntreadvirtualmemory 对抗一些反病毒程序 -SSDT resume ntreadvirtualmemory against some anti-virus program
DriverTutorial
- Writing drivers to perform kernel-level SSDT hooking
code
- SSDT Hook Source with Visual Stuio 6.0 (C++)
unfilewrite
- HOOK SSDT 不让创建文件初学者看。高手飘过-HOOK SSDT Not to create the file。master drifting away
vcvcvccSSDT
- ssdt自动修复程序vc编程。windowsXP SP2-ssdt automatically fix vc programming. windowsXP SP2
InlineHookScan
- 驱动层搜索内连HOOK,查看SSDT中的内核函数的开头是否被内连HOOK-Search within driving layer with HOOK, see SSDT in the beginning of the kernel function is to be in with HOOK
KProcecss
- Vb Kill Process SSDT