搜索资源列表
myhook
- 利用SSDT HOOK 巧过 LINK HOOK的驱动源码。。合适新手熟悉内核学习-Clever use of SSDT HOOK LINK HOOK been driven source. . Appropriate learning novice familiar with the kernel
KernelLookup
- Open Source SSDT Hook detection utility, it will scan the SSDT Entries in the kernel (ntoskrnl.exe) and find the functions that are hooked & not in the kernel base address range .
Hook-ZWopenprocess
- 内核开发,主要介绍如何通过SSDT表HOOK函数。-Kernel development, focuses on how the SSDT table HOOK function.
hkjklkkk
- SSDT挂钩_基于Windows内核的RootKit技术样本-SSDT hooks _ Windows kernel RootKit technology based sample
Overloaded-kernel-file-to-bypass-the-SSDT
- Hook KiFastCallEntry
kssd-rootkit
- 看雪学院Rootkit学习,1.内核Hook:对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-See snow Institute Rootkit learning, kernel Hook: hook from ring3 many, ring3 to ring
Hook_SSDT_NtOpenProcess
- Hook SSDT NtOpenProcess,驱动实现Hook内核函数。- Hook SSDT NtOpenProcess, drive to achieve Hook kernel function.
HookDemo_SSDT
- SSDT hook 内核api,实现进程隐藏和进程保护功能的源码,备份资料,仅供参考。-SSDT hook kernel api, hidden process and process protection function of the source, the backup data is for reference only.
356
- 内核环境下 一个简单的ssdthook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考- 您是不是要找: 内核环境下 一个简单的ssdt hook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考 A simple kernel environment protection process ssdthook process name after 2000 all x86 compatible systems t
hookssdt
- 再谈内核及进程保护,利用hook掉系统ssdt保护进程的例子。-Return to the kernel and the process of protection, the use of SSDT hook off system to protect the process of example.
[3-4]SSDTHookUnhook
- C++下64位系统的HOOK SSDT内核源码 VS2013 wdk8.1编辑-C++ 64-bit system HOOK SSDT kernel source VS2013 wdk8.1 editor
PCHunter_free
- 1.进程、线程、进程模块、进程窗口、进程内存信息查看,杀进程、杀线程、卸载模块等功能 2.内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、Classpnp、Atapi、Acpi、SCSI、IDT、GDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Leg
HookSSDT
- 驱动重载 Hook SSDT 绕过钩子 理论上过一切保护(reload-kernel , Hook SSDT)
SSDT-hook进程隐藏和文件隐藏
- Windows内核态SSDT-hook实现进程隐藏和文件隐藏,代码很规整,学习内核编程的好例子 -a good example of studying kernel programing or driver developing, SSDT hook