搜索资源列表
SecTools
- 系统辅助工具源码,大部分功能在R3下实现,只有SSDT恢复通过驱动实现-System aids source, to achieve most of the features in R3, only achieved through the drive to restore SSDT
SSDTHOOK
- 简单的SSDT的Hook,可以让想学习SSDT HOOK的朋友们学习学习。-The simple SSDT Hook, you can make friends want to learn SSDT HOOK learn to learn.
SSDTRecovery
- 简单的SSDT ring0级恢复,方法是导出SSDT表最原始的位置,记录下来,然后打开程序对比其他进程是否更改SSDT位置,如果更改了,则用原始SSDT覆盖。-Simple SSDT ring0-level recovery method is to export the location of the most original SSDT table, record, and then open the program compared to other process is to chang
hkjklkkk
- SSDT挂钩_基于Windows内核的RootKit技术样本-SSDT hooks _ Windows kernel RootKit technology based sample
ibtHook
- SSDT Hook & ibt Hook Import
RestoreShadowSource
- SSDT恢复源代码,是学习SSDTHOOK的参考资料,可以应用于外挂反调试学习当中-SSDT recover the source code, is to learn SSDTHOOK reference, can be applied to study which external anti-debugging
2012RESSDT
- SSDT,一个值得学习的源码,我就不介绍了,好东西自然值得我们的关注.--this thing, everyone should know, I do not introduced, the natural good things worthy of our attention.
SSDTviewer
- ssdt恢复的。可以恢复被hook的ssdt,达到过游戏保护的功能-ssdt recovery
MSSDT
- 修改Windows系统服务描述符表SSDT的C代码-To modify the Windows system service descr iptor table SSDT
gh0st3.6_src-Inject
- gh0st原版去SSDT,注入进程启动服务。可绕过很多杀软的主动防御-gh0st original deleted SSDT, the injection process to start the service. Can bypass a lot of soft kill active defense
dog-technology-analysis
- 机器狗新变种使用了一些流行的技术,包含了修复 SSDT Hook 、修复 FSDHook 、并对一些系统还原软件进行有针对的 Hook ,使能达到突破还原软件保 护的目的。做了那么多,最终目的还是下载大量的木马到用户的系统上。-The machine dog new varieties used some of the more popular technology, including the repair SSDT Hook, repair FSDHook, and for some sys
zmpidrive
- 通过修改ssdt表 hook掉ZwTerminateProcessZwLoadDriver以及ZwSetSystemInformation 是一份比较简单易读的驱动程序入门源码 是zmpi软件的进程防护拦截模块-By modifying the SSDT hook ZwTerminateProcess ZwLoadDriver and ZwSetSystemInformation Is a relatively simple driver entry source.
Rootkit-V0.1
- 某ROOTKIT 的源码,运用了各种SSDT HOOK以及INLINE HOOK,可躲过大部分工具检测-A ROOTKIT source, using the SSDT HOOK HOOK INLINE, can escape most of the tools to detect
SSDT_Patching
- this is ssdt hooking
driver
- 易语言驱动源码模版.对ssdt hook 的处理-Yi language driver source code templates. SSDT hook handle
SSDTHookTest
- SSDT Hook 简单示例 Hook Native Api ZwQuerySystemInformation 达到隐藏cmd.exe进程的效果,进程名没有大小写限制。(学习agony RootKit的成果)-The SSDT Hook, Native Api the ZwQuerySystemInformation native API to hide the effects of the cmd.exe process, process name is not a case limit.
ssdt_src
- Ring3下获取原始的SSDT。 C++写的,可以学习到一些技巧性的东西。-Ring3 to obtain the original of the SSDT. C++ write, you can learn some tricks.
hook
- 修改ssdt表,隐藏进程(使木马难以被操作系统发现)-The modify ssdt table hidden process (so that the Trojan can hardly be the operating system)
SSDTHook
- 进程隐藏与进程保护(SSDT Hook 实现) 文章目录: 1. 引子 – Hook 技术 2. SSDT 简介 3. 应用层调用 Win32 API 的完整执行流程 4. 详解 SSDT 5. SSDT Hook 原理-SSDT Hook
Hidden-process-detection
- 进程隐藏与检测,在驱动中通过hook ssdt表来实现进程隐藏的目的!-Hidden process detection process hidden in the drive through the hook ssdt table!