搜索资源列表
winxp,2003sp1,vista,win7 系统下的EPROCESS结构的详细介绍
- winxp,2003sp1,vista,win7 系统下的EPROCESS结构的详细介绍。怎么使用,你懂的。-winxp, 2003sp1, vista, win7 EPROCESS under the structure of the system in detail. How to use, you know.
UpLoad
- 驱动枚举进程,控制线程AFFINITY,通过修改EPROCESS,ETHREAD ,KTHREAD 等结构,修改AFFINITY-thread affinity control in windows driver
GetCurrentProcessName
- 一个从内核态获取Eprocess结构中获取,进程名偏移的代码;采用内联汇编完成功能;- Get the offset of the name of the process from ring0
Process_to_hide
- The example of driver, which hides selected process, by manipulating EPROCESS struct, lang:C
hideprocess
- 基于内核EPROCESS结构的进程隐藏程序...可以有效的隐藏指定进程-hide Process
EPROCESS_ActiveProcessLinks
- 这个EPROCESS结构在ntddk.h中有定义,但是并未给出具体的结构,因此要得到EPROCESS中一些重要的成员变量,只能通过偏移的方法,比如PID,ImageName等.这些偏移可以在Windbg中dt _EPROCESS得到,但是不公开感觉还是不爽,而且这东西在不同的系统版本中不一样,如果要兼容的话,就必须先判断操作系统版本,遍历EPROCESS中的进程-The ntddk.h EPROCESS structure are defined, but did not give a spec
RtkProcess
- 无权限处理的隐藏进程程序,无需将权限转化为核态就可以隐藏进程程序,主要是对EPROCESS的处理。-No Authorization is the process of program hidden, without the permission into the process of nuclear states can be hidden program, mainly for the treatment EPROCESS.
get-EPROCESS
- 在Windows下编程实现获取本进程的EPROCESS在内存中地址-Get this process itself EPROCESS address programming under Windows
EPROCESSPEB
- 分别在EPROCESS、PEB中彻底改掉进程名-Completely get rid of the process name in EPROCESS, PEB
RtkProcess
- 无权限处理的隐藏进程程序,无需将权限转化为核态就可以隐藏进程程序,主要是对EPROCESS的处理。-No Authorization is the process of program hidden, without the permission into the process of nuclear states can be hidden program, mainly for the treatment EPROCESS.
RtkProcess
- 无权限处理的隐藏进程程序,无需将权限转化为核态就可以隐藏进程程序,主要是对EPROCESS的处理。-No Authorization is the process of program hidden, without the permission into the process of nuclear states can be hidden program, mainly for the treatment EPROCESS.
eprocess
- 获得wrk中当前进程eprocess结构体-Get the current process eprocess structure
EProcess
- Process End Module For VB6
Killer
- Killer.sys用DriverMonitor加载,KillerIoCTL.exe是通信程序。输入ProcessID结束进程 可终止卡巴,毒霸,360,冰刃,PowerTool,PcHunter等。 果然不能终止江民,在PsLookupProcessByProcessId()这步读取进程的EProcess失败,想必江民在这里挂了钩。 下一步准备搜索PsLookupProcessByProcessId恢复钩子试试看。-Killer.sys DriverMonitor Ki
jinchengyincang
- 进程隐藏 抹杀EPROCESS 实现进程隐藏-Process hiding
ProcList
- 利用内核中的eprocess读取进程列表,目前能兼容xp win8平台,win7改下就能支持了-The use of the kernel in the eprocess read process list, is currently compatible with the win8 XP platform, win7 will be able to support the
HideHandleTable
- 简单的隐藏EPROCESS进程下面的句柄表,适合新手学习-Hide EPROCESS simple process handle table below for novice learning