搜索资源列表
dvKrnlData
- 该代码为我学习winnt内核时所写,主要功能是在ring3下通过DeviceIoControl与驱动进行通信,获取内核的数据以及sdt,idt信息等。并实现了hook NtQuerySystemInformation函数来实现进程隐藏的功能-The code for the kernel, I am learning winnt wrote, Its main function is in ring3 through DeviceIoControl communication with the
jpgzxj
- 前段时间做键盘程序找的资料,一个钩子程序,程序本身没有什么,主要是用了大量的api函数值得大家参考一下。-side of the keyboard to do procedures for the information, a hook procedures, the process itself is nothing much to it. it is mainly used a lot of api function worth examined.
MDigHook
- MIL 函数,有用途,具体用途见hook里面的说明文件-MIL function, there are uses, specific uses, see the documentation inside hook
ProtectMon
- 驱动开发,根据PID保护进程,HOOK了 SSDT NtOpenProcess函数,至少可以抵御一切R3病毒终结你的进程!!适合新手学习HOOK ssdt的入门研究-Driven development, the protection under the PID process, HOOK the SSDT NtOpenProcess function, at least the end of you against all the process of virus R3!! Suitabl
PE
- 基本的驱动编程和客户端,客户端分析PE文件,重定位后,传给驱动,恢复被360 Hook的KifastCallEntry函数,同时,该源码还能实现对大多数安全软件进行强杀,如卡巴,360,瑞星,等等。仅限XP系统。-Basic programming and client-driven, client-side analysis PE file, re-positioning, passing drivers, restore 360 Hook' s KifastCallEntry func
PEHOOK
- 可以实现PE HOOK。这种方法对于拦截、分析其他内核驱动的函数调用来说用的比较多。原理是根据替换 PE 格式导出表中的相应函数来实现的。 -Can achieve PE HOOK. This method for the interception, analysis of other core-driven function call is used more. The principle is based on PE format to export table to replace t
interrupthook_src
- HOOK所有IDT表项,在GUI中记录IDT回调函数调用次数,并且查看中断信息-HOOK table of all IDT, IDT recorded in the GUI callback function to call the number, and view the disruption of information
InlineHookScan
- 驱动层搜索内连HOOK,查看SSDT中的内核函数的开头是否被内连HOOK-Search within driving layer with HOOK, see SSDT in the beginning of the kernel function is to be in with HOOK
ressdt2
- SSDT 恢复源码,如果你的SSDT表中的函数被hook,可用此代码恢复-SSDT restore source, if your SSDT table function is hook, this code can be used to restore
SSTDForVB
- SSDT HOOK VB实现源码,调用底层函数,实现的SSDT HOOK.适合VB研究驱动。-SSDT HOOK VB to achieve source, call the underlying function, to achieve the SSDT HOOK. For VB research-driven.
DetectUsbHubInternelIoCtl
- 这是一个驱动程序源码,主要的功能是检测UsbHub是否被非法hook了。可以用来判断usb键盘的深度hook。-This is a driver source code, the main function is to detect whether the illegal hook the UsbHub. Usb keyboard can be used to determine the depth of the hook.
RESSDTEX
- reset 系统SSDT表,恢复被其他驱动hook修改的函数-SSDT table reset the system, restore the hook to modify the function of other drivers
src
- Hook IopCreateFile,重要的函数HOOK。-The Hook IopCreateFile, an important function HOOK.
hook_NtLoadDriver
- 某强删工具sys的逆向学习. 该驱动主要功能如下:首先是对FSD的hook的处理,RestoreFSDDispatchRoutine-A strong delete tool sys reverse learning the driver main function is as follows: First, the treatment of FSD' s hook, RestoreFSDDispatchRoutine
KernelLoader_sys
- hook KiFastCannEntry函数实现重载内核。-The hook KiFastCannEntry function overloaded kernel.
NP_Source
- NP启动后通过WriteProcessMemory跟CreateRemoteThread向所有进程注入代码(除了系统进程smss.exe),代码通过np自己的LoadLibrary向目标进程加载npggNT.des。npggNT.des一旦加载就马上开始干“坏事”,挂钩(HOOK)系统关键函数如OpenProcess,ReadProcessMemory,WriteProcessMemory,PostMessage等等。 挂钩方法是通过改写系统函数头,在函数开始JMP到npggNT.des中的
Hook_SSDT_NtOpenProcess
- Hook SSDT NtOpenProcess,驱动实现Hook内核函数。- Hook SSDT NtOpenProcess, drive to achieve Hook kernel function.
HookDemo_SSDT
- SSDT hook 内核api,实现进程隐藏和进程保护功能的源码,备份资料,仅供参考。-SSDT hook kernel api, hidden process and process protection function of the source, the backup data is for reference only.
rent
- 一半抄A盾,一半抄GalaxyAP,扣了A盾的内核重载,抄了GalaxyAP(游戏反调试框架)的自实现异常 vs2010+wdk7600编译通过 思路:内核重载就不说鸟,GalaxyAP自实现异常就是从PDB获取未导出函数 然后重写异常函数,inline hook到自己写的函数里面 debugport的判断再hook一把到自己的判断函数里面。 断断续续抄了很久,实在写不下去了,发上来希望对还在过游戏驱动里的娃 有所帮助,也算是这份代码的一点点贡献。属于半路出家
EasySYS
- 1.增加外部修改文件,内部将提示的功能 2.修改了EasySYS退出时的一个隐藏BUG 3.samples增加一Hook实现ProtectProcess示例 4.增加单元函数,结构体快速浏览 5.修改了DDDK以.lib的形式进行配置,上次添加的HookzwOpenProcess示例请大家在编译选项加上DDDK.lib重新生成sys -1. Increase external modified file, the function of the internal will p