搜索资源列表
dvKrnlData
- 该代码为我学习winnt内核时所写,主要功能是在ring3下通过DeviceIoControl与驱动进行通信,获取内核的数据以及sdt,idt信息等。并实现了hook NtQuerySystemInformation函数来实现进程隐藏的功能-The code for the kernel, I am learning winnt wrote, Its main function is in ring3 through DeviceIoControl communication with the
hookX
- 驱动层Hook系统内核调用的,拦截对进程的操作的源码,提供7步tutorial,步步为营,教学驱动编程的绝好样例-Hook-driven system kernel called the interception of the process of operation of the source. provide seven-step tutorial and step-by-step business, teaching driven programming excellent example
jpgzxj
- 前段时间做键盘程序找的资料,一个钩子程序,程序本身没有什么,主要是用了大量的api函数值得大家参考一下。-side of the keyboard to do procedures for the information, a hook procedures, the process itself is nothing much to it. it is mainly used a lot of api function worth examined.
ExcpHookMonitor_0.0.4
- ExcpHook is an open source (see license.txt) Exception Monitor for Windows made by Gynvael Coldwind (of Team Vexillium). t uses a ring0 driver to hook KiExceptionDispatch procedure to detect the exceptions, and then shows information about the except
RING0.RING0下检测用HOOK SSDT隐藏进程的代码
- RING0下检测用HOOK SSDT隐藏进程的代码,直接build,适用于XP,2000系统。短小实用。,RING0 detect hidden process by HOOK SSDT code directly build, apply to XP, 2000 systems. Short and practical.
Miss920
- Miss920程序行为监视器,运用SSDT HOOK技术,可以简单有效的监控程序行为,现在已经实现了进程监控,文件监控,注册表监控,并且可以有效快捷地进行二次开发。-Miss920 monitor program behavior, the use of SSDT HOOK technology, can be simple and effective monitoring of program behavior, the process has already been realized to
NtCreateThread
- hookNtCreateThread 可以第一时间注入到目标进程,进程创建后,然后就好调用 NtCreateThread创建主线程-hookNtCreateThread the first time can be injected into the target process, the process is created, then create the main thread is like calling NtCreateThread
ProtectMon
- 驱动开发,根据PID保护进程,HOOK了 SSDT NtOpenProcess函数,至少可以抵御一切R3病毒终结你的进程!!适合新手学习HOOK ssdt的入门研究-Driven development, the protection under the PID process, HOOK the SSDT NtOpenProcess function, at least the end of you against all the process of virus R3!! Suitabl
hook
- A hook is a point in the system message-handling mechanism where an application can install a subroutine to monitor the message traffic in the system and process certain types of messages before they reach the target window procedure.
protector_driver
- 利用钩子技术配合驱动来控制进程创建,想学驱动保护的可以下载研究下-With the use of hook-driven technology to control the process of creating, want to learn driving under the protection of study can be downloaded
FSDHOOKHIDEFILE
- FSD HOOK HIDE FILE 的简单历程完成-Completion of the simple process of FSD HOOK HIDE FILE
Hidden-process-detection
- 进程隐藏与检测,在驱动中通过hook ssdt表来实现进程隐藏的目的!-Hidden process detection process hidden in the drive through the hook ssdt table!
HideProcess.sys
- ssdt hook实现隐藏进程功能的驱动代码文件-ssdt hook hidden process driver code files
WDK_protect
- Fake_NtQuerySystemInfo 断链进程隐藏,Fake_NtOpenProcess 保护进程,Fake_NtCreateSection进程创建等,SSDT hook-Fake_NtQuerySystemInfo hide my process, Fake_NtOpenProcess protect my process, code is simple, all are ssdt hook
KernelTools
- 对内核的控制,对内核的Hook。结束进程,关机,禁止创建进程-Control of the kernel, the kernel Hook.The end of the process, shutdown, prohibit create process
HookSwapContext
- HOOK SwapContext来检测隐藏进程-The HOOK SwapContext to detect hidden process
MrleeProtect
- MP游戏保护源码 1. 此套保护仅在Windows XP SP3系统上做过测试。 2. 保护程序是在VS2010环境下编译的。 效果: 1. 防止受保护进程被未授权的进程暂停。如,OD在附加进程的时候是要将目标进程暂停的,有了MP保护以后,OD将无法附加进程,因为OD无法将受保护的进程暂停。 2. 防止受保护进程中的数据被修改。如,CE无法修改受保护的进程的内存数据。 3. 当受保护进程中的内存数据被未授权的进程修改的时候,会有提示。 4. 防止受保护的进程被未
NP_Source
- NP启动后通过WriteProcessMemory跟CreateRemoteThread向所有进程注入代码(除了系统进程smss.exe),代码通过np自己的LoadLibrary向目标进程加载npggNT.des。npggNT.des一旦加载就马上开始干“坏事”,挂钩(HOOK)系统关键函数如OpenProcess,ReadProcessMemory,WriteProcessMemory,PostMessage等等。 挂钩方法是通过改写系统函数头,在函数开始JMP到npggNT.des中的
HookDemo_SSDT
- SSDT hook 内核api,实现进程隐藏和进程保护功能的源码,备份资料,仅供参考。-SSDT hook kernel api, hidden process and process protection function of the source, the backup data is for reference only.
HOOK-API
- 一个寒江老师的课件,单独出来发的目的是,让初级入门的驱动程序员们,很快的了解驱动如何对SSDT挂钩以及Windows应用程序如何简单的调用驱动接口的流程。 代码非原创,但是是我看到的最简单和最清楚的流程之一,非常适合刚入门驱动员们的口味,需要的就赶快下载吧。(It`s hanjiang teacher courseware, the purpose is to separate out, let the driver programmer entry-level, quickly unders