搜索资源列表
code_format_disk
- 磁盘格式化程序,msdn中没有提供磁盘格式化函数说明,但是只要加载shell32.dll,可以从中查到磁盘格式化函数SHformatdrive,可以利用此函数调用磁盘格式化界面。-disk formatting procedures, which are not available flowing disk formatting functions that However, as long as loading motto. disk can be found from SHformatdri
APIHooker
- 文件监测钩子 注入DLL使用的是 CreateRemoteThread 跨进程建立对DLL 的加载-document monitoring hook into DLL using the inter-process CreateRemoteThread establish the right DLL loading
HOOK_class
- 系统钩子 有现成的类可以复用,可以挂接任何一个API HookTermProLib为钩子所使用的DLL,挂接了TerminateProcess函数 HookTermProApp为加载钩子的应用程序-system hook is ready to resume use category, can be articulated any HookTermProLib an API used to hook the DLL, TerminateProcess articulated a fu
SystemModulesSee
- 获得所有windows加载的内核模块信息。 一个不错的学习windows驱动程序和windows内核的代码。-access to all windows kernel module loading information. A good learning windows driver and windows kernel code.
UnLoadDll
- 卸载其他进程的加载的DLL 平时都是其他人遍的程序注入我们自己的进程空间 现在我们可以通过这个方法卸载他人注入的d-other unloading process of loading the DLL peacetime are other people all over the procedures into the process of our own space now We can in this way by unloading others injected d
HookDaemon
- 压缩包内为键盘钩子的动态库和加载程序,可记录所有键盘击键记录.稍加修改即可监视各种进程.-compressed keyboard hook for the dynamic database and loading procedures, can record all keyboard keystrokes recorded. slightly modified processes can be monitored.
HookMouseMoveEvent
- 实现对鼠标的HOOK.一个动态库和一个加载程序.-achieve the right mouse HOOK. A dynamic database and a loading procedures.
DLL封装窗口
- 请先编译DLL文件,并将DLL文件拷贝至call Hook目录, 调用CallDll程序加载*前,应先运行IE-post compiler DLL files and DLL files are copied to call Hook catalog, call CallDll external loading procedures, before first running IE
KeyboardHook
- 全局键盘钩子实例代码,包括钩子的装载与卸除-Global keyboard hook sample code, including the loading and removable hook
Prevent_Loadhook
- 阻止全局钩子的加载.使用了微软的Detours库进行API拦截。如果只是为了拦截一个函数,使用Detours好像有点儿浪费。本程序不使用Detours库,直接对LoadLibraryExW函数进行拦截。-Hook to prevent the loading of the overall situation. The use of Microsoft' s Detours library to intercept API. If only in order to intercept a f
windows_kernel_tool
- 一:SSDT表的hook检测和恢复 二:IDT表的hook检测和恢复 三:系统加载驱动模块的检测 四:进程的列举和进程所加载的dll检测 -1: SSDT table hook detection and recovery 2: IDT table hook detection and recovery 3: System load driver module test 4: the process list and the process of loading the dll
DrvFltIp
- 防火墙过滤驱动,1) 一个创建设备的驱动程序入口,为通讯创建符号连接和处理IRPs(分派,加载,卸载,创建...)的标准例程。 2)在标准例程里管理IRPs.在我们的代码中,我们实现了四个IOCTL代码:START_IP_HOOK(注册过滤函数),STOP_IP_HOOK(注销过滤函数), ADD_FILTER(安装新的过滤规则),CLEAR_FILTER(清除所有规则). 3)对于我们的驱动,我们实现多个用于过滤的函数。 -Firewall filter dri
DLLhook
- 通过动态加载DLL库,设置一个钩子的实例-Dynamic loading through the DLL library, set up an example of a hook
Rootkit端口隐藏技术
- ROOTKIT 利用hook技术可以隐藏指定的端口 需要以驱动加载的形式把hook加载进内核 这里利用了insdrv工具(The ROOTKIT uses hook technology to hide the specified port and needs to load the hook into the kernel in the form of driver loading using the insdrv tool)