搜索资源列表
winxp,2003sp1,vista,win7 系统下的EPROCESS结构的详细介绍
- winxp,2003sp1,vista,win7 系统下的EPROCESS结构的详细介绍。怎么使用,你懂的。-winxp, 2003sp1, vista, win7 EPROCESS under the structure of the system in detail. How to use, you know.
UpLoad
- 驱动枚举进程,控制线程AFFINITY,通过修改EPROCESS,ETHREAD ,KTHREAD 等结构,修改AFFINITY-thread affinity control in windows driver
GetCurrentProcessName
- 一个从内核态获取Eprocess结构中获取,进程名偏移的代码;采用内联汇编完成功能;- Get the offset of the name of the process from ring0
EPROCESS
- 基于EPROCESS结构中双向链表的进程检测方法-EPROCESS structure based on two-way linked list in the process of detection methods
Process_to_hide
- The example of driver, which hides selected process, by manipulating EPROCESS struct, lang:C
eprocess-1.0-fx
- Firefox plugin para acesso ao eCompany PRoce-Firefox plugin para acesso ao eCompany PRocess
qwe
- 程序用内核驱动的方式进入ring0,然后访问EPROCESS结构,在EPROCESS结构中找到进程链,从而可实现进程的枚举,但是由于PID 为0的系统进程Idle并没有在这个链上.所以通过这种方法自然也就找不出它来.程序输出可以用softice或DebugView工具查看. 本程序只在XP下调试通过.-Procedures with the way the kernel driver into the ring0, then visit EPROCESS structure, the struc
hideprocess
- 基于内核EPROCESS结构的进程隐藏程序...可以有效的隐藏指定进程-hide Process
EPROCESS_ActiveProcessLinks
- 这个EPROCESS结构在ntddk.h中有定义,但是并未给出具体的结构,因此要得到EPROCESS中一些重要的成员变量,只能通过偏移的方法,比如PID,ImageName等.这些偏移可以在Windbg中dt _EPROCESS得到,但是不公开感觉还是不爽,而且这东西在不同的系统版本中不一样,如果要兼容的话,就必须先判断操作系统版本,遍历EPROCESS中的进程-The ntddk.h EPROCESS structure are defined, but did not give a spec
RtkProcess
- 无权限处理的隐藏进程程序,无需将权限转化为核态就可以隐藏进程程序,主要是对EPROCESS的处理。-No Authorization is the process of program hidden, without the permission into the process of nuclear states can be hidden program, mainly for the treatment EPROCESS.
get-EPROCESS
- 在Windows下编程实现获取本进程的EPROCESS在内存中地址-Get this process itself EPROCESS address programming under Windows
eprocess
- 也是一个远程控制的源码!大家来看看哦!希望站长通过啊!-A remote control of the source! Have a look at Kane! Hope that the webmaster by ah!
EPROCESSPEB
- 分别在EPROCESS、PEB中彻底改掉进程名-Completely get rid of the process name in EPROCESS, PEB
GetEPROCESS
- 获取程序的EPROCESS结构体,可以对进程进行操作-Get the program EPROCESS structure, process
RtkProcess
- 无权限处理的隐藏进程程序,无需将权限转化为核态就可以隐藏进程程序,主要是对EPROCESS的处理。-No Authorization is the process of program hidden, without the permission into the process of nuclear states can be hidden program, mainly for the treatment EPROCESS.
RtkProcess
- 无权限处理的隐藏进程程序,无需将权限转化为核态就可以隐藏进程程序,主要是对EPROCESS的处理。-No Authorization is the process of program hidden, without the permission into the process of nuclear states can be hidden program, mainly for the treatment EPROCESS.
CppGetEProcess
- 获取指定进程的EPROCESS,用来过DebugPort清零的判断-Get a process s EPROCESS to pass set DebugPort 0.
eprocess
- 获得wrk中当前进程eprocess结构体-Get the current process eprocess structure
EProcess
- Process End Module For VB6
Killer
- Killer.sys用DriverMonitor加载,KillerIoCTL.exe是通信程序。输入ProcessID结束进程 可终止卡巴,毒霸,360,冰刃,PowerTool,PcHunter等。 果然不能终止江民,在PsLookupProcessByProcessId()这步读取进程的EProcess失败,想必江民在这里挂了钩。 下一步准备搜索PsLookupProcessByProcessId恢复钩子试试看。-Killer.sys DriverMonitor Ki