搜索资源列表
BehaviorMon
- 东辉主动防御源代码1.8.7! 包含进程拦截、注册表拦截、进程强杀、文件强删等一系列高水平代码!发表在黑客防线杂志!-Donghui active defense source code 1.8.7! Contains the process block, registry interceptors, strong kill the process, file deletion and a series of strong high-level code! Line of magazine
keyspy
- ring3下读取物理地址执行ring0代码,在ring0代码嵌入汇编指令直接读取I/O端口。优秀的键盘记录源码.-ring3 to read the physical address of the next Executive ring0 code, the code embedded in the ring0 assembly instructions directly read I/O ports. Excellent keylogger source code
ERing0
- Ring0结束进程----易语言编写驱动-Ring0 end of the process of language-driven and easy----
NtOpenProcess[InlineHook]
- r0 inline hook sample.
4
- delphi 内嵌汇编,使代码运行在Ring0 所需要的驱动文件一并放在压缩包里了。-delphi embedded assembly, make the code run in Ring0 driver files needed have been placed in the compression file.
GetCurrentProcessName
- 一个从内核态获取Eprocess结构中获取,进程名偏移的代码;采用内联汇编完成功能;- Get the offset of the name of the process from ring0
98commhook
- 在win98下对串口数据进行捕获,采用了vxd技术在ring0层对串口实现了Hook操作。-In the under win98 serial data capture, using vxd in ring0 layer serial interface operation of the Hook.
ObReferenceObjectByHandle
- Inline HOOK ObReferenceObjectByHandle 保护进程-Inline HOOK ObReferenceObjectByHandle
hookzwquery
- 用汇编实在Ring3 和 Ring0 下的Inline HooK-It Ring3 and assembly under the Inline HooK Ring0
InterProcessSync_demo
- 实时动态显示进程信息的程序,如资源利用等。比任务管理器显示更多进程信息- Real-time dynamic demonstration advancement information procedure, like resources use and so on. Compared to the task management demonstration are more advancements information
baoliBreak
- 通过驱动编程,写强力文件删除. 在Ring0级下删除文件内容.-Through-driven programming, writing powerful file delete. Ring0 level in the next delete the contents of the documents.
rr0d_snapshot.tar
- rr0d ring0 windows/unix debugger
hidefile-0.3.1.tar
- 文件隐藏代码,实现在Linux环境下,要四个文件夹全部下载下来,才能看懂。该代码实现在Ring0环境下-hidefile
Kehook
- 对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-The hook, from ring3 there are many, ring3 to ring0 there are many, according to api call progressive sequen
Win_proc_list_2
- Source windows ring0 programming example2
bin
- WLReset源码 如果有ring0保护,清除后重起即可. 时间限制的,清除后改系统时间-If there is WLReset source ring0 protection, re-starting can be removed. Time limit for the time after the removal of
Ring0HOOKSSDTReg
- DDK开发的在Ring0中通过HOOK SSDT,实现对注册表监控-DDK development in Ring0 through HOOK SSDT, to realize the Registry Monitor
intoring0
- 采用VC++编写的,中断门无驱动进入ring0. 是学习驱动开发的好资料-Written using VC++, interrupt-driven into the gate without ring0. Is to learn from the good data-driven development
code_5
- commmunication between application with ring0 driver-communication between application with ring0 driver
rtl
- RTL special definitions for ring0 & ring3 in one header.