搜索资源列表
SSDT--11
- SSDT的全稱是System Services Descr iptor Table,系統服務描述符表。這個表就是一個把ring3的Win32 API和ring0的內核API聯繫起來。SSDT並不僅僅只包含一個龐大的位址索引表,它還包含著一些其他有用的資訊,諸如位址索引的基底位址、服務函數個數等。 通過修改此表的函數位址可以對常用windows函數及API進行hook,從而實現對一些關心的系統動作進行過濾、監控的目的。一些HIPS、防毒軟體、系統監控、註冊表監控軟體往往會採用此介面來實現自
SSDT
- 详解系统服务描述符表,即SSDT。作用是把ring3的win32 api和ring0的内核api联系起来-Detailed system service descr iptor table, the SSDT. Role is to the win32 api and ring0 ring3 kernel api link
Ring0levelprocessprotection
- HOOK技术的Ring0级进程保护组件设计与实现-HOOK technology Ring0 protection component level design and implementation process
SSDTRecovery
- 简单的SSDT ring0级恢复,方法是导出SSDT表最原始的位置,记录下来,然后打开程序对比其他进程是否更改SSDT位置,如果更改了,则用原始SSDT覆盖。-Simple SSDT ring0-level recovery method is to export the location of the most original SSDT table, record, and then open the program compared to other process is to chang
direct-IO-disk-
- 直接读写硬盘源代码,包含RING0和RING3代码 -Direct DISK to read and write the source code, including RING0 and RING3 code
hooklib
- 一个hooklib,使用distorm解析指令 支持 ring0 & ring3 以及 x86 & amd64 -A hooklib use distorm parsing instructions Support ring 0, & ring3 as well as x86 & amd64
ring0
- 0级硬件中断VxD的设计实现及常见问题解决。-0 levels of hardware interrupt in VxD design and solution to common problem.
ExKillProc_vbsrc
- 驱动结束进程,ring0秒杀任何进程的VB编写-Drive end of the process, the ring 0 spike of any process written in VB
Ring0DeleteFile
- Ring0删除文件,使用Visual Basic实现 -The Ring0 delete file
Kkerrnelfindpe
- 内核级编程与开发实践之检测进程工具与代码..ring0级别的进程检测。需要DDK环境。 -Detection process of the kernel-level programming and development practices, tools and code .. ring 0 level of the process of detection. Requires DDK environmental.
HookCreateProcess
- C++开发的驱动,VB写的接口程序,希望对大家有用,拦截进程的创建,Ring0-C++ development of driver interface program written in VB, hope to be useful, intercept process creation, Ring0
MyCopyFile
- 文件拷贝,驱动实现,在内核层对指定的文件进行拷贝-copy file in the Ring0
Ring0MessageBox_Src
- 驱动层主动与应用层通讯的例子,需要一定的驱动基础-Ring0MessageBox from ring0 to ring3
ORegDriveerp
- Ring0级操作注册表!在驱动开发中,经常会用到对注册表的操作,与Win32的API不同同,DDK提供另外一套对注册表操作的相关函数,本代码给出了内核模式下对注册表的所有操作实例! -Ring0 level operation of the registry! Driven development, often used in the operation of the registry, with the Win32 API, DDK provides another set of regi
rr0d_snapshot.tar
- RING0如何强制中断其他今晨个,这个不要断你打呢了几位-RING0 how to trap the other morning, not break you hit it several
DSIfirefall
- DSI个人驱动级防火墙源码 很值得研究 网络 RING0拦截-Driver stage DSI personal firewall source is worth studying
Coolvibes
- 这个是一个西班牙的家伙用DELPHI开发的远控,已经测试编译通过。 包内有madCollection,控件。 此远控没有过免杀,为学习用途,为ring3级别的,较为专业的远控是ring0层级别的. 欢迎大家一起学习交流远控的知识。-This is a Spanish guy DELPHI developed remote control has been tested compile. Package madCollection, control. Never had this re
kssd-rootkit
- 看雪学院Rootkit学习,1.内核Hook:对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-See snow Institute Rootkit learning, kernel Hook: hook from ring3 many, ring3 to ring
RestoreShadow
- Ring0 恢復 ShadowSSDT 原碼-Ring0 recovery ShadowSSDT original code
avscan
- 杀毒软件MiniFilter框架源码,包括ring3应用程序和ring0驱动程序。-The antivirus software MiniFilter framework, including ring3 application and ring0 driver.