Description: Shadow Walker is not a weaponized attack tool. Its functionality is
limited and it makes no effort to hide it s hook on the IDT or its page
fault handler code. It provides only a practical proof of concept
implementation of virtual memory subversion. By inverting the defensive
software implementation of non executalbe memory, we show that it is
possible to subvert the view of virtual memory relied upon by the
operating system and almost all security scanner applications. Due to its
exploitation of the TLB architecture, Shadow Walker is transparent and
exhibits an extremely light weight performance hit. Such characteristics
will no doubt make it an attractive solution for viruses, worms, and
spyware applications in addition to rootkits.
- [KillVir] - This file contains a summary of what you
- [SESYS] - Get page segment address code probably i
- [Gdi_Plus] - GDI+ header files and LIB files, there i
- [FirstLetter] - Of the first letter of the text, only in
- [sw_remove] - shadow walker remove
- [ring0] - Check ring0 vulnerability in Windows ker
File list (Check if you may need any files):
FU_Lite
.......\bin
.......\...\msdirectx.pdb
.......\...\msdirectx.sys
.......\src
.......\...\MAKEFILE
.......\...\ProcessName.c
.......\...\ProcessName.h
.......\...\Rootkit.c
.......\...\Rootkit.h
.......\...\SOURCES
Download