Description: Check that there is an EAT hook in the kernel. The kernel module's export function name and real address are obtained from the application layer through VB and then compared with the memory address. If different, recovery. -eat check whether there is linked to the kernel.vb obtained at the application layer through the kernel module exported function names and real addresses, and then compared with the memory address.
To Search:
File list (Check if you may need any files):
检测内核EAT HOOK\EATCHECK.sys
................\exe\ADE32.bas
................\...\cls_Driver.cls
................\...\EATCHECK.exe
................\...\EATCHECK.vbp
................\...\EATCHECK.vbw
................\...\frm_Main.frm
................\...\GetSystemRoutineAddress.bas
................\...\HdKillMP.RES
................\...\mod_DrvFunc.bas
................\...\mod_PEInfo.bas
................\...\UnsignedOperation.bas
................\...\工程1.vbw
................\sys\buildfre_wxp_x86.log
................\...\LDasm.h
................\...\makefile
................\...\MyDriver.c
................\...\MyDriver.h
................\...\objfre_wxp_x86\i386\EATCHECK.pdb
................\...\..............\....\EATCHECK.sys
................\...\..............\....\mydriver.obj
................\...\..............\....\mydriver.obj.oacr.root.x86fre.pft.xml
................\...\..............\....\vc90.pdb
................\...\..............\....\_objects.mac
................\...\sources
................\...\objfre_wxp_x86\i386
................\...\objfre_wxp_x86
................\exe
................\sys
检测内核EAT HOOK
Download