Description: nformation hiding one of the highlights: the rootkit as a resource hidden in the user program into
Highlights of the two: the user code will be generated key as a primer, can effectively prevent the reverse, the hidden information is flawed, because only generated after reverse
Code, the code with the original author no less, to open its hidden deep in the future who download link and code.
Highlight three: with a fixed KEY, by some calculations, to produce an array of keys 1024.
Then use this key group and the user code operation, and ultimately generate a 4-byte decoding KEY.
By decoding KEY, loaded into memory from the drive, find hidden in their share of dirty resources
The list of those who download the code and parse out and return the user program, the user program to do bad things with it, and finally
But also to trace polished completely.
Highlights of the four: No change idt 0e interrupted, so that he points to an invalid address, so when debugging your blue s
To Search:
- [new1000Ypylon.Rar] - new 1000Y external source ah
- [PE] - Basic programming and client-driven, cli
- [my_hookOpenProcess] - Before the start of the process by modif
- [qqllkwg] - The plugin is programmed through the hoo
- [ssdt-hook] - 1. Get ssdt number of functions 2. Get s
- [IDT-Hook-] - IDT is a linear table 256 entry, each ID
File list (Check if you may need any files):
1)object hook.doc