Description: New version of the " NT System general process protection," complete code (exe & sys) to protect the process & thread, in addition to recovery hooks, no way to kill the APC. However, sending messages to a thread, or can kill indiscriminately, Ring 0 memory is cleared can kill. In a few days I defense " to the thread message" and " Ring 0 memory is cleared," the driver made up.
To Search:
File list (Check if you may need any files):
InlineHook_OROBH\buildchk_wnet_x86.log
................\dbghelp.h
................\ddkbuild.bat
................\inlineObReferenceObjectByHandle.dsp
................\inlineObReferenceObjectByHandle.dsw
................\inlineObReferenceObjectByHandle.ncb
................\inlineObReferenceObjectByHandle.plg
................\makefile
................\readme.txt
................\buildchk.log
................\sources
................\buildchk_wnet_x86.err
................\buildchk_wxp_x86.log
................\inlineObReferenceObjectByHandle.c
................\inlineObReferenceObjectByHandle.h
................\inlineObReferenceObjectByHandle.opt
................\VB\cls_Driver.cls
................\..\MSSCCPRJ.SCC
................\..\工程1.vbw
................\..\inlineObReferenceObjectByHandle.sys
................\..\vb_test.exe
................\..\form1.frm
................\..\工程1.vbp
................\objchk_wxp_x86\i386\inlineobreferenceobjectbyhandle.obj
................\..............\....\inlineObReferenceObjectByHandle.sys
................\..............\....\inlineObReferenceObjectByHandle.pdb
................\..............\_objects.mac
................\..............\i386
................\VB
................\objchk_wxp_x86
InlineHook_OROBH