hookntcontinue ring0- hook NtContinue+ source_code

Title: hookntcontinue

Category:
Hook api
Tags:
[ASM] [源码]
File Size:
6.27kb
Update:
2008-10-13
Downloads:
0 Times
Uploaded by:
zhuwg605

Description: ring0- hook NtContinue+ source_codering0 use the following hookNtContinue register drx7 realize the hook this code hooks ntoskrnl! NtContinue to set dr7 to 0 (no updating of dr7) so NtContinue called from ring3 cannot alter drX registers ... This hook will only PREVENT drX clearing from SEH (kiuser-> ntcontinue) and will not alter debugging using ring3 debuggers (olly-> SetThreadContext) mainly developed for personal reasearch and as anti-bpm ... Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll. dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =) Its use for some targets such as armadillo ... but never posted code ... by deroko

Downloaders recently: [More information of uploader zhuwg605]

To Search: Ring0 debugging debug ntoskrnl olly ring0 hook bpm

[HookAPI] - Site launch intercepted and replacement
[theNTfamilyofoperatingsystemstheymadethei] - This document is in the Windows NT opera
[CallMsgRing0] - in RING0 use RING3 MessageBox function.
[GetRing0] - through the compilation Rign0 level comp
[KernelExec] - from RING0 activated RING3-level applica
[LineageII] - 2 killer LineageII paradise藏经阁Trojan sou
[CodeZap] - err
[ProcDeny] - Kernel-level process monitoring source,
[ZWopenprocess] - Hook ZWopenprocess

File list (Check if you may need any files):

Main Category

SourceCode

Web Code

Develop Tools

Document

Other resource

Category

About site

CodeBus www.codebus.net