Filename | Size | Date |
---|
【专题四】Rootkit的学习与研究 |
.............................\Read me.txt |
.............................\Rootkit |
.............................\.......\1。 内核hook |
.............................\.......\............\1)object hook |
.............................\.......\............\..............\1)object hook.doc |
.............................\.......\............\2)ssdt hook |
.............................\.......\............\............\2)ssdt hook.doc |
.............................\.......\............\............\SSDT Hook的妙用-对抗ring0 inline hook .doc |
.............................\.......\............\............\swk0207.rar |
.............................\.......\............\3)inline-hook |
.............................\.......\............\..............\360SuperKill学习之--恢复FSD的IRP处理函数.doc |
.............................\.......\............\..............\3)inline-hook.doc |
.............................\.......\............\..............\cnnic.rar |
.............................\.......\............\..............\ExpLookupHandleTableEntry.rar |
.............................\.......\............\..............\ExpLookupHandleTableEntry2.rar |
.............................\.......\............\..............\kill_SecuritySoftware.rar |
.............................\.......\............\..............\PsLookupProcessByProcessId执行流程学习笔记.doc |
.............................\.......\............\..............\句柄啊,3层表啊,ExpLookupHandleTableEntry啊.doc |
.............................\.......\............\..............\干掉KV 2008 | Rising等大部分杀软.doc |
.............................\.......\............\..............\搜索未导出的函数地址.doc |
.............................\.......\............\4)idt hook |
.............................\.......\............\...........\bhwin_keysniff.rar |
.............................\.......\............\...........\IDT Hook .doc |
.............................\.......\............\5)IRP hook |
.............................\.......\............\...........\5)IRP hook.doc |
.............................\.......\............\...........\irphook1.rar |
.............................\.......\............\...........\irphook2.rar |
.............................\.......\............\...........\irphook3.rar |
.............................\.......\............\6)SYSENTER hook |
.............................\.......\............\................\6)SYSENTER hook.doc |
.............................\.......\............\................\SysEnterHook.rar |
.............................\.......\............\7)IAT HOOK |
.............................\.......\............\...........\7)IAT HOOK.doc |
.............................\.......\............\...........\HybridHook.rar |
.............................\.......\............\...........\testtest.rar |
.............................\.......\............\8)EAT HOOK |
.............................\.......\............\...........\8)EAT HOOK.doc |
.............................\.......\............\...........\利用导出表来禁止一些驱动程序的加载.doc |
.............................\.......\............\...........\导出表钩子.rar |
.............................\.......\2。保护模式篇章第一部分: ring3进ring0之门 |
.............................\.......\..........................................\1)通过调用门访问内核 |
.............................\.......\..........................................\....................\1)通过调用门访问内核.doc |
.............................\.......\..........................................\....................\myCallGate.rar |
.............................\.......\..........................................\....................\test.rar |
.............................\.......\..........................................\2)通过中断门访问内核 |
.............................\.......\..........................................\....................\2)通过中断门访问内核.doc |
.............................\.......\..........................................\....................\myIntGate.rar |
.............................\.......\...................................... |