Description: Generally find on the Internet are required Ring3 address transmission needs a patch in the past ... 002 is the direct use of most standard approach to SSDT locate and repair support for multi-core systems, of course, 003 (add shadow ssdt hook), 004 (adding inline hook) is basically the recovery is now the most stable way, and we can use KMDLoader test. loaded on decoupling. does not require communication
File list (Check if you may need any files):
CCRootkit\RootkitSys\KillProcess.c
.........\..........\KillProcess.h
.........\..........\HideRegKey.h
.........\..........\NotifyRoutine.h
.........\..........\SysThread.h
.........\..........\HideRegKey.c
.........\..........\NotifyRoutine.c
.........\..........\HideDriver.c
.........\..........\buildchk_wxp_x86.log
.........\..........\MAKEFILE
.........\..........\HookSysCall.h
.........\..........\objchk_wxp_x86\_objects.mac
.........\..........\..............\i386\SysThread.sys
.........\..........\..............\....\SysThread.pdb
.........\..........\..............\....\rootkit.obj
.........\..........\..............\....\hookshadowssdt.obj
.........\..........\..............\....\restoressdt.obj
.........\..........\..............\....\hookssdt.obj
.........\..........\..............\....\irpfile.obj
.........\..........\..............\....\hooksyscall.obj
.........\..........\..............\....\loadimagenotify.obj
.........\..........\..............\....\hidedriver.obj
.........\..........\..............\....\killprocess.obj
.........\..........\..............\....\systhread.obj
.........\..........\..............\....\hideregkey.obj
.........\..........\..............\....\notifyroutine.obj
.........\..........\..............\....\ccrootkit.obj
.........\..........\..............\....\rootkitdriver.obj
.........\..........\..............\....\dkomhidedriver.obj
.........\..........\HideDriver.h
.........\..........\SOURCES
.........\..........\SysThread.c
.........\..........\buildfre_wxp_x86.log
.........\..........\objfre_wxp_x86\i386\loadimagenotify.obj
.........\..........\..............\....\irpfile.obj
.........\..........\..............\....\killprocess.obj
.........\..........\..............\....\hooksyscall.obj
.........\..........\..............\....\systhread.obj
.........\..........\..............\....\hideregkey.obj
.........\..........\..............\....\notifyroutine.obj
.........\..........\..............\....\rootkitdriver.obj
.........\..........\..............\_objects.mac
.........\..........\IrpFile.h
.........\..........\CCRootkit.h
.........\..........\IrpFile.c
.........\..........\HookShadowSSDT.c
.........\..........\HookShadowSSDT.h
.........\..........\HookSSDT.h
.........\..........\HookSSDT.c
.........\..........\RestoreSSDT.h
.........\..........\RestoreSSDT.c
.........\..........\CCRootkit.c
.........\.......Dll\RootkitDll.plg
.........\..........\RootkitDll.dsp
.........\..........\RootkitDll.cpp
.........\.......Loader\Rootkit.dll
.........\.............\ReleaseFile.cpp
.........\.............\ReSSDT.cpp
.........\.............\RootkitLoader.ncb
.........\.............\ReSSDT.h
.........\.............\FindWindow.h
.........\.............\LoadDriver.h
.........\.............\ReleaseFile.h
.........\.............\RemoteInject.h
.........\.............\RootkitLoader.plg
.........\.............\FindWindow.cpp
.........\.............\FindProcess.h
.........\.............\RootkitLoader.dsp
.........\.............\Rootkit.rc
.........\.............\RemoteInject.cpp
.........\.............\RootkitLoader.dsw
.........\.............\FindProcess.cpp
.........\.............\RootkitLoader.cpp
.........\.............\LoadDriver.cpp
.........\.............\Rootkit.sys
.........\.............\RootkitLoader.opt
.........\Rootkit.ncb
.........\Rootkit.dsw
.........\i386\Rootkit.pdb
.........\....\Rootkit.sys
.........\buildchk_wxp_x86.log
.........\CCROOTKIT-README.txt
.........\Rootkit.bbs
.........\BIN\RootkitLoader.exe
.........\Rootkit.opt
.........\.......Sys\objchk_wxp_x86\i386
.........\..........\...fre_wxp_x86\i386
.........\..........\objchk_wxp_x86
.........\..........\objfre_wxp_x86
.........\.......Dll\Release
.........\.......Loader\Release
.........\RootkitSys
.........\RootkitDll
.........\RootkitLoader
.........\i386
.........\BIN
.........\Release
CCRootkit
Download