Description: Simple SSDT ring0-level recovery method is to export the location of the most original SSDT table, record, and then open the program compared to other process is to change the SSDT position, if you change, then cover with the original SSDT.
To Search:
File list (Check if you may need any files):
新建文件夹\Driver.cpp
..........\Driver.h
..........\Ioctls.h
..........\makefile
..........\ntddk.h
..........\Sources
..........\SSDTRecovery.sys
..........\....test\AppSSDT.cpp
..........\........\Debug\AppSSDT.obj
..........\........\.....\SSDTtest.exe
..........\........\.....\SSDTtest.ilk
..........\........\.....\SSDTtest.pch
..........\........\.....\SSDTtest.pdb
..........\........\.....\vc60.idb
..........\........\.....\vc60.pdb
..........\........\Ioctls.h
..........\........\SSDTtest.dsp
..........\........\SSDTtest.dsw
..........\........\SSDTtest.ncb
..........\........\SSDTtest.opt
..........\........\SSDTtest.plg
..........\........\Debug
..........\SSDTtest
新建文件夹
Download