Description: NP starts with CreateRemoteThread via WriteProcessMemory inject code to all processes (in addition to system process smss.exe), np own code through LoadLibrary to load the target process npggNT.des. npggNT.des Once loaded immediately start doing "bad", hooks (HOOK) system-critical functions such as OpenProcess, ReadProcessMemory, WriteProcessMemory, PostMessage and so on.
Hook method is through rewriting system function head start in the function of JMP to npggNT.des replacement function. Users call the corresponding system function, will first enter into npggNT.des module waits for NP examination,
To Search:
File list (Check if you may need any files):
NP Source\dump_wmimmc\ddkbuild.bat
.........\...........\hook.h
.........\...........\makefile
.........\...........\myFunction.h
.........\...........\myNativeAPIs.h
.........\...........\myNtoskrnlAPIs.h
.........\...........\myWin32kAPIs.h
.........\...........\Process.h
.........\...........\sources
.........\...........\wmimmc.c
.........\...........\wmimmc.dsp
.........\...........\wmimmc.dsw
.........\...........\wmimmc.h
.........\...........\原驱动文件\dump_wmmimc.sys
.........\...........\原驱动文件
.........\dump_wmimmc
NP Source
Download