Welcome![Sign In][Sign Up]
Front-page it | Collect it | [中国-简体中文]
FAQ Fav
Location:
Search - EPROCESS

Search list

[Driver DevelopProcess_to_hide

Description: The example of driver, which hides selected process, by manipulating EPROCESS struct, lang:C
Platform: | Size: 2048 | Author: Flexx | Hits:

[Driver DevelopUpLoad

Description: 驱动枚举进程,控制线程AFFINITY,通过修改EPROCESS,ETHREAD ,KTHREAD 等结构,修改AFFINITY-thread affinity control in windows driver
Platform: | Size: 4655104 | Author: michael | Hits:

[OpenGL programeprocess-1.0-fx

Description: Firefox plugin para acesso ao eCompany PRoce-Firefox plugin para acesso ao eCompany PRocess
Platform: | Size: 5120 | Author: Rogerio | Hits:

[Windows DevelopGetCurrentProcessName

Description: 一个从内核态获取Eprocess结构中获取,进程名偏移的代码;采用内联汇编完成功能;- Get the offset of the name of the process from ring0
Platform: | Size: 1024 | Author: 上善若水 | Hits:

[VC/MFCAnti-ReverseEngineeringGuide

Description: Anti-ReverseEngineeringGuide.rar IsDebuggerPresent() EPROCESS Structure...etc-Anti-ReverseEngineeringGuide.rar IsDebuggerPresent() EPROCESS Structure...etc..
Platform: | Size: 526336 | Author: lks | Hits:

[Data structsEPROCESS

Description: 基于EPROCESS结构中双向链表的进程检测方法-EPROCESS structure based on two-way linked list in the process of detection methods
Platform: | Size: 246784 | Author: | Hits:

[OS programqwe

Description: 程序用内核驱动的方式进入ring0,然后访问EPROCESS结构,在EPROCESS结构中找到进程链,从而可实现进程的枚举,但是由于PID 为0的系统进程Idle并没有在这个链上.所以通过这种方法自然也就找不出它来.程序输出可以用softice或DebugView工具查看. 本程序只在XP下调试通过.-Procedures with the way the kernel driver into the ring0, then visit EPROCESS structure, the structure found in EPROCESS process chain, which can realize the process of enumeration, but because the system process PID to 0 in the Idle and no chain. So by this method naturally can not find it to. process output can softice or DebugView tool to view. This program only under XP through debugging.
Platform: | Size: 2048 | Author: zhangliang84 | Hits:

[Windows DevelopEPROCESS

Description: winxp,2003sp1,vista,win7 系统下的EPROCESS结构的详细介绍。怎么使用,你懂的。-winxp, 2003sp1, vista, win7 EPROCESS under the structure of the system in detail. How to use, you know.
Platform: | Size: 10240 | Author: bishamon | Hits:

[Driver Develophideprocess

Description: 基于内核EPROCESS结构的进程隐藏程序...可以有效的隐藏指定进程-hide Process
Platform: | Size: 1024 | Author: huo | Hits:

[Driver DevelopEPROCESS_ActiveProcessLinks

Description: 这个EPROCESS结构在ntddk.h中有定义,但是并未给出具体的结构,因此要得到EPROCESS中一些重要的成员变量,只能通过偏移的方法,比如PID,ImageName等.这些偏移可以在Windbg中dt _EPROCESS得到,但是不公开感觉还是不爽,而且这东西在不同的系统版本中不一样,如果要兼容的话,就必须先判断操作系统版本,遍历EPROCESS中的进程-The ntddk.h EPROCESS structure are defined, but did not give a specific structure, so to get some important members EPROCESS variables, only through the offset method, such as PID, ImageName and so on. These offsets can be Windbg in dt _EPROCESS, but still feel uncomfortable not open, and this version of things in different systems is not the same, if compatible, it must first determine the operating system version, the process of traversing EPROCESS
Platform: | Size: 141312 | Author: xingchao | Hits:

[Windows DevelopRtkProcess

Description: 无权限处理的隐藏进程程序,无需将权限转化为核态就可以隐藏进程程序,主要是对EPROCESS的处理。-No Authorization is the process of program hidden, without the permission into the process of nuclear states can be hidden program, mainly for the treatment EPROCESS.
Platform: | Size: 29696 | Author: airblock` | Hits:

[Windows Developget-EPROCESS

Description: 在Windows下编程实现获取本进程的EPROCESS在内存中地址-Get this process itself EPROCESS address programming under Windows
Platform: | Size: 2048 | Author: xi | Hits:

[ELanguageeprocess

Description: 也是一个远程控制的源码!大家来看看哦!希望站长通过啊!-A remote control of the source! Have a look at Kane! Hope that the webmaster by ah!
Platform: | Size: 1022976 | Author: 雷海洋 | Hits:

[Windows DevelopEPROCESSPEB

Description: 分别在EPROCESS、PEB中彻底改掉进程名-Completely get rid of the process name in EPROCESS, PEB
Platform: | Size: 2048 | Author: vohanjun | Hits:

[OS programGetEPROCESS

Description: 获取程序的EPROCESS结构体,可以对进程进行操作-Get the program EPROCESS structure, process
Platform: | Size: 47104 | Author: zhoudaniel | Hits:

[Windows DevelopRtkProcess

Description: 无权限处理的隐藏进程程序,无需将权限转化为核态就可以隐藏进程程序,主要是对EPROCESS的处理。-No Authorization is the process of program hidden, without the permission into the process of nuclear states can be hidden program, mainly for the treatment EPROCESS.
Platform: | Size: 29696 | Author: owthea | Hits:

[Windows DevelopRtkProcess

Description: 无权限处理的隐藏进程程序,无需将权限转化为核态就可以隐藏进程程序,主要是对EPROCESS的处理。-No Authorization is the process of program hidden, without the permission into the process of nuclear states can be hidden program, mainly for the treatment EPROCESS.
Platform: | Size: 29696 | Author: onhatgr | Hits:

[Game Hook CrackCppGetEProcess

Description: 获取指定进程的EPROCESS,用来过DebugPort清零的判断-Get a process s EPROCESS to pass set DebugPort 0.
Platform: | Size: 2048 | Author: 蓝紫 | Hits:

[Process-Threadeprocess

Description: 获得wrk中当前进程eprocess结构体-Get the current process eprocess structure
Platform: | Size: 1024 | Author: 赵福利 | Hits:

[Windows DevelopEProcess

Description: Process End Module For VB6
Platform: | Size: 1024 | Author: p1co | Hits:
« 12 »

CodeBus www.codebus.net