Location:
Search - Hook Detection
Search list
Description: rootkit检测应用程序的是否被hook,里面包含了源码。包含应用层和驱动层代码。-rootkit detection application procedures whether the hook, which contains the source code. Includes application layer and layer-driven code.
Platform: |
Size: 59392 |
Author: 刘春远 |
Hits:
Description: 以malloc hook的方式检测内存泄漏的工具
-malloc hook to the memory leak detection tools
Platform: |
Size: 179200 |
Author: chen |
Hits:
Description: 这是一个钩子检测,枚举程序,可以发现系统中安装了哪些钩子.然后你就可以卸载它了.
这个rar包含原EnumHook工程,但原工程是用RadAsm2.2.1.1汉语增强版编译的,是汇编源代码,我将它重写成c++源码,这样就有利于进一步的开发了.-This is a hook detection, enumeration procedures, can be found which is installed on the system hook. And then you can uninstall it. EnumHook the rar contains the original works, but the original project is the enhanced version with Chinese RadAsm2.2.1.1 compiled, is a compilation of source code, I re-wrote it c++ source, so there is conducive to further development of the.
Platform: |
Size: 68608 |
Author: fdsa |
Hits:
Description: IDT Hook 检测及恢复
此程序在 Ring3 下打开物理内存对象取得当前内存中的 IDT,再用打开对应的原始内核文件进行比较。带恢复功能。
此程序适用于 XP/2003。采用特征码搜索方式查找。注释详细,代码规范-IDT Hook detection and recovery procedures in this Ring3 to open the physical memory object to obtain the current memory of IDT, and then open the corresponding document to compare original kernel. With recovery. This procedure applies to XP/2003. Using signature search search. Notes detailed specification code
Platform: |
Size: 6144 |
Author: 张京 |
Hits:
Description: 一个不错的钩子检测程序,用以检测你的钩子制作有没有成功,很好的程序哦-A good hook detection procedure to detect the production of your hook has not been successful, very good procedures for Oh
Platform: |
Size: 13312 |
Author: chen |
Hits:
Description: USB设备检测程序,可检测各种USB设备,包括键盘、鼠标、MP3、各种DC,微软开发的例程。-USB device detection procedures, can detect a variety of USB devices, including keyboard, mouse, MP3, a variety of DC, Microsoft-developed routines.
Platform: |
Size: 32768 |
Author: gfsuper_2211 |
Hits:
Description: 检测自己不被Hook,这在反黑、反病毒应用中是很重要的-Detection of their own not to be Hook, in the anti-, anti-virus applications is very important
Platform: |
Size: 17408 |
Author: viter |
Hits:
Description: ssdt钩子检测,利用查找ntkrnlpa.exe中导出的ssdt的起始地址和大小,比较实际的ssdt地址表中的内容,找出钩子-ssdt hook detection, the use of export ntkrnlpa.exe Find ssdt the start address and size, a more realistic ssdt address the contents of the table to find out hook
Platform: |
Size: 6144 |
Author: john smith |
Hits:
Description: The main objective of this system is to transmit message or text through ordinary Land Line Telephone from one end (source) to another end (designation). This is get achieved by the DTMF technology. It has two sections one for editing the text and to transmit the edited text and the other section consist for receiving the text message. The system works on the DTMF technology. (Dual Tone Multiple Frequency).
It involves several steps. They are
DTMF decoding/Encoding process
Ring sensing
ON/OFF hook detection
Displaying the message in LCD
The above process is get achieved by the microcontroller AT89S8252.Thus Microcontroller controls the whole system.
Sponsored -The main objective of this system is to transmit message or text through ordinary Land Line Telephone from one end (source) to another end (designation). This is get achieved by the DTMF technology. It has two sections one for editing the text and to transmit the edited text and the other section consist for receiving the text message. The system works on the DTMF technology. (Dual Tone Multiple Frequency).
It involves several steps. They are
DTMF decoding/Encoding process
Ring sensing
ON/OFF hook detection
Displaying the message in LCD
The above process is get achieved by the microcontroller AT89S8252.Thus Microcontroller controls the whole system.
Sponsored
Platform: |
Size: 163840 |
Author: Binu |
Hits:
Description: netfilter源码。通俗的说,netfilter的架构就是在整个网络流程的若干位置放置了一些检测点(HOOK),而在每个检测点上上登记了一些处理函数进行处理(如包过滤,NAT等,甚至可以是 用户自定义的功能)。 -netfilter source. Popular to say, netfilter framework is the process in a number of locations throughout the network to place a number of detection points (HOOK), each test point in the number of registered handler for processing (such as packet filtering, NAT, and even can be user-defined function).
Platform: |
Size: 738304 |
Author: rch |
Hits:
Description: Open Source SSDT Hook detection utility, it will scan the SSDT Entries in the kernel (ntoskrnl.exe) and find the functions that are hooked & not in the kernel base address range .
Platform: |
Size: 102400 |
Author: __Genius__ |
Hits:
Description: 基于HOOK和轮询检测机制的屏幕共享技术,
屏幕共享是一个很早就有的想法,它最初是在1968年辈ENGELBART展示出来的,用于在线会议。ENGELBART展示的屏幕共享是硬件方式实现的,在苹果公司提出图形化的用户界面(GUI)之后,出现了软件方式的屏幕共享技术。由于软件防护四屏幕共享的成本较低,使其得到了迅速的发展,在远程控制、远程教学、视频会议和股票分析系统中都存在着屏幕共享的需要。
目前主流的屏幕共享原理是先检测屏幕图像的变化,根据变化区域截取图像,再压缩传输给客户端。本文把检测屏幕图像的变化并获取变化区域称为热点捕捉。屏幕共享系统中影响速度的根本因素是传输图像的数据量,因此研究热点捕捉,减少图像的数据量是提高屏幕共享速度的关键。-HOOK and polling-based detection mechanism of the Screen Sharing
Platform: |
Size: 583680 |
Author: |
Hits:
Description: 基于api hook技术的未知病毒检测工具,可以用来学习。使用api hook工具获取刻意进程的api 序列,以api短序为特征输入svm进行识别。-Api hook technique based on the unknown virus detection tool to learn. Tools for use api hook api deliberate process sequence to a short sequence featuring api import svm for recognition.
Platform: |
Size: 7233536 |
Author: 卜少锋 |
Hits:
Description: 一:SSDT表的hook检测和恢复
二:IDT表的hook检测和恢复
三:系统加载驱动模块的检测
四:进程的列举和进程所加载的dll检测
-1: SSDT table hook detection and recovery 2: IDT table hook detection and recovery 3: System load driver module test 4: the process list and the process of loading the dll test
Platform: |
Size: 2296832 |
Author: 虫子 |
Hits:
Description: 1、息钩子监视:列举系统上的消息钩子。
2、块加载监视:列举系统上加载的所有内核模块
3、SSDT监视:通过得到原始的SSDT地址来得到被恶意程序HOOK的API以及恢复SSDT
4、注册表保护:对一些重要的注册表项进行保护,防止恶意程序对其进行修改。
5、隐藏进程检测:检测出系统中隐藏的进程。
6、隐藏端口检测:检测出系统中隐藏的端口。
7、进程强杀:能够杀死系统中的对自身保护的恶意进程。-1, the interest rate hook monitoring: list of system messages on the hook. 2, block load monitoring: list of all the system loads the kernel modules 3, SSDT Monitor: SSDT get the original address to get the API HOOK malicious program and restore SSDT 4, registry protection: some important registry item for protection against malicious programs modify. 5, the hidden process detection: detection of hidden system process. 6, hidden port detection: the system detected the hidden port. 7, strong kill the process: the system can kill self-protection against malicious processes.
Platform: |
Size: 3553280 |
Author: 虫子 |
Hits:
Description: 探测密码 全局动态库钩子,学习系统编程的好材料-Password global dynamic library hook detection, good material for learning system programming
Platform: |
Size: 2741248 |
Author: lslsyqyq |
Hits:
Description: The main objective of this system is to transmit message or text through ordinary Land Line Telephone from one end (source) to another end (designation). This is get achieved by the DTMF technology. It has two sections one for editing the text and to transmit the edited text and the other section consist for receiving the text message. The system works on the DTMF technology. (Dual Tone Multiple Frequency).
It involves several steps. They are
DTMF decoding/Encoding process
Ring sensing
ON/OFF hook detection
Displaying the message in LCD
The above process is get achieved by the microcontroller AT89S8252.Thus Microcontroller controls the whole system.
Platform: |
Size: 114688 |
Author: sivakumar |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,热键信息查看,杀进程、杀线程、卸载模块等功能 2.内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、IDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除 5.端口信息查看,目前不支持2000系统 6.查看消息钩子 7.内核模块的iat、eat、inline hook、patches检测和恢复 8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除 9.注册表编辑 -1 process, thread, process modules, process window, process memory information viewing, hot information to view, kill the process, kill thread, unload the module and other functions 2 kernel driver module view, to support the kernel driver module memory copy 3.SSDT, Shadow SSDT, FSD, KBD, TCPIP, IDT information view, and can detect and recover ssdt hook and inline hook 4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego, etc. Notify Routine Information check, and to support their Notify Routine Delete 5 port information view, the current system does not support 2000 6 view news hook 7 kernel module iat, eat, inline hook, patches detection and recovery 8 disk, volume, keyboard, network layer filter driver detect, and support for the deletion 9. Registry Editor
Platform: |
Size: 3696640 |
Author: 接收 |
Hits:
Description: 通信网试验基础实验代码,包括时间表调度实验、摘挂机检测实验、脉冲计数实验、位间隔识别实验、软件送音实验、驱动交换网络实验-Communication network based experimental test code, including the timetable scheduling experiment, hook detection experiments, pulse-counting experiments, the bit interval identification experiments, the software to send audio test, the driver switched network experiment
Platform: |
Size: 179200 |
Author: 李明 |
Hits:
Description: HookScout Proactive Binary-Centric Hook Detection
Platform: |
Size: 474112 |
Author: AuraFawkes |
Hits: