Description: 通过例子介绍了Windows系统服务调用的基本知识及Hook SSDT的方法-by example on the Windows system service called the basic knowledge and methods Hook SSDT Platform: |
Size: 1024 |
Author:zhangyoufu |
Hits:
Description: 一本关于Windows NT 的书籍,书中涉及处皆是系统核心奥妙之所在,内存操作、各类钩挂、系统服务、软件中断等等系统黑客必掌握之绝技,此书皆有论述,且其内容之深入、之实际以往经典中也难得一见。-A book on Windows NT, the book is the core of the system are related to Department mysteries lie, memory operations, various types of hook, system services, software, system interruption, etc. must master the stunt hackers, this book Jieyou discussed, and its content depth, the actual past is also a rare classic. Platform: |
Size: 384000 |
Author:张蓝天 |
Hits:
Description: SSDT的全稱是System Services Descriptor Table,系統服務描述符表。這個表就是一個把ring3的Win32 API和ring0的內核API聯繫起來。SSDT並不僅僅只包含一個龐大的位址索引表,它還包含著一些其他有用的資訊,諸如位址索引的基底位址、服務函數個數等。
通過修改此表的函數位址可以對常用windows函數及API進行hook,從而實現對一些關心的系統動作進行過濾、監控的目的。一些HIPS、防毒軟體、系統監控、註冊表監控軟體往往會採用此介面來實現自己的監控模組,
目前極個別病毒確實會採用這種方法來保護自己或者破壞防毒軟體,但在這種病毒進入系統前如果防毒軟體能夠識別並清除它將沒有機會發作.
-SSDT s full name is System Services Descriptor Table, the system service descriptor table. This is a table of the Win32 API and ring0 ring3 kernel API link. SSDT is not only a huge address contains only the index table, it also contains some other useful information, such as the address of the index base address, the number of functions and other services.
Function by modifying the address of this table can be used for windows functions and API hook, in order to achieve the action of some concern to filter systems, surveillance purpose. Some HIPS, antivirus software, system monitoring, registry monitoring software often uses this interface to implement its own monitoring module,
At present very few virus does use this method to protect themselves or to destroy anti-virus software, but if the virus before the antivirus software into the system and clear it will not be able to identify opportunities to attack. Platform: |
Size: 335872 |
Author:小明 |
Hits:
Description:
基于WFP模型的网络防火墙设计实现
WFP(Windows Filter Platform)是为网络过滤应用开发平台提供支持的API和系统服务的集合。WFP允许开发者编写代码和操作系统的网络协议栈
交互。网络数据可以在到达目的地之前被过滤和修改。通过提供简单的开发平台,WFP被用于取代以前的TDI过滤,NDIS过滤,以及LSP(Winsock
Layered Service )。在Visita及以后的系统火墙钩子,过滤钩子驱动将不再适用。
-Model-based network firewall designed to achieve WFP WFP (Windows Filter Platform) is a collection that provides support for network filtering application development platform API and system services. WFP allows developers to write interactive network protocol stack and operating system code. Network data can be filtered and modified before reaching the destination. By providing a simple development platform, WFP is used to replace the previous TDI filter, NDIS filter, and LSP (Winsock Layered Service). Visita systems in and beyond the firewall hook, the filter hook driver will no longer apply. Platform: |
Size: 350208 |
Author:注册会员 |
Hits: