Description: Ring0下恢复SSDT Shadow,在用户端的情况下恢复系统描述表-Under the recovery Ring0 SSDT Shadow, in the case of the client to restore the system description Platform: |
Size: 19456 |
Author:小梦 |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,杀进程、杀线程、卸载模块等功能
2.内核驱动模块查看,支持内核驱动模块的内存拷贝
3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、Classpnp、Atapi、Acpi、SCSI、IDT、GDT信息查看,并能检测和恢复ssdt hook和inline hook
4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除
5.端口信息查看,目前不支持2000系统
6.查看消息钩子
7.内核模块的iat、eat、inline hook、patches检测和恢复
8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除(1. process, thread, process module, process window, process memory information view, kill process, kill thread, unload module and so on
2. kernel driver module view, support the memory module of the kernel driver module
3.SSDT, Shadow, SSDT, FSD, KBD, TCPIP, Classpnp, Atapi, Acpi, SCSI, IDT, GDT, information view, and can detect and restore SSDT, hook and inline hook
4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego and other Notify Routine information view, and support for the deletion of these Notify Routine
5. port information, currently 2000 systems are not supported
6. view message hook
7. kernel module of IAT, eat, inline, hook, patches detection and recovery
8. disk, volume, keyboard, network layer filter driver detection, and support deletion) Platform: |
Size: 6559744 |
Author:aa77ss55dd
|
Hits: