Location:
Search - SSDT
Search list
Description: 通过例子介绍了Windows系统服务调用的基本知识及Hook SSDT的方法-by example on the Windows system service called the basic knowledge and methods Hook SSDT
Platform: |
Size: 1004 |
Author: zhangyoufu |
Hits:
Description: 挂钩SSDT,通过驱动和hook函数进行进程控制。
Platform: |
Size: 36983 |
Author: yeqing |
Hits:
Description: VB+SYS查看SSDT
驱动源码见本网
Platform: |
Size: 20995 |
Author: GGY |
Hits:
Description: 可用于恢复SSDT绝对的经典值得收藏
可以让卡巴失效。好哦好哦好好哦好
Platform: |
Size: 9716 |
Author: xch |
Hits:
Description: Delphi开发驱动的一个例子
1.映射ntoskrnl.exe到内存
2.重定位信息...
3.搜索SSDT基址
4.补丁回去
Platform: |
Size: 14457 |
Author: fanghui |
Hits:
Description: 恢复SSDT,干什么用的自己想吧
Platform: |
Size: 17555 |
Author: vuqy@sohu.com |
Hits:
Description: SSDT hook example (hiding processes) correction
-SSDT hook example (hiding processes) Corr ection
Platform: |
Size: 1024 |
Author: wewwq |
Hits:
Description: 利用恢复SSDT来对付杀毒软件的主动防御的代码例子-resume SSDT use anti-virus software to deal with the active defense of code examples
Platform: |
Size: 16384 |
Author: 王瑜与 |
Hits:
Description: 驱动级的隐藏进程代码,在驱动层通过替换ssdt地址表中的函数来隐藏进程-Driver-class to hide the process of code, in the driver layer SSDT address table by replacing the function to hide the process of
Platform: |
Size: 135168 |
Author: 俞健 |
Hits:
Description: 挂钩SSDT隐藏进程,本人做了详细的注释,对学习驱动的人有很大帮助-SSDT hidden processes linked to, I make detailed notes, learning-driven people are very helpful
Platform: |
Size: 36864 |
Author: long |
Hits:
Description: 用DDDK编写驱动,修改SSDT表HOOK NTDebugActiveProcess函数
钩子函数中可以判断PID号,决定是否放行,放行则在钩子函数中调用原来的NTDebugActiveProcess函数.否则直接返回False.HOOK成功后所有调用DebugActiveProcess的程序将会失效.当然可以按照你的需要HOOK更多的系统服务函数.同一服务函数的服务号在每个操作系统版本中是不同的.下面附件中编译完成的驱动请在WinXP SP2的环境下测试.否则可能会导致直接重启-Used to prepare DDDK drive, modify SSDT Table HOOK NTDebugActiveProcess function hook function can determine the PID number, decide whether to release, release in the hook function to call the original function NTDebugActiveProcess. False.HOOK Otherwise, after the success of a direct return all calls DebugActiveProcess procedures will be failure. You can, of course, in accordance with the needs of more system services HOOK function. the same service function of the service in each of the operating system versions are different. following the completion of the annex to compile drivers in WinXP SP2 test environment. or else may lead to the resumption of direct
Platform: |
Size: 3072 |
Author: 张京 |
Hits:
Description: SSDT,这个东西大家应该知道吧,我就不介绍了,好东西自然值得我们的关注.-SSDT, this thing, everyone should know, I do not introduced, the natural good things worthy of our attention.
Platform: |
Size: 1833984 |
Author: huangai93 |
Hits:
Description: 一个恢复r0态SSDT挂钩的小程序,包括exe文件和驱动文件的源码-R0 a restoration of state SSDT linking small procedures, including exe files and driver source files
Platform: |
Size: 1841152 |
Author: MTrickster |
Hits:
Description: 获取SSDT列表的程序源码,部分代码用DDK编译开发-SSDT procedure to obtain a list of source code, some code developed using DDK compiler
Platform: |
Size: 27648 |
Author: unifix |
Hits:
Description: 查看系统SSDT,系统中被HOOK的函数以红色显示,可以恢复之-View the system SSDT, the system was a function of HOOK in red, it can be restored
Platform: |
Size: 34816 |
Author: 周维祝 |
Hits:
Description: 提供进程监视[包括启动参数]
进程检测[包括启动参数]
网络连接检测
SSDT检测
BHO检测
IE插件检测
自启动项检测
-------程序部分[使用彩字显示]
包含TD2,PTTD,2个DLL使用方法
TD3驱动使用方法-To provide process monitoring [including start-up parameters] the process of testing [including startup parameter] Network Connection BHO detection SSDT Detection Detection Detection of IE plug-ins since the start of testing- the procedural part of [the use of color word shows that] contains TD2, PTTD, 2 months DLL use TD3 driver to use
Platform: |
Size: 432128 |
Author: zzn |
Hits:
Description: DELPHI恢复SSDT源码
有搞这方面的人可以学习一下-DELPHI source SSDT has engaged in the restoration of this area can learn about
Platform: |
Size: 439296 |
Author: lianx |
Hits:
Description: VC恢复SSDT源代码,让杀毒主动失效的新代码。-VC to restore SSDT source code, so that the initiative ineffective antivirus new code.
Platform: |
Size: 1775616 |
Author: sadsa |
Hits:
Description: 对付ring0 inline hook的基本思路是这样的,自己写一个替换的内核函数,以NtOpenProcess为例,就是 MyNtOpenProcess。然后修改SSDT表,让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是,实现NtOpenProcess前10字节指令,然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了,在ring3直接调用OpenProcess再也毫无影响。-Ring0 inline hook to deal with the basic idea is that the replacement of their own to write a kernel function to NtOpenProcess for example, is MyNtOpenProcess. And then amend the SSDT table, so that system services into its own function MyNtOpenProcess. And MyNtOpenProcess to do is realize NtOpenProcess the first 10-byte instruction, and then JMP to the original NtOpenProcess the Cross Festival. This NtOpenProcess function of the JMP are the first to write a lapse in ring3 no longer directly call OpenProcess no impact.
Platform: |
Size: 3072 |
Author: sdlylz |
Hits:
Description: Windows NT/2000/XP/Server 2003 获取Ring0的便捷工具
程序创建了几个段:
IDT,GDT,SSDT,Linear
为创建Ring3,Ring0之间的互交便捷-Windows NT/2000/XP/Server 2003 to obtain a convenient tool Ring0 program to create a few paragraphs: IDT, GDT, SSDT, Linear for the creation of Ring3, Ring0 between the interactive and convenient
Platform: |
Size: 1024 |
Author: peacekeep |
Hits:
«
1
23
4
5
6
7
8
9
10
...
17
»