Welcome![Sign In][Sign Up]
Location:
Search - ZwQuerySystemInformation

Search list

[Internet-Networkcodecnt_1019035

Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation... -Many people are aware of the process to port a free map of Fport FoundStone tool, but he does not provide source code, I tried from its binary documents to find some information, he is generally aware of the use of some functions not open to the public, such as : ZwOpenSection, ZwQuerySystemInformation ...
Platform: | Size: 79259 | Author: ms-dos | Hits:

[OS program隐藏

Description: 查找进程,目录/文件,注册表等操作系统将最终调用 ZwQueryDirectoryFile,ZwQuerySystemInformation,ZwXXXvalueKey 等函数。要想拦截这些函数达到隐藏目的,需先自己实现以上函数, 并修改系统维护的一个 SYSCALL 表使之指向自己预先定义的函数。 因 SYSCALL 表在用户层不可见,所以要写 DRIVE 在 RING 0 下 才 可修改。-the search process, directories / files, the registry, such as the operating system will eventually call ZwQueryDirectoryFile, ZwQuerySystemInformation, ZwXXXvalueKey functions. To achieve these functions interception hidden purpose, the need to achieve over his first function, and modifying the system to maintain a SYSCALL table to make it at their pre-defined function. SYSCALL table for the user-visible, write DRIVE at RING 0 under any amendment.
Platform: | Size: 4060 | Author: aaaa | Hits:

[Process-Threadzbxi

Description: 文件-进程关联演示程序 pjf(jfpan20000@sina.com) 1、首先使用ZwQuerySystemInformation查询所有进程句柄, 2、获取句柄所代表对象信息,查出目标文件。核心态程序相对简单,对于 用户态程序,使用ZwQueryInformationFile同时与GetFileInformationByHandle、 GetVolumeInformation二API搭配获得之(前者得文件除去卷的路径名,后二者 得卷名) 另外可用ZwQueryObject。 3、综合1,2即完成-document-related processes pjf Demonstration Program (jfpan20000@sina.com) 1, the first to use ZwQuerySystemInformation process handle all inquiries, 2, represented by the acquisition target handle information, to identify the target file. Core state procedure is relatively simple, for the user state, the use of ZwQueryInformationFile GetFileInformationByHandle with the same time, GetVolumeInformation two API gained mix (in the former Vol remove documents from the path, in the latter two volumes) Also available ZwQueryObject. 3, the completion of comprehensive 1,2
Platform: | Size: 2271 | Author: 周继波 | Hits:

[Process-Threadcdlist

Description: 利用ZwQuerySystemInformation获取系统进程信息-use ZwQuerySystemInformation systematic process of information access
Platform: | Size: 21960 | Author: C | Hits:

[Ftp ClientSoft20060210102335677

Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation
Platform: | Size: 80002 | Author: ahcfwj | Hits:

[Hook apiHide_Process_Hook_MDL

Description: SSDT Hook ZwQuerySystemInformation 隐藏进程
Platform: | Size: 41793 | Author: inking | Hits:

[Windows DevelopFport

Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation
Platform: | Size: 74357 | Author: 龚俊先 | Hits:

[Process-ThreadFport 源码

Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation-Many people are aware of the process to port a free map of Fport FoundStone tool, but he does not provide source code, I tried from its binary documents to find some information, he is generally aware of the use of some functions not open to the public, such as : ZwOpenSection, ZwQuerySystemInformation
Platform: | Size: 141178 | Author: 杜宇 | Hits:

[Process-ThreadFport 源码

Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation-Many people are aware of the process to port a free map of Fport FoundStone tool, but he does not provide source code, I tried from its binary documents to find some information, he is generally aware of the use of some functions not open to the public, such as : ZwOpenSection, ZwQuerySystemInformation
Platform: | Size: 141312 | Author: 杜宇 | Hits:

[Internet-Networkcodecnt_1019035

Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation... -Many people are aware of the process to port a free map of Fport FoundStone tool, but he does not provide source code, I tried from its binary documents to find some information, he is generally aware of the use of some functions not open to the public, such as : ZwOpenSection, ZwQuerySystemInformation ...
Platform: | Size: 78848 | Author: ms-dos | Hits:

[OS program隐藏

Description: 查找进程,目录/文件,注册表等操作系统将最终调用 ZwQueryDirectoryFile,ZwQuerySystemInformation,ZwXXXvalueKey 等函数。要想拦截这些函数达到隐藏目的,需先自己实现以上函数, 并修改系统维护的一个 SYSCALL 表使之指向自己预先定义的函数。 因 SYSCALL 表在用户层不可见,所以要写 DRIVE 在 RING 0 下 才 可修改。-the search process, directories/files, the registry, such as the operating system will eventually call ZwQueryDirectoryFile, ZwQuerySystemInformation, ZwXXXvalueKey functions. To achieve these functions interception hidden purpose, the need to achieve over his first function, and modifying the system to maintain a SYSCALL table to make it at their pre-defined function. SYSCALL table for the user-visible, write DRIVE at RING 0 under any amendment.
Platform: | Size: 4096 | Author: aaaa | Hits:

[Process-Threadzbxi

Description: 文件-进程关联演示程序 pjf(jfpan20000@sina.com) 1、首先使用ZwQuerySystemInformation查询所有进程句柄, 2、获取句柄所代表对象信息,查出目标文件。核心态程序相对简单,对于 用户态程序,使用ZwQueryInformationFile同时与GetFileInformationByHandle、 GetVolumeInformation二API搭配获得之(前者得文件除去卷的路径名,后二者 得卷名) 另外可用ZwQueryObject。 3、综合1,2即完成-document-related processes pjf Demonstration Program (jfpan20000@sina.com) 1, the first to use ZwQuerySystemInformation process handle all inquiries, 2, represented by the acquisition target handle information, to identify the target file. Core state procedure is relatively simple, for the user state, the use of ZwQueryInformationFile GetFileInformationByHandle with the same time, GetVolumeInformation two API gained mix (in the former Vol remove documents from the path, in the latter two volumes) Also available ZwQueryObject. 3, the completion of comprehensive 1,2
Platform: | Size: 2048 | Author: 周继波 | Hits:

[Process-Threadcdlist

Description:
Platform: | Size: 21504 | Author: C | Hits:

[Ftp ClientSoft20060210102335677

Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation-Many people are aware of the process of port-to-one mapping of Foundstone free tools Fport, pity he did not provide source code, I tried from the binary file to find out some information, more or less know that he used some undisclosed function, such as: ZwOpenSection , ZwQuerySystemInformation
Platform: | Size: 79872 | Author: ahcfwj | Hits:

[Hook apiHide_Process_Hook_MDL

Description: SSDT Hook ZwQuerySystemInformation 隐藏进程-SSDT Hook ZwQuerySystemInformation hidden processes
Platform: | Size: 41984 | Author: inking | Hits:

[Windows DevelopFport

Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation-Many people are aware of the process of port-to-one mapping of Foundstone free tools Fport, pity he did not provide source code, I tried from the binary file to find out some information, more or less know that he used some undisclosed function, such as: ZwOpenSection , ZwQuerySystemInformation
Platform: | Size: 73728 | Author: | Hits:

[Hook apizwquerysysinfo_hook

Description: this is a hook of zwquerysysteminformation written in c
Platform: | Size: 3072 | Author: tornado | Hits:

[Internet-NetworkFPort

Description: 很多人都知道端口到進程映射的一個免費工具FoundStone的Fport,可惜他不提供源碼,我試著能從其二進制文件中找出一些信息,大致知道他使用了些未公開函數,諸如:ZwOpenSection,ZwQuerySystemInformation... -FPort port-to-process mapping
Platform: | Size: 78848 | Author: 蔡明宏 | Hits:

[Driver DevelopZwQuerySystemInformation

Description: ZwQuerySystemInformation如题,ZwQuerySystemInformation核心函数的应用示例,编写的一个任务管理器,该函数内部50个系统信息,壳根据自己的需要得到系统的核心信息,极具参考价值!-ZwQuerySystemInformation such as title, ZwQuerySystemInformation core function of the application of the sample, prepared by a task manager, the function of information within the system 50, the shell system in accordance with their core information needs to be, very useful!
Platform: | Size: 5120 | Author: yy | Hits:

[Driver Develophook-zwquerysysteminformation

Description: ring 0 hook zwquerysysteminformation 可以达到隐藏进程操作-ring 0 hook zwquerysysteminformation 可以达到隐藏进程操作
Platform: | Size: 342016 | Author: zhi | Hits:
« 12 »

CodeBus www.codebus.net