Location:
Search - bios rootkit
Search list
Description: BIOS Rootkit 及其检测技术的研究 重庆大学硕士学位论文-BIOS Rootkit detection technology and its research Chongqing University Master' s degree thesis
Platform: |
Size: 1771520 |
Author: 黄燚 |
Hits:
Description: BIOS Rootkit为了达到控制系统流程的目的,一般会采用Hook IVT,即Hook中断向量表的方式来实现。IVT Hook的实现和检测,涉及许多具体的问题。因此,我把IVT Hook分几部分来进行讨论。在本节和下面几节中,我们将讨论如何借助Bochs的帮助来查看原始IVT、分析IVT Hook情况以及在此基础上写一个简单的IVT检测程序。闲话少说,这就开始我们的旅程吧-BIOS Rootkit process control system in order to achieve the purpose, would generally be applied Hook IVT, ie interruption Hook way to achieve scale. IVT Hook realization and testing, involving a number of specific issues. Therefore, I have several parts IVT Hook for discussion. In this section and the following sections, we will discuss how to help with Bochs to see the original IVT, analysis of IVT Hook, as well as written on the basis of a simple testing procedure IVT. Bet, which it began our journey
Platform: |
Size: 359424 |
Author: 王小明 |
Hits:
Description:
Platform: |
Size: 589824 |
Author: 莫名 |
Hits:
Description: Bios Rootkit Bios Rootkit-Bios Rootkit
Platform: |
Size: 544768 |
Author: lkf |
Hits:
Description: Intel从386开始,在调试方面引入了调试寄存器和硬件断点的概念。
IA-32处理器定义了8个调试寄存器,分别为DR0~DR7。在32位模式下,它们都是32位的;在64位模式下,都是64位。
DR4和DR5是保留的。其他6个寄存器为:4个32位的调试地址寄存器(DR0~DR3);1个32位的调试控制寄存器(DR7)和1个32位的调试状态寄存器(DR6)。通过以上寄存器可以最多设置4个断点,DR0~DR3用来指定断点的内存(线性地址)或I/O地址。DR7用来进一步定义断点的中断条件。DR6的作用是当调试事件发生时,向调试器(debugger)报告事件的详细信息,以供调试器判断发生的是何种事件。-Intel started from 386, introduced in debugging hardware debug breakpoint registers and the concept.
IA-32 processor defines eight debug registers, respectively, DR0 ~ DR7. In 32-bit mode, they are 32 in 64-bit mode, all 64-bit.
DR4 and DR5 are reserved. The other six registers are: four 32-bit debug address register (DR0 ~ DR3) 1 32-bit debug control register (DR7) and a 32-bit debug status register (DR6). Through the above register can set up to four breakpoints, DR0 ~ DR3 is used to specify the memory breakpoint (linear address) or I/O address. DR7 is used to further define the breakpoint interrupt condition. The role of DR6 when debugging event occurs, the debugger (debugger) reported details of the event for the debugger to determine what kind of events took place.
Platform: |
Size: 1771520 |
Author: 田浩 |
Hits:
Description: BIOS Rootkit 及其检测技术的研究-BIOS RootkitBIOS RootkitBIOS RootkitBIOS Rootkit
Platform: |
Size: 1771520 |
Author: wandev |
Hits:
Description: BIOS ROOTKIT 学习资料及源码-The BIOS ROOTKIT learning information and source
Platform: |
Size: 2650112 |
Author: PP |
Hits:
Description: bios rootkit文档资料 实现代码例子 ntldr分析-Remote control all works in VC6 and VC2005 were compiled by
Platform: |
Size: 274432 |
Author: 张三 |
Hits:
Description: 本文介绍一个简单BIOS rootkit的简单设计过程-This article describes a simple BIOS rootkit simple design process
Platform: |
Size: 10240 |
Author: red |
Hits:
Description: 自己学习BIOS-ROOTKIT时整理的有关BIOS的资料,包含windows开机启动过程,PE文件结构,输入输出表等,希望有用-when i learned ROOTKIT ,i organized this learning BIOS document,it contains the WINDOWS start-up process, PE file structure, input-output tables and other content.
Platform: |
Size: 329728 |
Author: yinqian |
Hits: