Location:
Search - ccrootkit
Search list
Description: 一个演示如何hook shadow ssdt表的例子。
Platform: |
Size: 477184 |
Author: macro |
Hits:
Description: 一般网上找到的都是需要Ring3传输需要补丁的地址过去...
002就是直接用最标准的方法进行SSDT定位以及修复的
支持多核系统,当然还有003(加入shadow ssdt hook),004(加入inline hook)
基本上是现在最稳定的恢复方式了,大家可以用KMDLoader测试.加载就脱钩.不需要通讯
-Generally find on the Internet are required Ring3 address transmission needs a patch in the past ... 002 is the direct use of most standard approach to SSDT locate and repair support for multi-core systems, of course, 003 (add shadow ssdt hook), 004 (adding inline hook) is basically the recovery is now the most stable way, and we can use KMDLoader test. loaded on decoupling. does not require communication
Platform: |
Size: 515072 |
Author: 按时飞 |
Hits:
Description: rootkit Demo,可以很好地研究rootkit,是一份比较好的源码-to learn rootkit,it can help you study it more easylier.
Platform: |
Size: 3846144 |
Author: 陈少墨 |
Hits: