Description: 虽然我不知道icesword是什么样列举服务的,但估计最终也是通过历遍SCM内部的ServiceRecordList来检测。
为什么呢?看下面。
用附件中的InjectDLL.exe把hideservice.dll注入到Services.exe进程后就会把Alerter服务隐藏掉。用icesword也检测不出Alerter服务了。
代码原理很简单,就是在Services.exe进程找到ServiceRecordList表,将需要隐藏的服务从链表上断开。
既然icesword也检测不出了,那就说明icesword最终也是通过历遍SCM内部的ServiceRecordList来检测-Although I do not know what kind icesword enumerated services, it is estimated that by the end times calendar SCM internal ServiceRecordList to detect. Why? See below. The annex InjectDLL.exe put hideservice.dll injected into Ser vices.exe process after Alerter service will be hidden swap. Detection also used icesword not Alerter service. Code principle is very simple. Services.exe is in the process of finding ServiceRecordList table Hide will need the services disconnected from the chain on. Since icesword also can not be detected. it shows icesword calendar through the end times within the SCM ServiceRecordL ist to detect Platform: |
Size: 19964 |
Author:79282853 |
Hits:
Description: 内核级别进程管理软件实现,包括指向思路和源码分析。该软件使用物理内存搜索当前活动进程的方式,可以有效地探测出各类隐藏进程-Kernel-level process management software, including point-source ideas and analysis. The software uses physical memory search process, current activities, it can be effectively detect various types of hidden process Platform: |
Size: 1567744 |
Author:欣烁 |
Hits:
Description: Although I do not know what kind icesword enumerated services, it is estimated that by the end times calendar SCM internal ServiceRecordList to detect. Why? See below. The annex InjectDLL.exe put hideservice.dll injected into Ser vices.exe process after Alerter service will be hidden swap. Detection also used icesword not Alerter service. Code principle is very simple. Services.exe is in the process of finding ServiceRecordList table Hide will need the services disconnected from the chain on. Since icesword also can not be detected. it shows icesword calendar through the end times within the SCM ServiceRecordL ist to detect Platform: |
Size: 2048 |
Author:fisher |
Hits:
Description: 用线程枚举系统中的进程,可以用于检测隐藏进程。-Enumeration using threads in the process of the system can be used to detect hidden processes. Platform: |
Size: 48128 |
Author:李扬 |
Hits:
Description: 映像劫持VS启动杀软,再谈内核及进程保护,在内核驱动中检测隐藏进程,直接调用NTFS文件驱动检测隐藏文件,植入执行文件穿越软件防火墙-VS start taking images of soft kill, talk about the kernel and process protection, to detect hidden drivers in the kernel process and directly call the NTFS file driver detects hidden files, executable files through the software firewall implantation Platform: |
Size: 362496 |
Author:李阳 |
Hits:
Description: 利用GDI句柄表里储存的进程ID来探测系统里是否有被Rootkit隐藏的进程。-Use the process ID stored in the GDI object table to detect whether the process is hidden by a rootkit. Platform: |
Size: 22528 |
Author:codeboy |
Hits:
Description: 驱动隐藏进程,可以让游戏检测不到哦~!大家赶快下载吧!(rive hidden process, you can let the game can not detect Oh ~! Download it quickly!) Platform: |
Size: 6144 |
Author:你猜113
|
Hits: