Location:
Search - hook ssdt
Search list
Description: 挂钩SSDT,通过驱动和hook函数进行进程控制。
Platform: |
Size: 36983 |
Author: yeqing |
Hits:
Description: 可用于恢复SSDT绝对的经典值得收藏
可以让卡巴失效。好哦好哦好好哦好
Platform: |
Size: 9716 |
Author: xch |
Hits:
Description: 监控注册表的软件,在驱动层hook ssdt表,拦截所有关于注册表的操作
Platform: |
Size: 218032 |
Author: wuming621@126.com |
Hits:
Description: 利用这个程序: 1.可以监视在你的电脑运行的程序, 把在你的电脑运行过的程序的时间和名字记录下来 2.可以阻止你规定的禁用程序的执行, 比如不让玩游戏。 3.这个程序需要加入注册表, 在系统启动时就运行, 达到监视的目的。注册表大概都不陌生,就是这里: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-use of this procedure : 1. You can monitor the computer running program, on your computer one of the procedures of the time and record the names of two. You can stop the implementation of the banned procedures, such as not playing games. 3. This procedure needs to join the registry, the system started running on to achieve the purpose of surveillance. The registry probably not unfamiliar, is here : HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Platform: |
Size: 436224 |
Author: 毕胜 |
Hits:
Description: 挂钩SSDT隐藏进程,本人做了详细的注释,对学习驱动的人有很大帮助-SSDT hidden processes linked to, I make detailed notes, learning-driven people are very helpful
Platform: |
Size: 36864 |
Author: long |
Hits:
Description: 用DDDK编写驱动,修改SSDT表HOOK NTDebugActiveProcess函数
钩子函数中可以判断PID号,决定是否放行,放行则在钩子函数中调用原来的NTDebugActiveProcess函数.否则直接返回False.HOOK成功后所有调用DebugActiveProcess的程序将会失效.当然可以按照你的需要HOOK更多的系统服务函数.同一服务函数的服务号在每个操作系统版本中是不同的.下面附件中编译完成的驱动请在WinXP SP2的环境下测试.否则可能会导致直接重启-Used to prepare DDDK drive, modify SSDT Table HOOK NTDebugActiveProcess function hook function can determine the PID number, decide whether to release, release in the hook function to call the original function NTDebugActiveProcess. False.HOOK Otherwise, after the success of a direct return all calls DebugActiveProcess procedures will be failure. You can, of course, in accordance with the needs of more system services HOOK function. the same service function of the service in each of the operating system versions are different. following the completion of the annex to compile drivers in WinXP SP2 test environment. or else may lead to the resumption of direct
Platform: |
Size: 3072 |
Author: 张京 |
Hits:
Description: 获取SSDT列表的程序源码,部分代码用DDK编译开发-SSDT procedure to obtain a list of source code, some code developed using DDK compiler
Platform: |
Size: 27648 |
Author: unifix |
Hits:
Description: 查看系统SSDT,系统中被HOOK的函数以红色显示,可以恢复之-View the system SSDT, the system was a function of HOOK in red, it can be restored
Platform: |
Size: 34816 |
Author: 周维祝 |
Hits:
Description: DELPHI恢复SSDT源码
有搞这方面的人可以学习一下-DELPHI source SSDT has engaged in the restoration of this area can learn about
Platform: |
Size: 439296 |
Author: lianx |
Hits:
Description:
Platform: |
Size: 20480 |
Author: 冈崎汐 |
Hits:
Description: 再谈内核及进程保护,利用hook掉系统ssdt保护进程的例子。-Return to the kernel and the process of protection, the use of SSDT hook off system to protect the process of example.
Platform: |
Size: 6144 |
Author: 好好的 |
Hits:
Description: 这是一个SSDT HOOK源代码,希望对大家有点作用-This is a SSDT HOOK source code, I hope we are a bit on the role of
Platform: |
Size: 1024 |
Author: agg |
Hits:
Description: SSDT 恢复代码 SSDT 恢复代码-SSDT code to restore to restore SSDT code
Platform: |
Size: 29696 |
Author: sadf |
Hits:
Description: 1.恢复shadow ssdt
2.恢复
NtReadVirtualMemory
NtWriteVirtualMemory
NtOpenProcess
NtOpenThread
KiAttachProce-1.恢复shadow ssdt
2.恢复
NtReadVirtualMemory
NtWriteVirtualMemory
NtOpenProcess
NtOpenThread
KiAttachProcess
Platform: |
Size: 300032 |
Author: 傅碧波 |
Hits:
Description: 能够找出给种类型的系统Hook,包括IAT表,SSDT表等相关的钩子-VICE is a tool to find hooks.
Features include:
1. Looks for people hooking IAT s.
2. Looks for people hooking functions in-line aka detouring.
3. Looks for hooks in the System Call Table. Thanks to Tan perhaps it will fix the table in the future.
4. Looks for detour hooks in the System Call Table functions themselves.
5. Looks for people hooking IRP_MJ table in drivers. This is configurable by driver.ini.
Platform: |
Size: 67584 |
Author: 袁晓辉 |
Hits:
Description: HOOK SSDT中SetInformation 函数的 驱动程序
配有mfc的用户模式界面
实现了Createfile readfile writefile
IOCTL 这几个分发函数
在IOCTL中实现了对SetInformation函数的HOOK-SSDT Hook Driver test
with mfc interface
Platform: |
Size: 11134976 |
Author: yangzhe |
Hits:
Description: SSDT检测与恢复
自带驱动
支持恢复全部SSDT HOOK-SSDT detection and recovery to restore native driver support all SSDT HOOK
Platform: |
Size: 3507200 |
Author: 李健毅 |
Hits:
Description: 很多人听说过HOOK 很多人也了解内核HOOK inline hook,sysenter hook,ssdt hook,我这次写的就是ssdt hook,修改系统服务函数的地址改成我的回调地址,当初写的时候 下载了十几个源码,都是蓝屏,这个是我调试出来的,XP系统没问题的-Many people have heard a lot of people understand the core HOOK HOOK inline hook, sysenter hook, ssdt hook, I write this is ssdt hook, modifying the system service function' s address into my callback address, when he started writing when downloading a dozen Several source, are blue, this is out of my debugging, XP system is not the problem
Platform: |
Size: 55296 |
Author: jkjk |
Hits:
Description: SSDT钩子恢复,可以检测SSDT函数是否被挂钩,并可以恢复-SSDT hook recovery, you can detect whether hook SSDT function, and can be restored
Platform: |
Size: 284672 |
Author: 薛晨曦 |
Hits:
Description: 一个寒江老师的课件,单独出来发的目的是,让初级入门的驱动程序员们,很快的了解驱动如何对SSDT挂钩以及Windows应用程序如何简单的调用驱动接口的流程。
代码非原创,但是是我看到的最简单和最清楚的流程之一,非常适合刚入门驱动员们的口味,需要的就赶快下载吧。(It`s hanjiang teacher courseware, the purpose is to separate out, let the driver programmer entry-level, quickly understand how to drive SSDT and Windows applications to hook a simple call driver interface process.
The code is not original, but it is one of the simplest and clearest processes I have ever seen. It's very suitable for the beginner's driver's taste. You need to download it as soon as possible.)
Platform: |
Size: 212992 |
Author: pigshuai
|
Hits: