Location:
Search - hook ssdt
Search list
Description: 创建一个内核驱动,伪造一个ssdt表,使得ssdt钩子失效。-Create a kernel driver, forged a ssdt table, making failure ssdt hook.
Platform: |
Size: 72704 |
Author: john smith |
Hits:
Description: 向BIOS中植入模块,HOOK中断向量表,HOOK NTLDR加载过程以及HOOK内核函数,SSDT hook。-Add module into bios,HOOK IVT,HOOK NTLDR loder process and hook knrnel function,just as SSDT HOOK
Platform: |
Size: 10240 |
Author: 俊豪 |
Hits:
Description: Miss920程序行为监视器,运用SSDT HOOK技术,可以简单有效的监控程序行为,现在已经实现了进程监控,文件监控,注册表监控,并且可以有效快捷地进行二次开发。-Miss920 monitor program behavior, the use of SSDT HOOK technology, can be simple and effective monitoring of program behavior, the process has already been realized to monitor, document monitor, registry monitor, and can be carried out effectively and expeditiously to the second development.
Platform: |
Size: 365568 |
Author: 李俊 |
Hits:
Description: 在内核状态下拦截注册表操作,保护您的注册表不受病毒和木马修改。主要是通过ssdt hook实现,含有完整的代码,包括与应用层通信,和界面代码.-State in the core to intercept registry operation to protect you from viruses and Trojan registry modifications. Mainly through the realization of ssdt hook, contains a complete code, including application-layer communications, and interface code.
Platform: |
Size: 290816 |
Author: lier |
Hits:
Description: 取page段地址的代码 大概包括了ssdt, idt, msr钩子,3种notify,还有从文件读取偏移抗猥琐的代码. 支持这个编程板块-Get page segment address code probably includes ssdt, idt, msr hook, three kinds of notify, also read from the file offset anti-insignificant code. To support the programming plate
Platform: |
Size: 11264 |
Author: r00tsh3ll |
Hits:
Description: SSDT查看-Show SSDT ........................
Platform: |
Size: 31744 |
Author: cnlamb |
Hits:
Description: 方正畅听的3.0版可以通过Hook Bios信息破解,Xuanyue大侠发布了一个破解补丁,但是这个补丁在XP上会蓝屏,原因是SSDT Hook的时候没有关闭中断就直接修改系统SSDT表导致的。很多人反映了,大虾没有时间修正。于是小弟代劳一下。
没有源代码,IDA逆了下驱动,自己写一个,然后替换原来补丁的驱动资源。在此膜拜一下IDA F5的强大。原理很简单,就是Hook ZwMapViewOfSection函数,判断是读Bios信息的,就把伪造的方正Bios信息返回。-Founder Cheong listen through the 3.0 version of crack Hook Bios information, Xuanyue crack heroes released a patch, but the patch will be a blue screen in XP because the SSDT Hook interrupted when there is no closure on the table directly modify the system caused by SSDT. A reflection of many people, the amendment did not have time to shrimp. So do look younger. There is no source code, IDA reverse the next drive, to write a patch and then replace the original drive resources. Worship you in this powerful IDA F5. The principle is very simple, Hook ZwMapViewOfSection function is to determine Bios information is read, they forged return Founder Bios information.
Platform: |
Size: 83968 |
Author: 好好 |
Hits:
Description: 就是delphi还原SSDT,效果还不错-Delphi is to restore the SSDT, the results were good
Platform: |
Size: 3072 |
Author: 张张 |
Hits:
Description: SSDT HOOK Source code
Platform: |
Size: 46080 |
Author: richard12 |
Hits:
Description: 一个简单ARK源码。包括进线程操作,隐藏进程检测,SSDT,SHADOW SSDT hook查看-An anti-rookit tool
Platform: |
Size: 1452032 |
Author: 韩挚同 |
Hits:
Description: SSDT Hook Source with Visual Stuio 6.0 (C++)
Platform: |
Size: 102400 |
Author: achykim |
Hits:
Description: 这本书主要介绍了vc中基于ssdt hook 技术,可以很好的帮助你。-This book introduces the vc ssdt hook based technology that can very well help you.
Platform: |
Size: 655360 |
Author: 赵强 |
Hits:
Description: 驱动层搜索内连HOOK,查看SSDT中的内核函数的开头是否被内连HOOK-Search within driving layer with HOOK, see SSDT in the beginning of the kernel function is to be in with HOOK
Platform: |
Size: 345088 |
Author: 王海 |
Hits:
Description: Open Source SSDT Hook detection utility, it will scan the SSDT Entries in the kernel (ntoskrnl.exe) and find the functions that are hooked & not in the kernel base address range .
Platform: |
Size: 102400 |
Author: __Genius__ |
Hits:
Description: 利用HOOK SSDT表达到隐藏进程信息,内有驱动代码和加载代码-Use the expression to hide the process HOOK SSDT information, there are driver code and load code
Platform: |
Size: 39936 |
Author: 裴小伟 |
Hits:
Description: SSDT 恢复源码,如果你的SSDT表中的函数被hook,可用此代码恢复-SSDT restore source, if your SSDT table function is hook, this code can be used to restore
Platform: |
Size: 5120 |
Author: 杨靖 |
Hits:
Description: 一:SSDT表的hook检测和恢复
二:IDT表的hook检测和恢复
三:系统加载驱动模块的检测
四:进程的列举和进程所加载的dll检测
-1: SSDT table hook detection and recovery 2: IDT table hook detection and recovery 3: System load driver module test 4: the process list and the process of loading the dll test
Platform: |
Size: 2296832 |
Author: 虫子 |
Hits:
Description: 1、息钩子监视:列举系统上的消息钩子。
2、块加载监视:列举系统上加载的所有内核模块
3、SSDT监视:通过得到原始的SSDT地址来得到被恶意程序HOOK的API以及恢复SSDT
4、注册表保护:对一些重要的注册表项进行保护,防止恶意程序对其进行修改。
5、隐藏进程检测:检测出系统中隐藏的进程。
6、隐藏端口检测:检测出系统中隐藏的端口。
7、进程强杀:能够杀死系统中的对自身保护的恶意进程。-1, the interest rate hook monitoring: list of system messages on the hook. 2, block load monitoring: list of all the system loads the kernel modules 3, SSDT Monitor: SSDT get the original address to get the API HOOK malicious program and restore SSDT 4, registry protection: some important registry item for protection against malicious programs modify. 5, the hidden process detection: detection of hidden system process. 6, hidden port detection: the system detected the hidden port. 7, strong kill the process: the system can kill self-protection against malicious processes.
Platform: |
Size: 3553280 |
Author: 虫子 |
Hits:
Description: [Delphi] LoadDriver SSDT Hook.
Compile it with Meerkat 1.1
Use DbgView to catch informations.
Only for Windows XP.
Meerkat 1.1 link :
http://www.mediafire.com/?hbhjorv8797k2-[Delphi] LoadDriver SSDT Hook.
Compile it with Meerkat 1.1
Use DbgView to catch informations.
Only for Windows XP.
Meerkat 1.1 link :
http://www.mediafire.com/?hbhjorv8797k2ee
Platform: |
Size: 1024 |
Author: STRELiTZIA |
Hits:
Description: 内核开发,主要介绍如何通过SSDT表HOOK函数。-Kernel development, focuses on how the SSDT table HOOK function.
Platform: |
Size: 3072 |
Author: zzz |
Hits: