Location:
Search - hook ssdt
Search list
Description: HOOK SSDT的代码,SSDT不用我说了吧,懂驱动的都明白。-HOOK SSDT code, SSDT I do not say it, understand the drivers can understand.
Platform: |
Size: 33792 |
Author: 东方容克 |
Hits:
Description: 关于恢复hook ssdt的源码,可以过一般的游戏保护-Recovery hook ssdt on the source, can be protected over most games
Platform: |
Size: 4096 |
Author: 陈凡 |
Hits:
Description: SSDT的全稱是System Services Descriptor Table,系統服務描述符表。這個表就是一個把ring3的Win32 API和ring0的內核API聯繫起來。SSDT並不僅僅只包含一個龐大的位址索引表,它還包含著一些其他有用的資訊,諸如位址索引的基底位址、服務函數個數等。
通過修改此表的函數位址可以對常用windows函數及API進行hook,從而實現對一些關心的系統動作進行過濾、監控的目的。一些HIPS、防毒軟體、系統監控、註冊表監控軟體往往會採用此介面來實現自己的監控模組,
目前極個別病毒確實會採用這種方法來保護自己或者破壞防毒軟體,但在這種病毒進入系統前如果防毒軟體能夠識別並清除它將沒有機會發作.
-SSDT s full name is System Services Descriptor Table, the system service descriptor table. This is a table of the Win32 API and ring0 ring3 kernel API link. SSDT is not only a huge address contains only the index table, it also contains some other useful information, such as the address of the index base address, the number of functions and other services.
Function by modifying the address of this table can be used for windows functions and API hook, in order to achieve the action of some concern to filter systems, surveillance purpose. Some HIPS, antivirus software, system monitoring, registry monitoring software often uses this interface to implement its own monitoring module,
At present very few virus does use this method to protect themselves or to destroy anti-virus software, but if the virus before the antivirus software into the system and clear it will not be able to identify opportunities to attack.
Platform: |
Size: 335872 |
Author: 小明 |
Hits:
Description: 该驱动通过hook ssdt ZwOpenProcess,来保护保护suserice.exe。
只是练练手,含金量不高。
锐捷客户端Su1xDriver.sys逆向,附源码-The drive through the hook ssdt ZwOpenProcess, to protect the protection suserice.exe. Just practice your hand, gold is not high. Ruijie client Su1xDriver.sys reverse, with source
Platform: |
Size: 27648 |
Author: ljh |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,热键信息查看,杀进程、杀线程、卸载模块等功能 2.内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、IDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除 5.端口信息查看,目前不支持2000系统 6.查看消息钩子 7.内核模块的iat、eat、inline hook、patches检测和恢复 8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除 9.注册表编辑 -1 process, thread, process modules, process window, process memory information viewing, hot information to view, kill the process, kill thread, unload the module and other functions 2 kernel driver module view, to support the kernel driver module memory copy 3.SSDT, Shadow SSDT, FSD, KBD, TCPIP, IDT information view, and can detect and recover ssdt hook and inline hook 4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego, etc. Notify Routine Information check, and to support their Notify Routine Delete 5 port information view, the current system does not support 2000 6 view news hook 7 kernel module iat, eat, inline hook, patches detection and recovery 8 disk, volume, keyboard, network layer filter driver detect, and support for the deletion 9. Registry Editor
Platform: |
Size: 3696640 |
Author: 接收 |
Hits:
Description: hook ssdt的驱动的实现,隐藏进程。-hook driver
Platform: |
Size: 701440 |
Author: 张继辉 |
Hits:
Description: SSDT HOOK之MmMapIoSpace方法-SSDT HOOK method of MmMapIoSpace
Platform: |
Size: 878592 |
Author: 侃侃 |
Hits:
Description: NtOpenProcess[SSDT Hook].rar-
Platform: |
Size: 25600 |
Author: |
Hits:
Description: 相比WIN32,WIN64的SSDT发生了较大的变化,在WIN32下挂钩SSDT的代码已经不能在WIN64下使用了。该代码实现win64下挂钩 ssdt-Compared to the WIN32, WIN64 the SSDT occur larger hook SSDT under WIN32 code has been used in WIN64. The code to achieve win64 hook ssdt
Platform: |
Size: 259072 |
Author: dell2500 |
Hits:
Description: 修改ssdt表,隐藏进程(使木马难以被操作系统发现)-The modify ssdt table hidden process (so that the Trojan can hardly be the operating system)
Platform: |
Size: 131072 |
Author: 宿凯翔 |
Hits:
Description: 进程隐藏与检测,在驱动中通过hook ssdt表来实现进程隐藏的目的!-Hidden process detection process hidden in the drive through the hook ssdt table!
Platform: |
Size: 1517568 |
Author: 杜旭东 |
Hits:
Description: Hook KiFastCallEntry
Platform: |
Size: 212992 |
Author: Blue |
Hits:
Description: windows平台下ssdt hook的示例代码 -ssdt hook for windows
Platform: |
Size: 1013760 |
Author: 杨杨 |
Hits:
Description: 看雪学院Rootkit学习,1.内核Hook:对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-See snow Institute Rootkit learning, kernel Hook: hook from ring3 many, ring3 to ring0 also the api call progressive order, every link has the opportunity to hook int 2e or sysenter. hook, ssdt hook, inline hook, irp hook, object hook, idt hook, etc.
Platform: |
Size: 1652736 |
Author: stars |
Hits:
Description: 主要通过hook ssdt api 进行驱动保护 -Mainly driven by hook ssdt api protection
Platform: |
Size: 17112064 |
Author: song |
Hits:
Description: 易语言 ssdt shadow hook 保护窗口,挂钩多个函数,兼容X86 XP~2008所有32位操作系统。包含调用和驱动源代码,使用sys边源包可编译-The easy language ssdt shadow hook Protection window, linked to more than one function, compatible with X86 XP ~ 2008 all 32-bit operating system. Contains call and driver source code can be compiled to use sys side source package
Platform: |
Size: 384000 |
Author: 学俊 |
Hits:
Description: 易语言SSDT HOOK编程框架,在此基础上,可以快速实现SSDT HOOK 驱动开发-The easy language SSDT HOOK programming framework, on this basis, you can quickly achieve SSDT HOOK-driven development
Platform: |
Size: 12288 |
Author: 学俊 |
Hits:
Description: 里面有
SSDTHOOK
Shadow SSDT HOOK
内存读写
等等自己看去
-SSDTHOOK
Shadow SSDT HOOK
Platform: |
Size: 19456 |
Author: 四大皆 |
Hits:
Description: windows注册表监控源码。Ring0级中HOOKSSDT实现。-Windows registry monitoring source. The level Ring0 hook SSDT achieve.
Platform: |
Size: 4096 |
Author: CheungJiao |
Hits:
Description: 进程隐藏与进程保护(SSDT Hook 实现)(二)分许如果过驱动HOOK-Hidden process and process protection (SSDT Hook realization) (two) Xu if overdriven HOOK
Platform: |
Size: 3573760 |
Author: 蔡生 |
Hits: