Location:
Search - hook ssdt
Search list
Description: SSDT hook example (hiding processes) correction
-SSDT hook example (hiding processes) Corr ection
Platform: |
Size: 1565 |
Author: wewwq |
Hits:
Description: 用DDDK编写驱动,修改SSDT表HOOK NTDebugActiveProcess函数
钩子函数中可以判断PID号,决定是否放行,放行则在钩子函数中调用原来的NTDebugActiveProcess函数.否则直接返回False.HOOK成功后所有调用DebugActiveProcess的程序将会失效.当然可以按照你的需要HOOK更多的系统服务函数.同一服务函数的服务号在每个操作系统版本中是不同的.下面附件中编译完成的驱动请在WinXP SP2的环境下测试.否则可能会导致直接重启
Platform: |
Size: 3704 |
Author: 张京 |
Hits:
Description: 查看系统SSDT,系统中被HOOK的函数以红色显示,可以恢复之
Platform: |
Size: 20501 |
Author: 周维祝 |
Hits:
Description: 机器狗新变种使用了一些流行的技术,包含了修复SSDT Hook、修复FSD Hook、并对一些系统还原软件进行有针对的Hook,使能达到突破还原软件保护的目的。做了那么多,最终目的还是下载大量的木马到用户的系统上。
Platform: |
Size: 1190435 |
Author: sdlylz |
Hits:
Description: 对付ring0 inline hook的基本思路是这样的,自己写一个替换的内核函数,以NtOpenProcess为例,就是 MyNtOpenProcess。然后修改SSDT表,让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是,实现NtOpenProcess前10字节指令,然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了,在ring3直接调用OpenProcess再也毫无影响。
Platform: |
Size: 3631 |
Author: sdlylz |
Hits:
Description: 一个演示如何hook shadow ssdt表的例子。
Platform: |
Size: 477658 |
Author: macro |
Hits:
Description: 进程隐藏与进程保护(SSDT Hook 实现)(一)分许如果过驱动HOOK-Hidden process and process protection (SSDT Hook realization) (a) Xu if overdriven HOOK
Platform: |
Size: 1939456 |
Author: 蔡生 |
Hits:
Description: 遍历shadow ssdt 的代码 会win窗体HOOK 很有帮助-Traverse shadow ssdt code will win form HOOK helpful
Platform: |
Size: 8547328 |
Author: 4444 |
Hits:
Description: Hook SSDT NtOpenProcess,驱动实现Hook内核函数。-
Hook SSDT NtOpenProcess, drive to achieve Hook kernel function.
Platform: |
Size: 4096 |
Author: wpggles |
Hits:
Description: HOOK SSDT进程保护用户层的无法关闭
-HOOK SSDT process layer to protect the user can not close
Platform: |
Size: 25600 |
Author: gong |
Hits:
Description: windows xp ssdt hook学习源码。是一个很不错的简单小程序,有利于理解ssdt hook木马原理。-Windows XP SSDT hook source code to learn. Is a good simple small program, it is helpful to understand the SSDT hook Trojan horse principle.
Platform: |
Size: 5120 |
Author: 陈栋 |
Hits:
Description: 采用inline hook高级方式hook所有函数,易语言开发驱动源代码-Advanced mode uses inline hook hook all functions, easy language development driver source code
Platform: |
Size: 16384 |
Author: |
Hits:
Description: delphi hook, ssdt hook
Platform: |
Size: 628736 |
Author: snowpando |
Hits:
Description: 在易语言环境下搭建的过DNF游戏SSDT HOOK框架,包含驱动和主程序模板,供大家学习参考。-Too DNF game SSDT HOOK framework in easy language environment to build, including the drive and the main template for them to learn reference.
Platform: |
Size: 13312 |
Author: 范云 |
Hits:
Description: 比较流行的 hook ssdt技术 系统内核钩子-Hook ssdt more popular hook-core technology systems
Platform: |
Size: 5120 |
Author: kku7u766yons |
Hits:
Description: 比较流行的 hook ssdt技术 系统内核钩子-Hook ssdt more popular hook-core technology systems
Platform: |
Size: 5120 |
Author: yh267chuia |
Hits:
Description: 64 位系统 hook ssdt 源码,测试hook的是ntreadvirtualmemory,喜欢就下载吧-64 system SSDT hook source code, test ntreadvirtualmemory is hook, like to download it
Platform: |
Size: 82944 |
Author: hansara |
Hits:
Description: C++下64位系统的HOOK SSDT内核源码 VS2013 wdk8.1编辑-C++ 64-bit system HOOK SSDT kernel source VS2013 wdk8.1 editor
Platform: |
Size: 346112 |
Author: 小俊 |
Hits:
Description: Hook SSDT 学习资料 demo实例 Hook SSDT 学习资料 demo实例-Hook SSDT Hook SSDT learning materials demo instance of learning materials demo examples
Platform: |
Size: 102400 |
Author: 王斌 |
Hits:
Description: SSDT HOOK chain说明,学习WINDOWS HOOK的好好学习(SSDT HOOK chain explains that learning WINDOWS HOOK is a good study)
Platform: |
Size: 121856 |
Author: okeyes
|
Hits: