Description: Windows XP是通过sysenter调用KiFastCallEntry将ntdll.dll的调用切换到内核的。KiFastCallEntry的原理是通过在SSDT中查找函数地址跳转。所以只要伪造一张原始SSDT,就可以使得SSDT-HOOK无效了。-Windows XP by calling KiFastCallEntry sysenter ntdll.dll call will switch to the kernel. KiFastCallEntry SSDT principle is to find the function by address jump. So long as the original forged an SSDT, you can make SSDT-HOOK invalid. Platform: |
Size: 5120 |
Author:何耀彬 |
Hits:
Description: 基本的驱动编程和客户端,客户端分析PE文件,重定位后,传给驱动,恢复被360 Hook的KifastCallEntry函数,同时,该源码还能实现对大多数安全软件进行强杀,如卡巴,360,瑞星,等等。仅限XP系统。-Basic programming and client-driven, client-side analysis PE file, re-positioning, passing drivers, restore 360 Hook' s KifastCallEntry function at the same time, the source also enables the strong to kill the majority of security software, such as carbachol, 360, Rising, and so on. Only XP. Platform: |
Size: 2528256 |
Author:zzz |
Hits:
Description: 挂钩KiFastCallEntry保护进程的代码,做了自旋锁,保证了多核环境安全-Linked KiFastCallEntry protection process code, so the spin lock to ensure safety of multi-core environment Platform: |
Size: 358400 |
Author:hyutu |
Hits:
Description: Hook KiFastCallEntry监控系统调用
这是一个监控特定进程系统调用的小程序,整理硬盘时找到的,发出来跟大家分享。原理很简单,通过hook KiFastCallEntry实现,很老的技术了。-The monitoring system Hook KiFastCallEntry call this is a small program to monitor specific process system calls, finishing hard disk when you find the issue to share with you. The principle is very simple, by hook KiFastCallEntry achieve very old technology. Platform: |
Size: 176128 |
Author:ljh |
Hits: