Location:
Search - hook native
Search list
Description: IATroot为一款以Hook IAT表中的输入函数为基础的一款RootKit,功能比较完整,其中自带一个Native API的开发库及源代码。-IATroot Hook to one to table the IAT input function-based one RootK it, more functional integrity, which own a Native API development libraries and source code.
Platform: |
Size: 867926 |
Author: onlyu |
Hits:
Description: Win32 Kernel Rootkits modify the behaviour of the system by Kernel Native API hooking. This technique is typically implemented by modifying the ServiceTable entries in the Service Descriptor Table (SDT). 有关钩子-Win32 Kernel Rootkits modify the behaviou r of the system by Native Kernel API hooking. Thi 's technique is typically implemented by modify ing the ServiceTable entries in the Service Des criptor Table (SDT). on the hook
Platform: |
Size: 9167 |
Author: wind |
Hits:
Description:
Platform: |
Size: 899072 |
Author: onlyu |
Hits:
Description: Win32 Kernel Rootkits modify the behaviour of the system by Kernel Native API hooking. This technique is typically implemented by modifying the ServiceTable entries in the Service Descriptor Table (SDT). 有关钩子-Win32 Kernel Rootkits modify the behaviou r of the system by Native Kernel API hooking. Thi 's technique is typically implemented by modify ing the ServiceTable entries in the Service Des criptor Table (SDT). on the hook
Platform: |
Size: 9216 |
Author: wind |
Hits:
Description: Defeating Kernel Native API Hookers内核层的强力书籍。大家可以学习学习。pure english的哦-Defeating Kernel Native API Hookers books strong inner nuclear layer. Everyone can learn. Oh the pure english
Platform: |
Size: 280576 |
Author: jason |
Hits:
Description: Hook Native API Method
Platform: |
Size: 24576 |
Author: michael |
Hits:
Description: Win32 Kernel Rootkits modify the behaviour of the system by Kernel Native API hooking. This technique is typically implemented by modifying the ServiceTable entries in the Service Descriptor Table (SDT). Such modification ensures that a replacement (hook) function installed by a rootkit is called prior to the original native API. The replacement function usually calls the original native API and modifies the output before returning the results to the user-space program. This technique allows kernel rootkits to hide files, processes, and to prevent process termination.
This proof-of-concept tool demonstrates the possibility of defeating such rootkits by removing Kernel Native APIs hooks and restoring the ServiceTable entries back to their original state.
Platform: |
Size: 8192 |
Author: Mimi |
Hits:
Description: 1. Hook之前的准备工作之一。
在这个软件中,总共hook了15个native api 函数。他们分别是:
ZwOpenKey , ZwClose, ZwQueryValueKey, ZwDeleteKey, ZwSetValueKey, ZwCreateKey,
ZwDeleteValueKey. ZwEnumerateValueKey,ZwRestoreKey, ZwReplaceKey, ZwTerminateProcess, ZwSetSecurityObject, ZwCreateThread, ZwTerminateThread, ZwQuerySystemInformation-1. Hook one of the preparatory work before. In this software, a total of 15 native api hook function. They are: ZwOpenKey, ZwClose, ZwQueryValueKey, ZwDeleteKey, ZwSetValueKey, ZwCreateKey, ZwDeleteValueKey. ZwEnumerateValueKey, ZwRestoreKey, ZwReplaceKey, ZwTerminateProcess, ZwSetSecurityObject, ZwCreateThread, ZwTerminateThread, ZwQuerySystemInformation
Platform: |
Size: 7168 |
Author: wu |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,热键信息查看,杀进程、杀线程、卸载模块等功能 2.内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、IDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除 5.端口信息查看,目前不支持2000系统 6.查看消息钩子 7.内核模块的iat、eat、inline hook、patches检测和恢复 8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除 9.注册表编辑 -1 process, thread, process modules, process window, process memory information viewing, hot information to view, kill the process, kill thread, unload the module and other functions 2 kernel driver module view, to support the kernel driver module memory copy 3.SSDT, Shadow SSDT, FSD, KBD, TCPIP, IDT information view, and can detect and recover ssdt hook and inline hook 4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego, etc. Notify Routine Information check, and to support their Notify Routine Delete 5 port information view, the current system does not support 2000 6 view news hook 7 kernel module iat, eat, inline hook, patches detection and recovery 8 disk, volume, keyboard, network layer filter driver detect, and support for the deletion 9. Registry Editor
Platform: |
Size: 3696640 |
Author: 接收 |
Hits:
Description: SSDT Hook 简单示例 Hook Native Api ZwQuerySystemInformation 达到隐藏cmd.exe进程的效果,进程名没有大小写限制。(学习agony RootKit的成果)-The SSDT Hook, Native Api the ZwQuerySystemInformation native API to hide the effects of the cmd.exe process, process name is not a case limit.
Platform: |
Size: 2169856 |
Author: bug |
Hits:
Description: SSDT检测与恢复
自带驱动
支持恢复全部SSDT HOOK-SSDT detection and recovery to restore native driver support all SSDT HOOK
Platform: |
Size: 3507200 |
Author: 李健毅 |
Hits:
Description: IATroot为一款以Hook IAT表中的输入函数为基础的一款RootKit,功能比较完整,其中自带一个Native API的开发库及源代码。-IATroot Hook to one to table the IAT input function-based one RootK it, more functional integrity, which own a Native API development libraries and source code.
Platform: |
Size: 1024 |
Author: orce |
Hits: