Description: 用DDDK编写驱动,修改SSDT表HOOK NTDebugActiveProcess函数
钩子函数中可以判断PID号,决定是否放行,放行则在钩子函数中调用原来的NTDebugActiveProcess函数.否则直接返回False.HOOK成功后所有调用DebugActiveProcess的程序将会失效.当然可以按照你的需要HOOK更多的系统服务函数.同一服务函数的服务号在每个操作系统版本中是不同的.下面附件中编译完成的驱动请在WinXP SP2的环境下测试.否则可能会导致直接重启-Used to prepare DDDK drive, modify SSDT Table HOOK NTDebugActiveProcess function hook function can determine the PID number, decide whether to release, release in the hook function to call the original function NTDebugActiveProcess. False.HOOK Otherwise, after the success of a direct return all calls DebugActiveProcess procedures will be failure. You can, of course, in accordance with the needs of more system services HOOK function. the same service function of the service in each of the operating system versions are different. following the completion of the annex to compile drivers in WinXP SP2 test environment. or else may lead to the resumption of direct Platform: |
Size: 3072 |
Author:张京 |
Hits:
Description: DELPHI恢复SSDT源码
有搞这方面的人可以学习一下-DELPHI source SSDT has engaged in the restoration of this area can learn about Platform: |
Size: 439296 |
Author:lianx |
Hits:
Description: [Delphi] LoadDriver SSDT Hook.
Compile it with Meerkat 1.1
Use DbgView to catch informations.
Only for Windows XP.
Meerkat 1.1 link :
http://www.mediafire.com/?hbhjorv8797k2-[Delphi] LoadDriver SSDT Hook.
Compile it with Meerkat 1.1
Use DbgView to catch informations.
Only for Windows XP.
Meerkat 1.1 link :
http://www.mediafire.com/?hbhjorv8797k2ee Platform: |
Size: 1024 |
Author:STRELiTZIA |
Hits:
Description: ZwOpenProcess SSDT Hook test to catch open process information.
Compile it with Meerkat Advanced kernel mode driver GUI for KmdKit4D.
Link: http://www.mediafire.com/?hbhjorv8797k2-ZwOpenProcess SSDT Hook test to catch open process information.
Compile it with Meerkat Advanced kernel mode driver GUI for KmdKit4D.
Link: http://www.mediafire.com/?hbhjorv8797k2ee Platform: |
Size: 2048 |
Author:STRELiTZIA |
Hits:
Search - hook ssdt delphi