Location:
Search - idt hook
Search list
Description: 该代码为我学习winnt内核时所写,主要功能是在ring3下通过DeviceIoControl与驱动进行通信,获取内核的数据以及sdt,idt信息等。并实现了hook NtQuerySystemInformation函数来实现进程隐藏的功能-The code for the kernel, I am learning winnt wrote, Its main function is in ring3 through DeviceIoControl communication with the driver. access to the kernel and sdt data, the information loop. And the achievement of the hook function to achieve NtQuerySystemInformation implicit process possession of the function
Platform: |
Size: 55181 |
Author: 左手 |
Hits:
Description: 利用hook idt技术,截取键盘记录,并提供读取记录接口
Platform: |
Size: 13161 |
Author: zh |
Hits:
Description:
Platform: |
Size: 899072 |
Author: onlyu |
Hits:
Description: 通过改IDT表入口,hook指定程序的系统API,可扩充功能,阅读性好。-IDT, through to the entrance table, hook procedure specified system API, scalable functionality, a good read.
Platform: |
Size: 48128 |
Author: kum |
Hits:
Description: Shadow Walker is not a weaponized attack tool. Its functionality is
limited and it makes no effort to hide it s hook on the IDT or its page
fault handler code. It provides only a practical proof of concept
implementation of virtual memory subversion. By inverting the defensive
software implementation of non executalbe memory, we show that it is
possible to subvert the view of virtual memory relied upon by the
operating system and almost all security scanner applications. Due to its
exploitation of the TLB architecture, Shadow Walker is transparent and
exhibits an extremely light weight performance hit. Such characteristics
will no doubt make it an attractive solution for viruses, worms, and
spyware applications in addition to rootkits.
-Shadow Walker is not a weaponized attack tool. Its functionality is
limited and it makes no effort to hide it s hook on the IDT or its page
fault handler code. It provides only a practical proof of concept
implementation of virtual memory subversion. By inverting the defensive
software implementation of non executalbe memory, we show that it is
possible to subvert the view of virtual memory relied upon by the
operating system and almost all security scanner applications. Due to its
exploitation of the TLB architecture, Shadow Walker is transparent and
exhibits an extremely light weight performance hit. Such characteristics
will no doubt make it an attractive solution for viruses, worms, and
spyware applications in addition to rootkits.
Platform: |
Size: 24576 |
Author: kkakekikoku |
Hits:
Description: HOOK IDT 工程 负责修改window7多核系统的IDT表,组要是学习实验之用
Platform: |
Size: 4096 |
Author: li |
Hits:
Description: 看雪学院Rootkit学习,1.内核Hook:对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-See snow Institute Rootkit learning, kernel Hook: hook from ring3 many, ring3 to ring0 also the api call progressive order, every link has the opportunity to hook int 2e or sysenter. hook, ssdt hook, inline hook, irp hook, object hook, idt hook, etc.
Platform: |
Size: 1652736 |
Author: stars |
Hits:
Description: 驱动IDT的HOOK,适合各类驱动初学者学习,代码简单实用-Drive the IDT hook, suitable for all types of drive for beginners to learn, simple and practical code
Platform: |
Size: 45056 |
Author: t3679 |
Hits:
Description: 通过Pach Gdt达到Hook IDT的目的-To Hook IDT through Pach Gdt to
Platform: |
Size: 897024 |
Author: 王绍朋 |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,杀进程、杀线程、卸载模块等功能
2.内核驱动模块查看,支持内核驱动模块的内存拷贝
3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、Classpnp、Atapi、Acpi、SCSI、IDT、GDT信息查看,并能检测和恢复ssdt hook和inline hook
4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除
5.端口信息查看,目前不支持2000系统
6.查看消息钩子
7.内核模块的iat、eat、inline hook、patches检测和恢复
8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除(1. process, thread, process module, process window, process memory information view, kill process, kill thread, unload module and so on
2. kernel driver module view, support the memory module of the kernel driver module
3.SSDT, Shadow, SSDT, FSD, KBD, TCPIP, Classpnp, Atapi, Acpi, SCSI, IDT, GDT, information view, and can detect and restore SSDT, hook and inline hook
4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego and other Notify Routine information view, and support for the deletion of these Notify Routine
5. port information, currently 2000 systems are not supported
6. view message hook
7. kernel module of IAT, eat, inline, hook, patches detection and recovery
8. disk, volume, keyboard, network layer filter driver detection, and support deletion)
Platform: |
Size: 6559744 |
Author: aa77ss55dd
|
Hits: