Location:
Search - ring0
Search list
Description: 这是一个汇编与VC结合的程序,在Ring3级获取Ring0级的操作-This is a compilation and VC combination of procedures, the Ring3 level access Ring0 class operation
Platform: |
Size: 3072 |
Author: 站长 |
Hits:
Description: 在win98下进入ring0的方法列举 转载-In win98 way into the list reproduced ring0
Platform: |
Size: 5120 |
Author: 军军 |
Hits:
Description: 无驱动执行 Ring0 代码的源程序-No drive the implementation of the source code Ring0
Platform: |
Size: 74752 |
Author: waterwhu |
Hits:
Description: 1. Create the Virus Program. * * 2. The Virus Modifies IDT to Get Ring0 Privilege.-1. Create the Virus Program.** 2. The Virus Modifies IDT to Get Ring0 Privilege.
Platform: |
Size: 28672 |
Author: 王鹏 |
Hits:
Description: -有 没 有 简 单 一 些 的 办 法 呢 ? 我 们 可 以 令 一 个 普 通Win32 应 用 程 序 运 行 在Ring0 下, 从 而 获 得VxD 的 能 力 吗 ? 答 案 是 肯 定 的,请看本文-- Is there any simpler solutions? We can make an ordinary Win32 applications running on Ring0 under VxD s ability to obtain it? The answer is yes, please see this article
Platform: |
Size: 7168 |
Author: 刘 |
Hits:
Description: 在RING0中使用RING3函数MessageBox.-in RING0 use RING3 MessageBox function.
Platform: |
Size: 217088 |
Author: exc |
Hits:
Description: 在Ring0层中调用Ring3层的功能 需要安装DDK-in Rign0 layer called Ring3 layer functions need to install DDK
Platform: |
Size: 932864 |
Author: 大家庭 |
Hits:
Description: Windows2000 XP 从Ring3层进入Ring0层的一种方法-Windows XP Ring3 layer from the layer into Rign0 a way
Platform: |
Size: 20480 |
Author: 大家庭 |
Hits:
Description: 通过汇编获得Ring0级权限,可用在驱动开发上-through the compilation Rign0 level competence available on the Driver Development
Platform: |
Size: 26624 |
Author: guyu |
Hits:
Description: 从RING0级下启动RING3级的应用程序源代码-from RING0 activated RING3-level application program source code
Platform: |
Size: 70656 |
Author: fengdian |
Hits:
Description: 一段进入ring0的代码。-section of the code into ring0.
Platform: |
Size: 1024 |
Author: maki |
Hits:
Description: 一个最新最完整的ntifs.h导入库程序,用于开发无驱动的RING0程序。
-An up-to-date the most complete library ntifs.h import procedures for the development of non-driven RING0 procedures.
Platform: |
Size: 48128 |
Author: wqwqwq |
Hits:
Description: ring0--hook NtContinue+source_code
ring0下面hookNtContinue 使用drx7寄存器实现的hook
this code hooks ntoskrnl!NtContinue to set dr7 to 0 (no updating of dr7)
so NtContinue called from ring3 cannot alter drX registers...
This hook will only PREVENT drX clearing from SEH (kiuser->ntcontinue)
and will not alter debugging using ring3 debuggers (olly->SetThreadContext)
mainly developed for personal reasearch and as anti-bpm...
Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll.dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =)
Its use for some targets such as armadillo... but never posted code...
by deroko-ring0- hook NtContinue+ source_codering0 use the following hookNtContinue register drx7 realize the hook this code hooks ntoskrnl! NtContinue to set dr7 to 0 (no updating of dr7) so NtContinue called from ring3 cannot alter drX registers ... This hook will only PREVENT drX clearing from SEH (kiuser-> ntcontinue) and will not alter debugging using ring3 debuggers (olly-> SetThreadContext) mainly developed for personal reasearch and as anti-bpm ... Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll. dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =) Its use for some targets such as armadillo ... but never posted code ... by deroko
Platform: |
Size: 6144 |
Author: 张京 |
Hits:
Description: 从RING3进入RING0的方法,不需要驱动-RING0 from entering RING3 method does not require drivers
Platform: |
Size: 4096 |
Author: |
Hits:
Description: cpu精确记时程序,可精确到ms级别,本来准备写成加速工具的,由于ring0中断门问题耽误了-cpu precision in mind when procedures can be accurate to ms level, originally written to accelerate the tools, due to interruption of the door problem ring0 delayed
Platform: |
Size: 21504 |
Author: 董林 |
Hits:
Description: ExcpHook is an open source (see license.txt) Exception Monitor for Windows made by Gynvael Coldwind (of Team Vexillium). t uses a ring0 driver to hook KiExceptionDispatch procedure to detect the exceptions, and then shows information about the exception on stdout (using the ring3 part of the program ofc).
The difference between this method, and the standard debug API method it that this method monitores all of XP processes, and the program does not have to attach to any other process to monitor it, hence it s harder to detect.
The code currently is considered as ALPHA, and it has been reported to BSoD sometimes (on multi core/cpu machines). Take Care!
Platform: |
Size: 53248 |
Author: 张京 |
Hits:
Description: Ring0监控程序PRMonitor源代码-Ring0 monitoring program PRMonitor source code
Platform: |
Size: 75776 |
Author: gls |
Hits:
Description: ntshell源代码,无驱动进入ring0层,可以实现进程脱钩。-ntshell source code, no driver to enter the ring0 layer, can realize the process of decoupling.
Platform: |
Size: 370688 |
Author: weknow |
Hits:
Description: 内核级编程实践之检测进程工具和代码.ring0级别的进程检测。需要DDK环境。-Practice kernel-level programming tools and code detection process. Ring0 levels of the process of detection. DDK environment needs.
Platform: |
Size: 658432 |
Author: 龙 |
Hits:
Description: Hook Api Library 0.2 [Ring0&3] By Anskya
Email:Anskya@Gmail.com
ring3 inline hook For Api
Thank:
前29A高手也一直都是我的偶像...z0mbie大牛...这里膜拜一下
使用的LDE32引擎是翻译他老人家的...C->Delphi...
说明:
1.利用堆栈跳转
没有使用传统的jmp xxxx 长跳转,使用容易理解的push xxxx+ret
仔细看代码容易理解...封装完好.
2.内存补丁结构:
补丁1:|push xxx--钩子处理过程|ret|
补丁2:|保存原始补丁地址|保存原始地址代码长度|原始地址的代码|push xxxxxx|ret|
更新说明:
0.2:
支持Ring0 Inline Hook
0.1:
Ring3 Inline Hook
-Hook Api Library 0.2 [Ring0
Platform: |
Size: 6144 |
Author: david |
Hits:
«
1
23
4
5
6
7
8
9
10
...
14
»