Location:
Search - ring0 virus
Search list
Description: 1. Create the Virus Program. * * 2. The Virus Modifies IDT to Get Ring0 Privilege.-1. Create the Virus Program.** 2. The Virus Modifies IDT to Get Ring0 Privilege.
Platform: |
Size: 28672 |
Author: 王鹏 |
Hits:
Description: What IS TRing0?
TRing0 is a system level component that gives Delphi program access to system ressources like IO ports, Model Specific Registers (MSR) etc. Normally these ressources cannot be accessed directly by applications, just IO drivers. TRing0 reveals this functionality providing a simple Delphi component.
Platform: |
Size: 14336 |
Author: YOUGLE |
Hits:
Description: 这是一只纯ASM编写的病毒,具备文件感染,入口代码变形,自身加密,EPO等功能,是一只无任何
特征码的病毒,设计目的是为对抗反病毒软件的特征码杀毒、行为杀毒和虚拟机杀毒,现有代码
未提供任何破坏功能,但会主动感染可执行文件,而且被感染过的文件很难再还原,这点请注意
另外这东西也提供了Ring0功能,主要用于感染运行中的可执行文件
这东西写完后放了很久,不太记得怎么用了,把代码放上来有兴趣的朋友拿去研究研究,汇编工
具为TASM,由于已经不确定会产生什么后果了,测试时请自行承担风险,还有不要拿去做坏事。
-This is the one written in pure ASM virus has infected the file, import the code deformation, self-encryption, EPO and other functions, is the one without any
Signature of the virus, designed to combat anti-virus software, anti-virus signature, behavioral antivirus antivirus and virtual machines, the existing code
Did not provide any damage functions, but it will take the initiative to infected executable files, and were infected files very difficult to restore, this point note that
In addition it also provides something Ring0 feature is mainly used to run the executable file infected
This is something put for a long time after finishing the essay, can not recall how to use, and are interested in the code Fangshang Lai s friends Naqu research studies, compilation of work
With the TASM, because of what the consequences would have been uncertain, and test at your own risk, as well as bad things do not get to do.
Platform: |
Size: 16384 |
Author: buyinyin |
Hits:
Description: ASM纯净,编写的病毒感染的文件、变形入口代码,自己加密等功能,是一种EPO的没有任何病毒签名,都是为了对抗反病毒软件的特征码抗病毒、行为杀毒及虚拟机抗病毒、现有的代码,未提供任何破坏功能,但可以积极的感染可执行文件和感染的文件很难恢复,
请注意除了这事还提供了Ring0功能,主要用于感染运行中的可执行文件-Pure by ASM virus written, has infected file, entry code deformation, oneself encryption, and other functions, is a EPO without any
Signature of virus, are designed to confront the antivirus software of flexlm antivirus, behavior antivirus and virtual machine antivirus, existing code
Didn t provide any destruction of functions, but can active infect executable files, and infected file is hard to restore, which please note
In addition to this thing also provides Ring0 function, mainly for the infection in operation of the executable file
Platform: |
Size: 11264 |
Author: 才昆 |
Hits:
Description: Ring0下注册表键值的枚举与隐藏。实现注册表项的枚举、隐藏。实现病毒开机自启动注册表项目检测.-Under the registry key enumeration Ring0 and hidden. Enumeration entry achieving the registry, hidden. Achieved since the launch of the registry items boot virus detection.
Platform: |
Size: 405504 |
Author: zyj |
Hits:
Description: SSDT的全稱是System Services Descriptor Table,系統服務描述符表。這個表就是一個把ring3的Win32 API和ring0的內核API聯繫起來。SSDT並不僅僅只包含一個龐大的位址索引表,它還包含著一些其他有用的資訊,諸如位址索引的基底位址、服務函數個數等。
通過修改此表的函數位址可以對常用windows函數及API進行hook,從而實現對一些關心的系統動作進行過濾、監控的目的。一些HIPS、防毒軟體、系統監控、註冊表監控軟體往往會採用此介面來實現自己的監控模組,
目前極個別病毒確實會採用這種方法來保護自己或者破壞防毒軟體,但在這種病毒進入系統前如果防毒軟體能夠識別並清除它將沒有機會發作.
-SSDT s full name is System Services Descriptor Table, the system service descriptor table. This is a table of the Win32 API and ring0 ring3 kernel API link. SSDT is not only a huge address contains only the index table, it also contains some other useful information, such as the address of the index base address, the number of functions and other services.
Function by modifying the address of this table can be used for windows functions and API hook, in order to achieve the action of some concern to filter systems, surveillance purpose. Some HIPS, antivirus software, system monitoring, registry monitoring software often uses this interface to implement its own monitoring module,
At present very few virus does use this method to protect themselves or to destroy anti-virus software, but if the virus before the antivirus software into the system and clear it will not be able to identify opportunities to attack.
Platform: |
Size: 335872 |
Author: 小明 |
Hits:
Description: Rootkit是一个数字工具箱,可以加到恶意软件(木马病毒间谍软件)上来隐藏它,为它提供自由访问计算机的途径。恶意软件可以通过Rootkit加载到系统内核中,并通过修改内核达到隐蔽的目地(比如让系统认为恶意软件占用的空间为坏块,从而躲避杀软扫描)。Ro otkit可以提供自由访问计算机的途径,这个比较好理解,通过Rootkit注入系统内核的恶意程序运行在系统层,具有Ring0权限。本文可以带你入门roobkit(Rootkit is a digital toolbox, which can be added to malware (Trojan virus spyware) to hide it and provide free access to computers. Malware can be loaded into the system kernel through Rootkit and can be hidden by modifying the kernel (for example, let the system think that the space occupied by malicious software is bad, thus avoiding soft scan). Ro otkit can provide free access to computers. It is well understood that malicious programs running through Rootkit kernel are running on the system level with Ring0 privileges. This article can take you into the roobkit)
Platform: |
Size: 132096 |
Author: Ting_Yu |
Hits: