Description: 这篇文档是在Windows NT操作系统下隐藏对象、文件、服务、进程等的技术。这种方法是基于Windows API函数的挂钩。 这篇文章中所描述的技术都是从我写rootkit的研究成果,所以它能写rootkit更有效果并且更简单。这里也同样包括了我的实践。 在这篇文档中隐藏对象意味着改变某些用来命名这些对象的系统函数,使它们将忽略这些对象的名字。这样一来我们改动的那些函数的返回值表示这些对象根本就不存在。 最基本的方法(除去少数不同的)是我们用原始的参数调用原始的函数,然后我们改变它们的输出。 在这篇文章里将描述隐藏文件、进程、注册表键和键值、系统服务和驱动、分配的内存还有句柄。-This document is in the Windows NT operating system hidden objects, documents, services, process technology. This method is based on the Windows API function link. This article describes techniques are, I wrote rootkit from the results of research, so it was rootkit more effective and more simple. Here, too, including my practice. In this document hidden object means certain changes to these objects naming system functions so that they will ignore these objects by name. So we change those functions return values, said these objects simply do not exist. The most basic method (excluding a few different) is that we should call the original parameters of the original function, and then we change their output. In this article will describe the hidden files, processes, registry keys, and keys, s Platform: |
Size: 14697 |
Author:龙 |
Hits:
Description: 这篇文档是在Windows NT操作系统下隐藏对象、文件、服务、进程等的技术。这种方法是基于Windows API函数的挂钩。 这篇文章中所描述的技术都是从我写rootkit的研究成果,所以它能写rootkit更有效果并且更简单。这里也同样包括了我的实践。 在这篇文档中隐藏对象意味着改变某些用来命名这些对象的系统函数,使它们将忽略这些对象的名字。这样一来我们改动的那些函数的返回值表示这些对象根本就不存在。 最基本的方法(除去少数不同的)是我们用原始的参数调用原始的函数,然后我们改变它们的输出。 在这篇文章里将描述隐藏文件、进程、注册表键和键值、系统服务和驱动、分配的内存还有句柄。-This document is in the Windows NT operating system hidden objects, documents, services, process technology. This method is based on the Windows API function link. This article describes techniques are, I wrote rootkit from the results of research, so it was rootkit more effective and more simple. Here, too, including my practice. In this document hidden object means certain changes to these objects naming system functions so that they will ignore these objects by name. So we change those functions return values, said these objects simply do not exist. The most basic method (excluding a few different) is that we should call the original parameters of the original function, and then we change their output. In this article will describe the hidden files, processes, registry keys, and keys, s Platform: |
Size: 14336 |
Author:龙 |
Hits:
Description: 这是一个注册表程序,可以比较某一个注册表项目是否被隐藏-This is a registry procedures, a comparison can be a registry items were hidden Platform: |
Size: 231424 |
Author:doubhor |
Hits:
Description: hook winAPI达到隐藏进程端口服务注册表等-process to reach the hidden hook winAPI service registry, such as port Platform: |
Size: 270336 |
Author:fyz |
Hits:
Description: I m releasing my private ring3 rootkit "DarkFire" now. It s written in C#, source is included. Also there are the 4 examples, but you may also execute the source from VS if you don t trust exes...
Features:
* Hide Processes
* Hide Registry values
* Hide Registry keys
* Anti Sandbox for several sandboxes
-I m releasing my private ring3 rootkit "DarkFire" now. It s written in C#, source is included. Also there are the 4 examples, but you may also execute the source from VS if you don t trust exes...
Features:
* Hide Processes
* Hide Registry values
* Hide Registry keys
* Anti Sandbox for several sandboxes
Platform: |
Size: 29696 |
Author:sonam |
Hits:
Description: XueTr算是目前最强的反rootkit工具了,本程序完成了对Xuetr的注册表项的隐藏,采取的方式是驱动绕过,而不是简单的GUI HACKER。-XueTr considered to be the most powerful anti-rootkit tool, the program completed Xuetr hidden registry keys, takes the form of driving around, rather than a simple GUI HACKER. Platform: |
Size: 64512 |
Author:王田 |
Hits:
Description: HIDS入侵检测系统 OSSEC源代码,跨平台,支持防火墙联动,文件完整性检测,rootkit检测-OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.
It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows
Platform: |
Size: 728064 |
Author:无名 |
Hits:
Description: 驱动编程,VC.这个源码是用来隐藏指定的注册表键的。对于学习rootkit和反rootkit比较有帮助。感兴趣的可以-Driven programming, VC. This source is used to hide the specified registry key. Rootkit and anti-rootkit for learning more helpful. Interested can look at Platform: |
Size: 2048 |
Author:基野 |
Hits:
Description: 这是个 rootkit 程序,反正什么功能都提供了,文件件、注册表等等都有。-rootkit,
-This is a rootkit programs, anyway, what features are available, pieces of files, registry and so on have.-Rootkit, Platform: |
Size: 472064 |
Author:威胁 |
Hits:
Description: BlackReleaver is a ring 0 rootkit that can hide files, processes, drivers, registry keys, and more. It uses an inline hook on many ring 0 functions. Platform: |
Size: 263168 |
Author:wessie |
Hits:
Description: Cross-view based rootkit detection tool based on The Sleuth Kit API and Microsoft’s Offline Registry API Platform: |
Size: 942080 |
Author:herbertgoergens |
Hits:
Description: AFX Windows Rootkit 2005是一个很好的Rootkit工具,它可以完成木马进程、文件、注册表的隐藏,还可实现DLL文件、网络连接及系统服务的隐藏。将程序文件“root.exe”和其它木马程序文件放到TeamViewer所在的文件夹中,在命令行下执行“root.exe /i”命令,TeamViewer文件夹就再也看不到了,同时TeamViewer的进程及其下的所有文件、动态连接库、服务及端口等都将被隐藏起来。-AFX Windows Rootkit 2005 Rootkit is a good tool, it can be done Trojan processes, files, registry, hidden, but also to achieve DLL files, network connections and hidden system services. The program file root.exe and other Trojan files into the same folder as TeamViewer, the command line root.exe/i command, TeamViewer folder will no longer see, and at the same time the process of TeamViewer and under all files, dynamic link libraries, service and port and so on will be hidden. Platform: |
Size: 225280 |
Author:阿斯蒂芬 |
Hits:
Search - rootkit registry