Location:
Search - rootkit .c
Search list
Description: 可在系统引导时工作的RootKit,较简单
1) It s very small.The basic framework is just about 100 lines of assembly code.It supports 2000,XP,2003
2) It patches the kernel at runtime(no files are patched on disk).(basic version has this code removed , so as others could understand it easily).
3) BOOT KIT is PXE-compatible.
4) It can even lead to first ever PXE virus
5)It also enables you to load other root kits if you have physical access(Normally root kits can only be loaded by the administrator)-the system can guide the work of Rootkit. simple 1) It's very small.The basic framework is jus t about 100 lines of assembly code.It supports 2 000, XP, 2003 2) It patches the kernel at runtime (no file 's are patched on disk). (basic version has this c ode removed. so as others could understand it easily). 3) BOO T KIT is PXE-compatible. 4) It can even lead to fi rst ever PXE virus 5) It also enables you to load o ther'isnt root kits if you have physical access (Norm ally root kits can only be loaded by the administ rator)
Platform: |
Size: 72775 |
Author: 诚然 |
Hits:
Description: 像windows的netstat一样查看本机开放端口的程序源码,作者为著名的rootkit hxf100 的作者,主程序delphi,驱动c源码。推荐下载。-the netstat like windows look like the machine open source port procedures, The author is a well-known rootkit hxf100 authors main program delphi, c-driven source. Recommended download.
Platform: |
Size: 24504 |
Author: zhouzhen |
Hits:
Description: 代码hook了所有256个中断向量,在debdgview下打印输出了中断历程,使用是请加载.sys驱动程序,具体代码请看.c文件
Platform: |
Size: 33978 |
Author: happyforall |
Hits:
Description: 在2000和xp下,隐藏进程 的c源程序-in 2000 and xp, c hidden source process
Platform: |
Size: 6144 |
Author: 刘影 |
Hits:
Description: rootkit检测应用程序的是否被hook,里面包含了源码。包含应用层和驱动层代码。-rootkit detection application procedures whether the hook, which contains the source code. Includes application layer and layer-driven code.
Platform: |
Size: 59392 |
Author: 刘春远 |
Hits:
Description: 利用挂钩线程调度链表来检测进程的代码。基本能查出当前所有Rootkit隐藏的进程。系统编程爱好者必下。-use of thread scheduling Chain link to the code detection process. Basic can be detected all current Rootkit hidden process. System programming enthusiasts certainly under.
Platform: |
Size: 492544 |
Author: 黄芸乐 |
Hits:
Description: rootkit 大家都知道吧,这个资料是最新的,想研究rootkit 技术的看看吧,我敢说这是最新的-rootkit everyone you know that this information is the latest, Study to look at the rootkit technology, and I dare say this is the latest
Platform: |
Size: 691200 |
Author: xinwanjiang |
Hits:
Description: 可在系统引导时工作的RootKit,较简单
1) It s very small.The basic framework is just about 100 lines of assembly code.It supports 2000,XP,2003
2) It patches the kernel at runtime(no files are patched on disk).(basic version has this code removed , so as others could understand it easily).
3) BOOT KIT is PXE-compatible.
4) It can even lead to first ever PXE virus
5)It also enables you to load other root kits if you have physical access(Normally root kits can only be loaded by the administrator)-the system can guide the work of Rootkit. simple 1) It's very small.The basic framework is jus t about 100 lines of assembly code.It supports 2 000, XP, 2003 2) It patches the kernel at runtime (no file 's are patched on disk). (basic version has this c ode removed. so as others could understand it easily). 3) BOO T KIT is PXE-compatible. 4) It can even lead to fi rst ever PXE virus 5) It also enables you to load o ther'isnt root kits if you have physical access (Norm ally root kits can only be loaded by the administ rator)
Platform: |
Size: 72704 |
Author: 诚然 |
Hits:
Description: 检测进程的代码,可以查出当前Rootkit进程。推荐!(使用挂钩线程调度链表)
-detection process code, we find the current Rootkit process. Recommended! (Using thread scheduling chain link)
Platform: |
Size: 490496 |
Author: 刘某 |
Hits:
Description: 像windows的netstat一样查看本机开放端口的程序源码,作者为著名的rootkit hxf100 的作者,主程序delphi,驱动c源码。推荐下载。-the netstat like windows look like the machine open source port procedures, The author is a well-known rootkit hxf100 authors main program delphi, c-driven source. Recommended download.
Platform: |
Size: 24576 |
Author: zhouzhen |
Hits:
Description: 很好的rootkit介绍书籍,里面附有相关源码。此为英文原版,希望能带你走进神圣的rootkit殿堂-Rootkit good introductory book, which accompanied by the relevant source. This is the original English edition, hoping to take you into the sacred halls of the rootkit
Platform: |
Size: 8920064 |
Author: 赵 |
Hits:
Description: 一个anti rootkit的用户界面源程序,还不错。-A anti rootkit user interface source code, but also good.
Platform: |
Size: 126976 |
Author: macro |
Hits:
Description: this is a hook of zwquerysysteminformation written in c
Platform: |
Size: 3072 |
Author: tornado |
Hits:
Description: Rootkit Unhooker是一款较新的RK检测工具,来自俄罗斯.其检测手段比IceSword可靠得多(虽然功能还不如IceSword齐全).有服务描述表钩子检测和恢复,强大的进程检测,强大的驱动检测,隐藏进程杀除,API钩子检测,驱动转储,生成报告等等功能.
修复加载器崩溃问题,:)
v3.8.342.554版更新:
+ 能够跳过用户模式扫描
+ 添加整个中断描述表列表选项
+ 改进中断描述表检查
+ 修复进程的重定位问题
- xccvc c vbvb vbcv b
Platform: |
Size: 742400 |
Author: 张小样 |
Hits:
Description: I m releasing my private ring3 rootkit "DarkFire" now. It s written in C#, source is included. Also there are the 4 examples, but you may also execute the source from VS if you don t trust exes...
Features:
* Hide Processes
* Hide Registry values
* Hide Registry keys
* Anti Sandbox for several sandboxes
-I m releasing my private ring3 rootkit "DarkFire" now. It s written in C#, source is included. Also there are the 4 examples, but you may also execute the source from VS if you don t trust exes...
Features:
* Hide Processes
* Hide Registry values
* Hide Registry keys
* Anti Sandbox for several sandboxes
Platform: |
Size: 29696 |
Author: sonam |
Hits:
Description: 本文将对当今先进的病毒/反病毒技术做全面而细致的介绍,重点当然放在了反病毒上,特别是虚拟机和实时监控技术。文中首先介
绍几种当今较为流行的病毒技术,包括获取系统核心态特权级,驻留,截获系统操作,变形和加密等。然后分五节详细讨论虚拟机
技术:第一节简单介绍一下虚拟机的概论;第二节介绍加密变形病毒,作者会分析两个著名变形病毒的解密子;第三节是虚拟机实
现技术详解,其中会对两种不同方案进行比较,同时将剖析一个查毒用虚拟机的总体控制结构;第四节主要是对特定指令处理函数
的分析;最后在第五节中列出了一些反虚拟执行技术做为今后改进的参照。论文的第三章主要介绍实时监控技术,由于win9x和
winnt/2000系统机制和驱动模型不同,所以会分成两个操作系统进行讨论。其中涉及的技术很广泛:包括驱动编程技术,文件钩挂,
特权级间通信等等。本文介绍的技术涉及操作系统底层机制,难度较大。所提供的代码,包括一个虚拟机C语言源代码和两个病毒
实时监控驱动程序反汇编代码,具有一定的研究和实用价值。-This paper will today s advanced virus/anti-virus technology to do a comprehensive and detailed introduction, the focus of course on the anti-virus, especially the virtual machines and real-time monitoring technology. Firstly Introduction
Several of today s more popular Shao-virus technology, including access to the system kernel mode privilege level, presence of intercepted system operation, deformation and encryption. Five sections and then discuss in detail the virtual machine
Technology: the first a brief overview of the virtual machine Section II describes the deformation encrypted virus, the author analyzes the deformation of the virus to decrypt two famous son III is the virtual machine implementation
Detailed current technology, which will compare two different programs, and will dissect a virus scanning of virtual machines with the overall control structure fourth main function is to deal with specific instructions
Analysis Finally, in section V lists some of the a
Platform: |
Size: 149504 |
Author: 陈伟 |
Hits:
Description: 用C语言实现的针对android手机进行攻击的实例,使采用的是rootkit技术-Implemented in C language, for instance attack android phone, so that uses rootkit technology
Platform: |
Size: 1024 |
Author: 张蛟 |
Hits: