Location:
Search - ssdt hook
Search list
Description: SSDT hook example (hiding processes) correction
-SSDT hook example (hiding processes) Corr ection
Platform: |
Size: 1024 |
Author: wewwq |
Hits:
Description: 通过例子介绍了Windows系统服务调用的基本知识及Hook SSDT的方法-by example on the Windows system service called the basic knowledge and methods Hook SSDT
Platform: |
Size: 1024 |
Author: zhangyoufu |
Hits:
Description: 挂钩SSDT,通过驱动和hook函数进行进程控制。-Linked to SSDT, through the hook-driven and process control functions.
Platform: |
Size: 36864 |
Author: yeqing |
Hits:
Description: SSDT Hook ZwQuerySystemInformation 隐藏进程-SSDT Hook ZwQuerySystemInformation hidden processes
Platform: |
Size: 41984 |
Author: inking |
Hits:
Description: 这是一个SSDT HOOK源代码,希望对大家有点作用-This is a SSDT HOOK source code, I hope we are a bit on the role of
Platform: |
Size: 1024 |
Author: agg |
Hits:
Description: Delphi开发驱动的一个例子
1.映射ntoskrnl.exe到内存
2.重定位信息...
3.搜索SSDT基址
4.补丁回去-Delphi developed an example-driven 1. Mappings ntoskrnl.exe into memory 2. ... 3, re-positioning information. Search SSDT base address 4. Patch back
Platform: |
Size: 14336 |
Author: fanghui |
Hits:
Description: HOOK SSDT Hook系统服务描述表.查看SSDT.是个好东西-HOOK SSDT that s may be is you need
Platform: |
Size: 64512 |
Author: yaohu |
Hits:
Description: ssdt查看恢复工具源码,界面程序,具有查看和恢复ssdt功能,可以编译通过-View source ssdt recovery tools, interface procedures ssdt with the view and the restoration of function can be compiled through
Platform: |
Size: 139264 |
Author: 黄光 |
Hits:
Description: Windows内核态SSDT-hook实现进程隐藏和文件隐藏,代码很规整,学习内核编程的好例子 -a good example of studying kernel programing or driver developing,
SSDT hook
Platform: |
Size: 5120 |
Author: goodone |
Hits:
Description: 对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-The hook, from ring3 there are many, ring3 to ring0 there are many, according to api call progressive sequence of links, each link in the opportunity to have a hook, you can have int 2e or sysenter hook, ssdt hook, inline hook, irp hook, object hook, idt hook, etc.
Platform: |
Size: 1869824 |
Author: 王小明 |
Hits:
Description: ssdt钩子检测,利用查找ntkrnlpa.exe中导出的ssdt的起始地址和大小,比较实际的ssdt地址表中的内容,找出钩子-ssdt hook detection, the use of export ntkrnlpa.exe Find ssdt the start address and size, a more realistic ssdt address the contents of the table to find out hook
Platform: |
Size: 6144 |
Author: john smith |
Hits:
Description: 创建一个内核驱动,伪造一个ssdt表,使得ssdt钩子失效。-Create a kernel driver, forged a ssdt table, making failure ssdt hook.
Platform: |
Size: 72704 |
Author: john smith |
Hits:
Description: SSDT HOOK注册表电子书 简单的教程-SSDT HOOK registry simple tutorial e-book
Platform: |
Size: 1420288 |
Author: 浮士德 |
Hits:
Description: 向BIOS中植入模块,HOOK中断向量表,HOOK NTLDR加载过程以及HOOK内核函数,SSDT hook。-Add module into bios,HOOK IVT,HOOK NTLDR loder process and hook knrnel function,just as SSDT HOOK
Platform: |
Size: 10240 |
Author: 俊豪 |
Hits:
Description: Miss920程序行为监视器,运用SSDT HOOK技术,可以简单有效的监控程序行为,现在已经实现了进程监控,文件监控,注册表监控,并且可以有效快捷地进行二次开发。-Miss920 monitor program behavior, the use of SSDT HOOK technology, can be simple and effective monitoring of program behavior, the process has already been realized to monitor, document monitor, registry monitor, and can be carried out effectively and expeditiously to the second development.
Platform: |
Size: 365568 |
Author: 李俊 |
Hits:
Description: SSDT HOOK Source code
Platform: |
Size: 46080 |
Author: richard12 |
Hits:
Description: 本文从难易程度上主要分三块详细介绍:一.用户模式Hook:IAT-hook,Dll-inject 二.内核模式Hook:ssdt-hook,idt-hook,int 2e/sysenter-hook 三.Inline Function Hook -In this paper, Difficulty Level 3 detail the main points: 1. User Mode Hook: IAT-hook, Dll-inject 2. Kernel-mode Hook: ssdt-hook, idt-hook, int 2e/sysenter-hook 3. Inline Function Hook
Platform: |
Size: 14336 |
Author: lee |
Hits:
Description: Windows XP是通过sysenter调用KiFastCallEntry将ntdll.dll的调用切换到内核的。KiFastCallEntry的原理是通过在SSDT中查找函数地址跳转。所以只要伪造一张原始SSDT,就可以使得SSDT-HOOK无效了。-Windows XP by calling KiFastCallEntry sysenter ntdll.dll call will switch to the kernel. KiFastCallEntry SSDT principle is to find the function by address jump. So long as the original forged an SSDT, you can make SSDT-HOOK invalid.
Platform: |
Size: 5120 |
Author: 何耀彬 |
Hits:
Description: 建立新的SSDT表,修改可以绕过,某些游戏保护系统的SSDT HOOK 或 INLINE HOOK-SSDT table to create a new, modified to bypass certain game protection system SSDT HOOK or INLINE HOOK
Platform: |
Size: 21504 |
Author: f74108 |
Hits:
Description: XP下SSDT Hook ZwCreateThread的代码,仅适用于XP,由驱动和用户模式下控制程序组成,是从以前写的另一个程序修改过来的,所以代码中部分结构体的成员的定义是多余的,要写SSDT Hook的可以参考一下-XP, SSDT Hook ZwCreateThread code only applies to XP, drivers and user mode by the control program component is written in another program from the previous change over, so the code part of the structure is defined as the members of the excess to write SSDT Hook can refer to
Platform: |
Size: 396288 |
Author: seven |
Hits: