Welcome![Sign In][Sign Up]
Front-page it | Collect it | [中国-简体中文]
FAQ Fav
Location:
Search - ssdt hook

Search list

[Hook apidriver

Description: 用DDDK编写驱动,修改SSDT表HOOK NTDebugActiveProcess函数 钩子函数中可以判断PID号,决定是否放行,放行则在钩子函数中调用原来的NTDebugActiveProcess函数.否则直接返回False.HOOK成功后所有调用DebugActiveProcess的程序将会失效.当然可以按照你的需要HOOK更多的系统服务函数.同一服务函数的服务号在每个操作系统版本中是不同的.下面附件中编译完成的驱动请在WinXP SP2的环境下测试.否则可能会导致直接重启
Platform: | Size: 3704 | Author: 张京 | Hits:

[Hook apissdt2

Description: 查看系统SSDT,系统中被HOOK的函数以红色显示,可以恢复之
Platform: | Size: 20501 | Author: 周维祝 | Hits:

[OS programSSDTHook

Description: 对付ring0 inline hook的基本思路是这样的,自己写一个替换的内核函数,以NtOpenProcess为例,就是 MyNtOpenProcess。然后修改SSDT表,让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是,实现NtOpenProcess前10字节指令,然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了,在ring3直接调用OpenProcess再也毫无影响。
Platform: | Size: 3631 | Author: sdlylz | Hits:

[Hook apiHookShadowSSDT

Description: 一个演示如何hook shadow ssdt表的例子。
Platform: | Size: 477658 | Author: macro | Hits:

[Hook apiinstruder

Description: ark工具源码,包括用户态与核态两部分。支持ssdt hook、inline hook检测与恢复。-ark,ssdt hook、inline hook.
Platform: | Size: 16577536 | Author: 陈豪 | Hits:

[Driver Develop356

Description: 内核环境下 一个简单的ssdthook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考- 您是不是要找: 内核环境下 一个简单的ssdt hook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考 A simple kernel environment protection process ssdthook process name after 2000 all x86 compatible systems that can be used as reference compatible systems ssdthook
Platform: | Size: 76800 | Author: bbc9527 | Hits:

[Windows Developssdt

Description: 采用inline hook高级方式hook所有函数,易语言开发驱动源代码-Advanced mode uses inline hook hook all functions, easy language development driver source code
Platform: | Size: 16384 | Author: | Hits:

[Delphi/CppBuilderHOOK2

Description: delphi hook, ssdt hook
Platform: | Size: 628736 | Author: snowpando | Hits:

[Hook apissdt_hook_createprocessEx

Description: 2015年9月,自己编写的SSDT hook! 简单易懂!-September 2015, I have written SSDT hook! Straightforward!
Platform: | Size: 3072 | Author: xiongx | Hits:

[Driver Develop[6-3]Ring3EatIatHook

Description: Ring 3 的IAT HOOK和 EAT HOOK是一种是一种改函数地址的HOOK法,类似于 SSDT HOOK。-Ring IAT HOOK and EAT HOOK 3 is a function of an address change HOOK law, similar SSDT HOOK.
Platform: | Size: 53248 | Author: 石林 | Hits:

[Driver Developssdt_hook_ntcreatefile

Description: SSDTHOOK的源代码,一份SSDTHOOK的入门源代码,方便入门-SSDT HOOK
Platform: | Size: 9216 | Author: w | Hits:

[ADO-ODBChookssdt

Description: 再谈内核及进程保护,利用hook掉系统ssdt保护进程的例子。-Return to the kernel and the process of protection, the use of SSDT hook off system to protect the process of example.
Platform: | Size: 7168 | Author: dp0857sihuanji | Hits:

[Driver DevelopHookNtOpenProcess

Description: 64 位系统 hook ssdt 源码,测试hook的是ntreadvirtualmemory,喜欢就下载吧-64 system SSDT hook source code, test ntreadvirtualmemory is hook, like to download it
Platform: | Size: 82944 | Author: hansara | Hits:

[OS programtestKey

Description: two keylogger source code do ssdt hook
Platform: | Size: 477184 | Author: mohsen | Hits:

[Driver DevelopSSDT_Hook

Description: Hook SSDT 学习资料 demo实例 Hook SSDT 学习资料 demo实例-Hook SSDT Hook SSDT learning materials demo instance of learning materials demo examples
Platform: | Size: 102400 | Author: 王斌 | Hits:

[Driver DevelopSSDT_template

Description: SSDT Hook 模板 可以在此基础上增加自定义功能-SSDT Hook template can add custom features on this basis
Platform: | Size: 2048 | Author: 王斌 | Hits:

[Driver DevelopSSDTHOOK_demo

Description: SSDT Hook demo 内核层 + 用户层 SSDT Hook demo 内核层 + 用户层-SSDT Hook demo user layer core layer+
Platform: | Size: 61440 | Author: 王斌 | Hits:

[OtherPCHunter_free

Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,杀进程、杀线程、卸载模块等功能 2.内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、Classpnp、Atapi、Acpi、SCSI、IDT、GDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除 5.端口信息查看,目前不支持2000系统 6.查看消息钩子 7.内核模块的iat、eat、inline hook、patches检测和恢复 8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除(1. process, thread, process module, process window, process memory information view, kill process, kill thread, unload module and so on 2. kernel driver module view, support the memory module of the kernel driver module 3.SSDT, Shadow, SSDT, FSD, KBD, TCPIP, Classpnp, Atapi, Acpi, SCSI, IDT, GDT, information view, and can detect and restore SSDT, hook and inline hook 4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego and other Notify Routine information view, and support for the deletion of these Notify Routine 5. port information, currently 2000 systems are not supported 6. view message hook 7. kernel module of IAT, eat, inline, hook, patches detection and recovery 8. disk, volume, keyboard, network layer filter driver detection, and support deletion)
Platform: | Size: 6559744 | Author: aa77ss55dd | Hits:

[Internet-Networkrnchlaf

Description: 易语言驱动源码模版 对ssdt hook 的处理()
Platform: | Size: 6144 | Author: Wzwjwy | Hits:

[Driver DevelopHookSSDT

Description: 驱动重载 Hook SSDT 绕过钩子 理论上过一切保护(reload-kernel , Hook SSDT)
Platform: | Size: 21504 | Author: PUBG_WG | Hits:
« 1 2 3 4 5 6 78 9 »

CodeBus www.codebus.net