Location:
Search - ssdt kernel
Search list
Description: 比挂钩SSDT还要底层的,位于键盘硬件设备驱动之上的键盘过滤驱动源码,欢迎下载研究。-Designing A Kernel Key Logger
A Filter Driver Tutorial
By Clandestiny
Platform: |
Size: 142336 |
Author: Gentlewolf |
Hits:
Description: Open Source SSDT Hook detection utility, it will scan the SSDT Entries in the kernel (ntoskrnl.exe) and find the functions that are hooked & not in the kernel base address range .
Platform: |
Size: 102400 |
Author: __Genius__ |
Hits:
Description: 利用SSDT HOOK 巧过 LINK HOOK的驱动源码。。合适新手熟悉内核学习-Clever use of SSDT HOOK LINK HOOK been driven source. . Appropriate learning novice familiar with the kernel
Platform: |
Size: 2048 |
Author: 郭嘉 |
Hits:
Description: 内核开发,主要介绍如何通过SSDT表HOOK函数。-Kernel development, focuses on how the SSDT table HOOK function.
Platform: |
Size: 3072 |
Author: zzz |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,热键信息查看,杀进程、杀线程、卸载模块等功能 2.内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、IDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除 5.端口信息查看,目前不支持2000系统 6.查看消息钩子 7.内核模块的iat、eat、inline hook、patches检测和恢复 8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除 9.注册表编辑 -1 process, thread, process modules, process window, process memory information viewing, hot information to view, kill the process, kill thread, unload the module and other functions 2 kernel driver module view, to support the kernel driver module memory copy 3.SSDT, Shadow SSDT, FSD, KBD, TCPIP, IDT information view, and can detect and recover ssdt hook and inline hook 4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego, etc. Notify Routine Information check, and to support their Notify Routine Delete 5 port information view, the current system does not support 2000 6 view news hook 7 kernel module iat, eat, inline hook, patches detection and recovery 8 disk, volume, keyboard, network layer filter driver detect, and support for the deletion 9. Registry Editor
Platform: |
Size: 3696640 |
Author: 接收 |
Hits:
Description: SSDT挂钩_基于Windows内核的RootKit技术样本-SSDT hooks _ Windows kernel RootKit technology based sample
Platform: |
Size: 286720 |
Author: hjh |
Hits:
Description: 这份是重载内核,知道重载内核能干什么了,基本所有的ssdt和shadow ssdt都能恢复,神马hook之类的弱爆了-This is overloaded kernel know to reload the kernel can do the basic the all ssdt and shadow ssdt, will recover, of Shenma hook like a weak burst
Platform: |
Size: 32768 |
Author: 王涛 |
Hits:
Description: Hook KiFastCallEntry
Platform: |
Size: 212992 |
Author: Blue |
Hits:
Description: 探寻windows kernel,描述了SSDT钩子,键盘过滤性驱动,文件过滤性驱动的原理和编写方法。-Explore the windows kernel, described SSDT hooks, keyboard filterability driven, principle-driven file filterability and preparation methods.
Platform: |
Size: 1666048 |
Author: zhouyu |
Hits:
Description: 看雪学院Rootkit学习,1.内核Hook:对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-See snow Institute Rootkit learning, kernel Hook: hook from ring3 many, ring3 to ring0 also the api call progressive order, every link has the opportunity to hook int 2e or sysenter. hook, ssdt hook, inline hook, irp hook, object hook, idt hook, etc.
Platform: |
Size: 1652736 |
Author: stars |
Hits:
Description: Anti SSDT Hooking under windows kernel mode
Platform: |
Size: 793600 |
Author: mohammad |
Hits:
Description: 驱动加载SSDT内核-SSDT kernel driver loading
Platform: |
Size: 7168 |
Author: iqny2005 |
Hits:
Description: Hook SSDT NtOpenProcess,驱动实现Hook内核函数。-
Hook SSDT NtOpenProcess, drive to achieve Hook kernel function.
Platform: |
Size: 4096 |
Author: wpggles |
Hits:
Description: SSDT hook 内核api,实现进程隐藏和进程保护功能的源码,备份资料,仅供参考。-SSDT hook kernel api, hidden process and process protection function of the source, the backup data is for reference only.
Platform: |
Size: 1043456 |
Author: huangzhenyuan |
Hits:
Description: 过QQ驱动 解决了一些QQ改了的SSDT的内核 应该算是比较新的软件吧-Drive through QQ solved some QQ changed SSDT kernel should be relatively new software
Platform: |
Size: 164864 |
Author: 古杰俊 |
Hits:
Description: 内核环境下 一个简单的ssdthook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考-
您是不是要找: 内核环境下 一个简单的ssdt hook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考
A simple kernel environment protection process ssdthook process name after 2000 all x86 compatible systems that can be used as reference compatible systems ssdthook
Platform: |
Size: 76800 |
Author: bbc9527 |
Hits:
Description: 再谈内核及进程保护,利用hook掉系统ssdt保护进程的例子。-Return to the kernel and the process of protection, the use of SSDT hook off system to protect the process of example.
Platform: |
Size: 7168 |
Author: dp0857sihuanji |
Hits:
Description: C++下64位系统的HOOK SSDT内核源码 VS2013 wdk8.1编辑-C++ 64-bit system HOOK SSDT kernel source VS2013 wdk8.1 editor
Platform: |
Size: 346112 |
Author: 小俊 |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,杀进程、杀线程、卸载模块等功能
2.内核驱动模块查看,支持内核驱动模块的内存拷贝
3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、Classpnp、Atapi、Acpi、SCSI、IDT、GDT信息查看,并能检测和恢复ssdt hook和inline hook
4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除
5.端口信息查看,目前不支持2000系统
6.查看消息钩子
7.内核模块的iat、eat、inline hook、patches检测和恢复
8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除(1. process, thread, process module, process window, process memory information view, kill process, kill thread, unload module and so on
2. kernel driver module view, support the memory module of the kernel driver module
3.SSDT, Shadow, SSDT, FSD, KBD, TCPIP, Classpnp, Atapi, Acpi, SCSI, IDT, GDT, information view, and can detect and restore SSDT, hook and inline hook
4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego and other Notify Routine information view, and support for the deletion of these Notify Routine
5. port information, currently 2000 systems are not supported
6. view message hook
7. kernel module of IAT, eat, inline, hook, patches detection and recovery
8. disk, volume, keyboard, network layer filter driver detection, and support deletion)
Platform: |
Size: 6559744 |
Author: aa77ss55dd
|
Hits:
Description: 驱动重载 Hook SSDT 绕过钩子 理论上过一切保护(reload-kernel , Hook SSDT)
Platform: |
Size: 21504 |
Author: PUBG_WG |
Hits: