Search - ssdt - CodeBus

[Windows Develop] SyFbt

Description: 杀Inline-Hook SSDT的进程的C++源码，DDK编写。可以杀冰刃，无法杀IL-Inline-Hook SSDT kill the process C++ source code, DDK preparation. Kill Frostsaber can not kill IL
Platform: | Size: 15360 | Author: fishgs | Hits:

[matlab] SSDT_Helper_src

Description: 通过搜索 SSDT 并和 ZwSystemDebugControl 获取的内容相比较 * 找出不同的SSDT项-通过搜索 SSDT 并和 ZwSystemDebugControl 获取的内容相比较 * 找出不同的SSDT项
Platform: | Size: 6144 | Author: flyangel | Hits:

[OS program] Ring3SSDT

Description: Ring3下安全获取原始SSDT地址 enjoy it-Ring3 under secure access to the original SSDT Address enjoy it
Platform: | Size: 78848 | Author: 刘阳 | Hits:

[assembly language] Hook

Description: 本文从难易程度上主要分三块详细介绍：一．用户模式Hook:IAT-hook,Dll-inject 二．内核模式Hook:ssdt-hook,idt-hook,int 2e/sysenter-hook 三．Inline Function Hook -In this paper, Difficulty Level 3 detail the main points: 1. User Mode Hook: IAT-hook, Dll-inject 2. Kernel-mode Hook: ssdt-hook, idt-hook, int 2e/sysenter-hook 3. Inline Function Hook
Platform: | Size: 14336 | Author: lee | Hits:

[Driver Develop] CCRootkit-V0.1

Description: 一般网上找到的都是需要Ring3传输需要补丁的地址过去... 002就是直接用最标准的方法进行SSDT定位以及修复的支持多核系统,当然还有003(加入shadow ssdt hook),004(加入inline hook) 基本上是现在最稳定的恢复方式了,大家可以用KMDLoader测试.加载就脱钩.不需要通讯 -Generally find on the Internet are required Ring3 address transmission needs a patch in the past ... 002 is the direct use of most standard approach to SSDT locate and repair support for multi-core systems, of course, 003 (add shadow ssdt hook), 004 (adding inline hook) is basically the recovery is now the most stable way, and we can use KMDLoader test. loaded on decoupling. does not require communication
Platform: | Size: 515072 | Author: 按时飞 | Hits:

[OS program] ProcessProtect

Description: 在Ring0下实现保护进程，通过HOOK SSDT实现保护进程-The Ring0 achieve protection process, achieved through the protection process HOOK SSDT
Platform: | Size: 6144 | Author: eithack | Hits:

[Windows Develop] SSDT_UnHook_C

Description: SSDT_UnHook_C ssdt 绕过杀毒软件主动防御-SSDT_UnHook_C ssdt to bypass anti-virus software, Active Defense
Platform: | Size: 4096 | Author: wujun | Hits:

[Driver Develop] UTM4XP

Description: 一个简单ARK源码。包括进线程操作，隐藏进程检测，SSDT,SHADOW SSDT hook查看-An anti-rookit tool
Platform: | Size: 1452032 | Author: 韩挚同 | Hits:

[Driver Develop] Rookit

Description: 一个Rookit工具源码，功能强大,SSDT,包括驱动部分-1 Rookit tool source, powerful, SSDT, including the driven part of
Platform: | Size: 1235968 | Author: godg | Hits:

[Driver Develop] HOOK

Description: SSDT 及 SSDT Shadow HOOK通用框架及保护模块-SSDT and the SSDT Shadow HOOK common framework and protection module
Platform: | Size: 10240 | Author: 小鱼 | Hits:

[OS program] NtReadVirtualMemorysswe

Description: SSDT 下恢复 ntreadvirtualmemory 对抗一些反病毒程序 -SSDT resume ntreadvirtualmemory against some anti-virus program
Platform: | Size: 10240 | Author: 水月 | Hits:

[Hook api] DriverTutorial

Description: Writing drivers to perform kernel-level SSDT hooking
Platform: | Size: 1211392 | Author: Oleg | Hits:

[Hook api] code

Description: SSDT Hook Source with Visual Stuio 6.0 (C++)
Platform: | Size: 102400 | Author: achykim | Hits:

[VC/MFC] ssdthook

Description: 这本书主要介绍了vc中基于ssdt hook 技术，可以很好的帮助你。-This book introduces the vc ssdt hook based technology that can very well help you.
Platform: | Size: 655360 | Author: 赵强 | Hits:

[Driver Develop] ProtectMon

Description: 驱动开发，根据PID保护进程，HOOK了 SSDT NtOpenProcess函数，至少可以抵御一切R3病毒终结你的进程!!适合新手学习HOOK ssdt的入门研究-Driven development, the protection under the PID process, HOOK the SSDT NtOpenProcess function, at least the end of you against all the process of virus R3!! Suitable for beginners to learn HOOK ssdt entry of
Platform: | Size: 2048 | Author: coorell | Hits:

Category

Source Code

Web/Internet

Develop Tools

Document

Other

Search in results

OS

Platform

Language

File Type

Search list