Location:
Search - usermode
Search list
Description: 检测windows下rootkit对文件的隐藏。some usermode overwrites first few bytes
of ZwQueryDirectoryFile and that trick will fail then :( So, you will
probably need a small database of the correct indexes for all Windows
versions-under rootkit detection windows of the hidden documents. Some usermode overwrites first few bytes of ZwQueryDirectoryFile and that trick will fail then : (So, you will probably need a small database of the correct indexes for all Windows versions
Platform: |
Size: 16396 |
Author: libo |
Hits:
Description: MicroRk - Very small usermode rootkit
Platform: |
Size: 9874 |
Author: 二点 |
Hits:
Description: 检测windows下rootkit对文件的隐藏。some usermode overwrites first few bytes
of ZwQueryDirectoryFile and that trick will fail then :( So, you will
probably need a small database of the correct indexes for all Windows
versions-under rootkit detection windows of the hidden documents. Some usermode overwrites first few bytes of ZwQueryDirectoryFile and that trick will fail then : (So, you will probably need a small database of the correct indexes for all Windows versions
Platform: |
Size: 16384 |
Author: libo |
Hits:
Description: MicroRk - Very small usermode rootkit-MicroRk- Very small usermode rootkit
Platform: |
Size: 9216 |
Author: 二点 |
Hits:
Description: Win2K/XP下直接读取并口、串口等IO-kernel mode driver for Windows NT/2000 that gives usermode programs access to I/O
Ports.
Platform: |
Size: 50176 |
Author: cookey |
Hits:
Description: Magic ApiHook
Ring3(usermode) hooks
Platform: |
Size: 19456 |
Author: mjrod5 |
Hits:
Description: Purpose: - Implement remote code injection
- Usermode hook (Ntdll->NtQueryDirectoryFile)
Note: This is only POC that will hide file explorer.exe
Hidding file via usermode code injection to explorer.exe
You can restart explorer.exe to unhook-Purpose: - Implement remote code injection
- Usermode hook (Ntdll->NtQueryDirectoryFile)
Note: This is only POC that will hide file explorer.exe
Hidding file via usermode code injection to explorer.exe
You can restart explorer.exe to unhook
Platform: |
Size: 7168 |
Author: nofear0720 |
Hits:
Description: Delphi Source Code:
=== === === === === === === ====
Magic Api Hook Engine v1.0 - Date: 2006.04.24
this is a simple all around process api hooker
UserMode(Ring3) just for WinNT family
By: Magic_h2001 - magic_h2001@yahoo.com
Home: http://magic.shabgard.org
==============================================
-Delphi Source Code:
==============================================
Magic Api Hook Engine v1.0 - Date: 2006.04.24
this is a simple all around process api hooker
UserMode(Ring3) just for WinNT family
By: Magic_h2001 - magic_h2001@yahoo.com
Home: http://magic.shabgard.org
==============================================
Platform: |
Size: 18432 |
Author: Weder |
Hits:
Description: Code simple example hook for API openprocess
in Usermode , compile with MASM
Platform: |
Size: 1024 |
Author: MUTANT |
Hits:
Description: DBVM是一个虚拟机将运行您的操作系统和扩展指令集允许用户模式应用程序访问kernelmode。它可以让程序重定向流量到不同的位置的系统事件,并改变他们的结果。 (例如,重定向到一个不同的中断处理程序的一个中断未经编辑的中断表)-DBVM is a virtual machine that will run your operating system and expands the instruction set to allow usermode application access to kernelmode. And it allows to let programs redirect the flow of system events to different locations and change their results. (For example redirecting a interrupt to a different interrupt handler without editing the interrupt table)
Platform: |
Size: 207872 |
Author: 海风月影 |
Hits:
Description: DBVM是虚拟机运行您的操作系统和扩展指令集,允许usermode kernelmode应用程序访问。和它可以让程序系统事件流重定向到不同的位置和改变他们的结果。(例如中断重定向到不同的中断处理程序没有编辑中断表)
作弊引擎可以利用这些添加指令简化游戏修改和调试。特别是在Vista 64。利用它,就启动DBVM一样,然后启动操作系统,通常windows,作弊引擎将自动检测到DBVM加载和使用添加功能。
可以使用安全:DBVM mallicious软件。因此它需要一个64位长键使用指令。指令是改变默认的一个关键所以其他程序的不同键不能使用它,没有适当的关键。
请注意,当前实现DBVM需要你的cpu支持intel vt指令集。AMD版本请捐出足够的钱,这样我就能买一个AMD系统测试AMD特定的代码。
一个简单的方法来发现如果你的系统支持dbvm rigthclicking CE标志的显示屏幕。它会告诉你如果你的系统是否有能力。如果你真的有dbvm加载,它甚至会告诉你哪一个后续版本dbvm你正在运行-DBVM is a virtual machine that will run your operating system and expands the instruction set to allow usermode application access to kernelmode. And it allows to let programs redirect the flow of system events to different locations and change their results. (For example redirecting a interrupt to a different interrupt handler without editing the interrupt table)
Cheat Engine can make use of these added instructions to make game modification and debugging easier. Especially in Vista 64. To make use of it, just boot up with DBVM, which will then boot up your operating system, usually windows, and Cheat Engine will automatically detect that DBVM is loaded and make use of the added functionality.
Safety: DBVM can be used by mallicious software. Therefore it requires a 64-bit long key to make use of the instructions. One of the instructions is to change the default key to a different key so other programs can not use it, without the proper key.
Please note, the current implementa
Platform: |
Size: 9046016 |
Author: 刘翔 |
Hits:
Description: 使用/dev/mem和mmap方式在用户层操作物理层资源的接口。(use /dev/mem and mmap to operate physical layer resource in usermode process.)
Platform: |
Size: 2048 |
Author: liushaofang |
Hits: