Location:
Search - FSD Hook
Search list
Description: 机器狗新变种使用了一些流行的技术,包含了修复SSDT Hook、修复FSD Hook、并对一些系统还原软件进行有针对的Hook,使能达到突破还原软件保护的目的。做了那么多,最终目的还是下载大量的木马到用户的系统上。
Platform: |
Size: 1190435 |
Author: sdlylz |
Hits:
Description: FSD INLINE HOOK的几乎达到实用级的代码。代码大部分是炉子[0GiNr]提供的,在此感谢。
增加了一段获取通过NTFS驱动对象获取分发函数地址的代码,如果已经被人hook过,可能造成蓝屏。最好的方法还是解析NTFS文件获取原始分发函数地址。Xp sp2测试通过。-FSD INLINE HOOK almost reached the practical level of the code. Most stoves code [0GiNr] provided, would like to thank. Increase access to a NTFS drive through the distribution function to obtain the target address of the code, if the hook has been, and may cause a blue screen. The best way to resolve or NTFS file access to the original distribution function of the address. Xp sp2 test.
Platform: |
Size: 10240 |
Author: 好好 |
Hits:
Description: 搞定QQ游戏系列(寻仙,DNF等等)驱动保护TesSafe.sys 腾讯的tp和np都可以利用这个思路搞定。想必很多人都需要的吧 我就贡献给大家乐-Gao Ding QQ game series (look for cents, DNF, etc.) drive protection TesSafe.sys Tencent tp and np can use this idea Gaoding. Must have a lot of people I need to bar contribution to the Cafe de Coral
Platform: |
Size: 2048 |
Author: 黄杰 |
Hits:
Description: Hook FSD实现文件的隐藏,提供应用层接口。-Hook FSD realize the hidden files and provide application-layer interfaces.
Platform: |
Size: 8192 |
Author: Louiewiget |
Hits:
Description: 本程序功能为防止文件删除,其中包含三个部分,分别为:FSD INLINE HOOK初级防删,HOOK IoCreateFile中级防删,HOOK IoCheckShareAccess高级防删。-The program features to prevent file deletion, which consists of three parts, namely: FSD INLINE HOOK primary anti deleted, HOOK IoCreateFile intermediate anti deleted, HOOK IoCheckShareAccess senior defense deleted.
Platform: |
Size: 230400 |
Author: 王田 |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,热键信息查看,杀进程、杀线程、卸载模块等功能 2.内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、IDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除 5.端口信息查看,目前不支持2000系统 6.查看消息钩子 7.内核模块的iat、eat、inline hook、patches检测和恢复 8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除 9.注册表编辑 -1 process, thread, process modules, process window, process memory information viewing, hot information to view, kill the process, kill thread, unload the module and other functions 2 kernel driver module view, to support the kernel driver module memory copy 3.SSDT, Shadow SSDT, FSD, KBD, TCPIP, IDT information view, and can detect and recover ssdt hook and inline hook 4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego, etc. Notify Routine Information check, and to support their Notify Routine Delete 5 port information view, the current system does not support 2000 6 view news hook 7 kernel module iat, eat, inline hook, patches detection and recovery 8 disk, volume, keyboard, network layer filter driver detect, and support for the deletion 9. Registry Editor
Platform: |
Size: 3696640 |
Author: 接收 |
Hits:
Description: TCPPortHide[fsd Hook]-TCPPortHide[fsd Hook
Platform: |
Size: 23552 |
Author: |
Hits:
Description: FSD HOOK HIDE FILE 的简单历程完成-Completion of the simple process of FSD HOOK HIDE FILE
Platform: |
Size: 7168 |
Author: 李小玲 |
Hits:
Description: 某强删工具sys的逆向学习.
该驱动主要功能如下:首先是对FSD的hook的处理,RestoreFSDDispatchRoutine-A strong delete tool sys reverse learning the driver main function is as follows: First, the treatment of FSD' s hook, RestoreFSDDispatchRoutine
Platform: |
Size: 5120 |
Author: ljh |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,杀进程、杀线程、卸载模块等功能
2.内核驱动模块查看,支持内核驱动模块的内存拷贝
3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、Classpnp、Atapi、Acpi、SCSI、IDT、GDT信息查看,并能检测和恢复ssdt hook和inline hook
4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除
5.端口信息查看,目前不支持2000系统
6.查看消息钩子
7.内核模块的iat、eat、inline hook、patches检测和恢复
8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除(1. process, thread, process module, process window, process memory information view, kill process, kill thread, unload module and so on
2. kernel driver module view, support the memory module of the kernel driver module
3.SSDT, Shadow, SSDT, FSD, KBD, TCPIP, Classpnp, Atapi, Acpi, SCSI, IDT, GDT, information view, and can detect and restore SSDT, hook and inline hook
4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego and other Notify Routine information view, and support for the deletion of these Notify Routine
5. port information, currently 2000 systems are not supported
6. view message hook
7. kernel module of IAT, eat, inline, hook, patches detection and recovery
8. disk, volume, keyboard, network layer filter driver detection, and support deletion)
Platform: |
Size: 6559744 |
Author: aa77ss55dd
|
Hits: