Welcome![Sign In][Sign Up]
Front-page it | Collect it | [中国-简体中文]
FAQ Fav
Location:
Search - SSDTHOOK

Search list

[OS programSSDTHook

Description: 对付ring0 inline hook的基本思路是这样的,自己写一个替换的内核函数,以NtOpenProcess为例,就是 MyNtOpenProcess。然后修改SSDT表,让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是,实现NtOpenProcess前10字节指令,然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了,在ring3直接调用OpenProcess再也毫无影响。
Platform: | Size: 3631 | Author: sdlylz | Hits:

[OS programSSDTHook

Description: 对付ring0 inline hook的基本思路是这样的,自己写一个替换的内核函数,以NtOpenProcess为例,就是 MyNtOpenProcess。然后修改SSDT表,让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是,实现NtOpenProcess前10字节指令,然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了,在ring3直接调用OpenProcess再也毫无影响。-Ring0 inline hook to deal with the basic idea is that the replacement of their own to write a kernel function to NtOpenProcess for example, is MyNtOpenProcess. And then amend the SSDT table, so that system services into its own function MyNtOpenProcess. And MyNtOpenProcess to do is realize NtOpenProcess the first 10-byte instruction, and then JMP to the original NtOpenProcess the Cross Festival. This NtOpenProcess function of the JMP are the first to write a lapse in ring3 no longer directly call OpenProcess no impact.
Platform: | Size: 3072 | Author: sdlylz | Hits:

[VC/MFCSSDTHOOK

Description: SSDT HOOK注册表电子书 简单的教程-SSDT HOOK registry simple tutorial e-book
Platform: | Size: 1420288 | Author: 浮士德 | Hits:

[VC/MFCssdthook

Description: 这本书主要介绍了vc中基于ssdt hook 技术,可以很好的帮助你。-This book introduces the vc ssdt hook based technology that can very well help you.
Platform: | Size: 655360 | Author: 赵强 | Hits:

[Driver DevelopRootKitHideFile

Description: 通过SSDTHOOK技术实现文件隐藏-File hidden by SSDTHOOK technology. .
Platform: | Size: 4096 | Author: 王强 | Hits:

[Hook apissdthook

Description: HookSSDT表中的ZWOpenProcess函数,实现进程防杀-HookSSDT table ZWOpenProcess function, realize the process of anti-kill
Platform: | Size: 58368 | Author: Liang | Hits:

[Hook apiSSDTHOOK

Description: 简单的SSDT的Hook,可以让想学习SSDT HOOK的朋友们学习学习。-The simple SSDT Hook, you can make friends want to learn SSDT HOOK learn to learn.
Platform: | Size: 10240 | Author: 王恺轶 | Hits:

[Hook apiRestoreShadowSource

Description: SSDT恢复源代码,是学习SSDTHOOK的参考资料,可以应用于外挂反调试学习当中-SSDT recover the source code, is to learn SSDTHOOK reference, can be applied to study which external anti-debugging
Platform: | Size: 22528 | Author: panda | Hits:

[Driver DevelopQuDongFangHuoQiang

Description: 通过ssdthook LoadDriver拦截驱动加载做的驱动防火墙,可以选择允许和阻止。-Drive firewall ssdthook LoadDriver interception driver is loaded, you can choose to allow and block.
Platform: | Size: 15954944 | Author: 刘丁 | Hits:

[Windows DevelopSSDTHook

Description: 进程隐藏与进程保护(SSDT Hook 实现) 文章目录: 1. 引子 – Hook 技术 2. SSDT 简介 3. 应用层调用 Win32 API 的完整执行流程 4. 详解 SSDT 5. SSDT Hook 原理-SSDT Hook
Platform: | Size: 836608 | Author: anders | Hits:

[e-languagessdt

Description: 里面有 SSDTHOOK Shadow SSDT HOOK 内存读写 等等自己看去 -SSDTHOOK Shadow SSDT HOOK
Platform: | Size: 19456 | Author: 四大皆 | Hits:

[OS programSSDTHookProcess

Description: 使用SSDTHOOK实现防止进程结束的功能,供大家参考-Use SSDTHOOK realize the function of preventing the end of the process, for your reference
Platform: | Size: 508928 | Author: 朱勋 | Hits:

[Driver Develop356

Description: 内核环境下 一个简单的ssdthook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考- 您是不是要找: 内核环境下 一个简单的ssdt hook进程名 保护进程 兼容2000以后所有x86系统,可以做为兼容系统的ssdthook参考 A simple kernel environment protection process ssdthook process name after 2000 all x86 compatible systems that can be used as reference compatible systems ssdthook
Platform: | Size: 76800 | Author: bbc9527 | Hits:

[Windows DevelopSSDTHook

Description: it is a ssdt hooking example for requirement, most know ddk.
Platform: | Size: 294912 | Author: kgh123456 | Hits:

[Driver Developssdt_hook_ntcreatefile

Description: SSDTHOOK的源代码,一份SSDTHOOK的入门源代码,方便入门-SSDT HOOK
Platform: | Size: 9216 | Author: w | Hits:

[Driver DevelopX64MyDriver

Description: 一份X64驱动代码,包含了VT,一些SSDTHOOK,实现了一些窗口隐藏相关功能-x64driver and x64vt
Platform: | Size: 697344 | Author: 郑明 | Hits:

[Driver DevelopHOOK-API

Description: 一个寒江老师的课件,单独出来发的目的是,让初级入门的驱动程序员们,很快的了解驱动如何对SSDT挂钩以及Windows应用程序如何简单的调用驱动接口的流程。 代码非原创,但是是我看到的最简单和最清楚的流程之一,非常适合刚入门驱动员们的口味,需要的就赶快下载吧。(It`s hanjiang teacher courseware, the purpose is to separate out, let the driver programmer entry-level, quickly understand how to drive SSDT and Windows applications to hook a simple call driver interface process. The code is not original, but it is one of the simplest and clearest processes I have ever seen. It's very suitable for the beginner's driver's taste. You need to download it as soon as possible.)
Platform: | Size: 212992 | Author: pigshuai | Hits:

CodeBus www.codebus.net