Location:
Search - asm ring0
Search list
Description: 这是一只纯ASM编写的病毒,具备文件感染,入口代码变形,自身加密,EPO等功能,是一只无任何
特征码的病毒,设计目的是为对抗反病毒软件的特征码杀毒、行为杀毒和虚拟机杀毒,现有代码
未提供任何破坏功能,但会主动感染可执行文件,而且被感染过的文件很难再还原,这点请注意
另外这东西也提供了Ring0功能,主要用于感染运行中的可执行文件
这东西写完后放了很久,不太记得怎么用了,把代码放上来有兴趣的朋友拿去研究研究,汇编工
具为TASM,由于已经不确定会产生什么后果了,测试时请自行承担风险,还有不要拿去做坏事。
Platform: |
Size: 17388 |
Author: 谭戴林 |
Hits:
Description: 这是一个汇编与VC结合的程序,在Ring3级获取Ring0级的操作-This is a compilation and VC combination of procedures, the Ring3 level access Ring0 class operation
Platform: |
Size: 3072 |
Author: 站长 |
Hits:
Description: ring0--hook NtContinue+source_code
ring0下面hookNtContinue 使用drx7寄存器实现的hook
this code hooks ntoskrnl!NtContinue to set dr7 to 0 (no updating of dr7)
so NtContinue called from ring3 cannot alter drX registers...
This hook will only PREVENT drX clearing from SEH (kiuser->ntcontinue)
and will not alter debugging using ring3 debuggers (olly->SetThreadContext)
mainly developed for personal reasearch and as anti-bpm...
Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll.dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =)
Its use for some targets such as armadillo... but never posted code...
by deroko-ring0- hook NtContinue+ source_codering0 use the following hookNtContinue register drx7 realize the hook this code hooks ntoskrnl! NtContinue to set dr7 to 0 (no updating of dr7) so NtContinue called from ring3 cannot alter drX registers ... This hook will only PREVENT drX clearing from SEH (kiuser-> ntcontinue) and will not alter debugging using ring3 debuggers (olly-> SetThreadContext) mainly developed for personal reasearch and as anti-bpm ... Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll. dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =) Its use for some targets such as armadillo ... but never posted code ... by deroko
Platform: |
Size: 6144 |
Author: 张京 |
Hits:
Description: 从ring3跳到ring0的源代码,用汇编语言编写。-Ring3 Skip ring0 from the source code, using assembly language preparation.
Platform: |
Size: 4096 |
Author: 木头 |
Hits:
Description: Windows NT/2000/XP/Server 2003 获取Ring0的便捷工具
程序创建了几个段:
IDT,GDT,SSDT,Linear
为创建Ring3,Ring0之间的互交便捷-Windows NT/2000/XP/Server 2003 to obtain a convenient tool Ring0 program to create a few paragraphs: IDT, GDT, SSDT, Linear for the creation of Ring3, Ring0 between the interactive and convenient
Platform: |
Size: 1024 |
Author: peacekeep |
Hits:
Description: 这是一只纯ASM编写的病毒,具备文件感染,入口代码变形,自身加密,EPO等功能,是一只无任何
特征码的病毒,设计目的是为对抗反病毒软件的特征码杀毒、行为杀毒和虚拟机杀毒,现有代码
未提供任何破坏功能,但会主动感染可执行文件,而且被感染过的文件很难再还原,这点请注意
另外这东西也提供了Ring0功能,主要用于感染运行中的可执行文件
这东西写完后放了很久,不太记得怎么用了,把代码放上来有兴趣的朋友拿去研究研究,汇编工
具为TASM,由于已经不确定会产生什么后果了,测试时请自行承担风险,还有不要拿去做坏事。
Platform: |
Size: 17408 |
Author: |
Hits:
Description: 这是一只纯ASM编写的病毒,具备文件感染,入口代码变形,自身加密,EPO等功能,是一只无任何
特征码的病毒,设计目的是为对抗反病毒软件的特征码杀毒、行为杀毒和虚拟机杀毒,现有代码
未提供任何破坏功能,但会主动感染可执行文件,而且被感染过的文件很难再还原,这点请注意
另外这东西也提供了Ring0功能,主要用于感染运行中的可执行文件
这东西写完后放了很久,不太记得怎么用了,把代码放上来有兴趣的朋友拿去研究研究,汇编工
具为TASM,由于已经不确定会产生什么后果了,测试时请自行承担风险,还有不要拿去做坏事。
-This is the one written in pure ASM virus has infected the file, import the code deformation, self-encryption, EPO and other functions, is the one without any
Signature of the virus, designed to combat anti-virus software, anti-virus signature, behavioral antivirus antivirus and virtual machines, the existing code
Did not provide any damage functions, but it will take the initiative to infected executable files, and were infected files very difficult to restore, this point note that
In addition it also provides something Ring0 feature is mainly used to run the executable file infected
This is something put for a long time after finishing the essay, can not recall how to use, and are interested in the code Fangshang Lai s friends Naqu research studies, compilation of work
With the TASM, because of what the consequences would have been uncertain, and test at your own risk, as well as bad things do not get to do.
Platform: |
Size: 16384 |
Author: buyinyin |
Hits:
Description: ASM纯净,编写的病毒感染的文件、变形入口代码,自己加密等功能,是一种EPO的没有任何病毒签名,都是为了对抗反病毒软件的特征码抗病毒、行为杀毒及虚拟机抗病毒、现有的代码,未提供任何破坏功能,但可以积极的感染可执行文件和感染的文件很难恢复,
请注意除了这事还提供了Ring0功能,主要用于感染运行中的可执行文件-Pure by ASM virus written, has infected file, entry code deformation, oneself encryption, and other functions, is a EPO without any
Signature of virus, are designed to confront the antivirus software of flexlm antivirus, behavior antivirus and virtual machine antivirus, existing code
Didn t provide any destruction of functions, but can active infect executable files, and infected file is hard to restore, which please note
In addition to this thing also provides Ring0 function, mainly for the infection in operation of the executable file
Platform: |
Size: 11264 |
Author: 才昆 |
Hits:
Description: 用汇编实在Ring3 和 Ring0 下的Inline HooK-It Ring3 and assembly under the Inline HooK Ring0
Platform: |
Size: 14336 |
Author: 星痕 |
Hits:
Description: The asm is to loader a ring3 dll from ring0,i think good!hope you too!
Platform: |
Size: 9216 |
Author: loving |
Hits: