Welcome![Sign In][Sign Up]
Location:
Search - hook NtOpenProcess

Search list

[OS programSSDTHook

Description: 对付ring0 inline hook的基本思路是这样的,自己写一个替换的内核函数,以NtOpenProcess为例,就是 MyNtOpenProcess。然后修改SSDT表,让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是,实现NtOpenProcess前10字节指令,然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了,在ring3直接调用OpenProcess再也毫无影响。
Platform: | Size: 3631 | Author: sdlylz | Hits:

[Hook apiNtOpenProcess[SSDT+Hook]

Description: 可用于恢复SSDT绝对的经典值得收藏 可以让卡巴失效。好哦好哦好好哦好
Platform: | Size: 9716 | Author: xch | Hits:

[OS programSSDTHook

Description: 对付ring0 inline hook的基本思路是这样的,自己写一个替换的内核函数,以NtOpenProcess为例,就是 MyNtOpenProcess。然后修改SSDT表,让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是,实现NtOpenProcess前10字节指令,然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了,在ring3直接调用OpenProcess再也毫无影响。-Ring0 inline hook to deal with the basic idea is that the replacement of their own to write a kernel function to NtOpenProcess for example, is MyNtOpenProcess. And then amend the SSDT table, so that system services into its own function MyNtOpenProcess. And MyNtOpenProcess to do is realize NtOpenProcess the first 10-byte instruction, and then JMP to the original NtOpenProcess the Cross Festival. This NtOpenProcess function of the JMP are the first to write a lapse in ring3 no longer directly call OpenProcess no impact.
Platform: | Size: 3072 | Author: sdlylz | Hits:

[Hook apihook_openprocess

Description: hook openprocess的例子,delphi的源码-hook openprocess example, delphi source
Platform: | Size: 340992 | Author: baicker | Hits:

[Hook apiNtOpenProcess[InlineHook]

Description: r0 inline hook sample.
Platform: | Size: 37888 | Author: xiaohuangran | Hits:

[Driver DevelopantiTX

Description: 1.恢复shadow ssdt 2.恢复 NtReadVirtualMemory NtWriteVirtualMemory NtOpenProcess NtOpenThread KiAttachProce-1.恢复shadow ssdt 2.恢复 NtReadVirtualMemory NtWriteVirtualMemory NtOpenProcess NtOpenThread KiAttachProcess
Platform: | Size: 300032 | Author: 傅碧波 | Hits:

[Hook apihookdll

Description: 一個用delphi hook住 ntopenprocess 的dll 示列-Delphi hook with a live show ntopenprocess out of the dll
Platform: | Size: 7168 | Author: 火車 | Hits:

[Hook apiInline-Hook_NtOpenProcess

Description: 一段INLINE-HOOK的代码,以及一个循环检测是否改写,可在直接调用。【给HookOn传入一个PID即可】。-INLINE-HOOK section of the code, as well as a cycle of test re-evaluated, in direct call. 【HookOn into a PID to be】.
Platform: | Size: 2048 | Author: MagicCrow | Hits:

[OS programKernelHook

Description: Example of kernel hook (MS Visual Studio 2005) of system call NtOpenProcess to prevent opening process from user mode
Platform: | Size: 5120 | Author: Spec8472 | Hits:

[Hook apiHookSSDT

Description: HOOK NtOpenProcess 保护指定进程-HOOK NtOpenProcess the protection of designated process
Platform: | Size: 33792 | Author: zzage | Hits:

[Windows DevelopHookSSDT

Description: HOOK NtOpenProcess 保护指定进程-HOOK NtOpenProcess the protection of designated process
Platform: | Size: 4096 | Author: zzage | Hits:

[Windows DevelopNtOpenProcess

Description: Hook legal para aprender NtOpenProcess[Inline Hook]
Platform: | Size: 16384 | Author: munizf | Hits:

[Driver DevelopProtectMon

Description: 驱动开发,根据PID保护进程,HOOK了 SSDT NtOpenProcess函数,至少可以抵御一切R3病毒终结你的进程!!适合新手学习HOOK ssdt的入门研究-Driven development, the protection under the PID process, HOOK the SSDT NtOpenProcess function, at least the end of you against all the process of virus R3!! Suitable for beginners to learn HOOK ssdt entry of
Platform: | Size: 2048 | Author: coorell | Hits:

[Windows DevelopInline

Description: 回复NP HOOK住的部分代码 NTOPENPROCE-Part of the code back NP HOOK
Platform: | Size: 3072 | Author: zhangyang | Hits:

[Driver Develophook

Description: 保护进程 不被读取打开 hook NtOpenProcess的代码-ntOpenProcess hook instance
Platform: | Size: 2048 | Author: yjxyjx | Hits:

[Hook apiNtOpenProcess[Inline-Hook]

Description: NtOpenProcess[Inline Hook].rar-
Platform: | Size: 74752 | Author: | Hits:

[Hook apiNtOpenProcess[SSDT-Hook]

Description: NtOpenProcess[SSDT Hook].rar-
Platform: | Size: 25600 | Author: | Hits:

[Driver DevelopHook_SSDT_NtOpenProcess

Description: Hook SSDT NtOpenProcess,驱动实现Hook内核函数。- Hook SSDT NtOpenProcess, drive to achieve Hook kernel function.
Platform: | Size: 4096 | Author: wpggles | Hits:

[Hook apiDriver

Description: windows冲在内核 hook ntopenproce-hook ntopenprocess windows reloadkernel
Platform: | Size: 3072 | Author: Xavier | Hits:

[OS programssdt_hook

Description: ssdt完整稳定源码,第一个例子HOOK了ZwSetInformationFile保护test.txt文件不被删除 第二个例子HOOK了NtOpenProcess保护PID大于1000的进程不被结束-ssdt complete stable source, ssdt complete stable source, ssdt complete stable source
Platform: | Size: 162816 | Author: siliemor | Hits:

CodeBus www.codebus.net