Location:
Search - Hidden registry
Search list
Description: 在NT环境下隐藏进程,也就是说在用户不知情的条件下,执行自己的代码的方法有很多种,比如说使用注 册表插入DLL,使用Windows挂钩等等。其中比较有代表性的是Jeffrey Richer在《Windows核心编程》中 介绍的LoadLibrary方法和罗云彬在《Windows环境下32位汇编语言程序设计》中介绍的方法。两种方法的 共同特点是:都采用远程线程,让自己的代码作为宿主进程的线程在宿主进程的地址空间中执行,从而达 到隐藏的目的。相比较而言,Richer的方法由于可以使用c/c++等高级语言完成,理解和实现都比较容易 ,但他让宿主进程使用LoadLibrary来装入新的DLL,所以难免留下蛛丝马迹,隐藏效果并不十分完美。罗 云彬的方法在隐藏效果上绝对一流,不过,由于他使用的是汇编语言,实现起来比较难(起码我写不了汇 编程序:))。笔者下面介绍的方法可以说是对上述两种方法的综合:采用c/c++编码,实现完全隐藏。并 且,笔者的方法极大的简化了远程线程代码的编写,使其编写难度与普通程序基本一致。-the NT environment hidden process, the user is unaware of the conditions, the implementation of their code There are various ways, for instance, the use of the registry into DLL, etc. linked to the use of Windows. The more representative Jeffrey Richer is the "core Windows programming" introduced by the LoadLibrary method and the Luo Bin, "under Windows 32 assembly language programming" introduced by the method. Two methods are common features are : remote threads are used to keep the code as host process threads in the host address space of the process to implement in order to achieve the purpose of hiding. Comparatively speaking, Richer way can be used as c / c Senior complete language, understanding and will be relatively easy to achieve, but he let the host process
Platform: |
Size: 32284 |
Author: 潘桂聪 |
Hits:
Description: SRS: 1. startup with Windows. 2. support windows 9x, 2000, XP 3. count for key which can be specified by register. 4. count number recorded in an file which path can be specified by register. 5. single instance. 6. run background. 7. 在任何时候,按Alt+S 显示/隐藏对话框. 对话框的关闭按钮是“隐藏”的作用。 8. 在任何时候,先按Alt+X,在按Alt+P退出程序 9. 注册表中保存了如下数据: (1)cout - 当前计数 (2)total-count - 全部计数 (3)datafile - 游戏的数据文件路径和名称,默认为\"d:\\MGAMES\\NETBAR\\NETBARR.dll\" (4)key - 要计数的按键 你可以修改注册表中的这些数据,程序重新启动后将使用这些数据。-SRS : 1. Startup with Windows. 2. Support Windows 9x, 2000, XP 3. Count for key which can be specified by register. 4. Count number recorded in an file which path can be specified by register. 5. Single instance . 6. run background. 7. at any time, by pressing Alt S Show / Hide dialog. dialog is the close button "hidden" role. 8. At any time, register Alt X, in accordance with Alt P exit 9. The registry contains the following information : (a) court-the current count (2) total-count-all count (3) datafile-game data file path and name , defaults to "d : \\ MGAMES \\ NETBAR \\ NETBARR.dll" (4) key-to count the buttons you can modify the registry data, procedures will restart the use of these data.
Platform: |
Size: 159862 |
Author: 周炎 |
Hits:
Description: 关于如何突破 icesword 的注册表隐藏的一点想法.这个想法应该是可以突破现有版本的 icesword 的注册表隐藏的. 这是一个半通用的方法.但不是搜索特征传.在 coding 中,这个要比隐藏进程麻烦些. 编码如果超过 1天半 俺就会放弃. 这里给出了一个简单的包.里面包含一个驱动程序和一个注册表文件.
测试的时候请自己把 HideRegistryApp.exe 跑起来. 然后把 test.reg 导入到注册表中. icesword 可以先启动,也可以后启动. 然后在 icesword 的注册表浏览中浏览 HKEY_LOCAL_MACHINE --> SOFTWARE --> wuyanfeng 我的驱动隐藏了 wuyanfeng 下面的 wuyanfeng KEY . 你门可以随便的在什么地方 建立 不少于 2层的 wuyanfeng KEY 在我的驱动跑着的时候只能看到最上一层,其他的都被隐藏掉了. 例如你可以 建立如下 KEY HKEY_CLASSES_ROOT ---> wuyanfeng1 -->wuyanfeng 等等. 这个驱动我只在 xp sp2 的系统中测试过,其他系统没有测试-icesword on how to break the 1:00 hidden registry idea. This idea should be able to suddenly breaking the existing version of the registry icesword hidden. This is a semi-generic approach. But instead of search features Chuan. In coding, The trouble than some hidden process. encoding more than one-half if I will stop. Here is a simple package. Lane surface contains a driver and a registry document. Please test when they put HideRegistryA pp.exe run up. then test.reg into the registry. icesword ahead start can be activated. Then in the registry icesword Browsing View HKEY_LOCAL_MA 24:00 --
Platform: |
Size: 68204 |
Author: 79282853 |
Hits:
Description: 隐藏文件,注册表,端口,内核的ROOTKIT!-hidden documents, the registry, port, the kernel of ROOTKIT!
Platform: |
Size: 36864 |
Author: 于皓 |
Hits:
Description: 一份针对icesword(内核检测软件)的注册表隐藏代码.能在icesword中隐藏任意的注册表键值.-against a icesword (kernel detection software) code hidden in the registry. In icesw ord concealed arbitrary registry keys.
Platform: |
Size: 1024 |
Author: 张伟 |
Hits:
Description: 冰刃下隐藏注册表
最亲朋的隐藏技术,请不要用于不法目的。学习研究的-Under the most hidden registry冰刃friends hidden technology, please do not for the unlawful purpose. Study of
Platform: |
Size: 67584 |
Author: 陈规 |
Hits:
Description: 纯汇编写的病毒程序。
1、将自己拷贝到系统目录下;
2、循环遍历系统中所有逻辑驱动器,将自己拷贝到其根目录下并建立AutoRun.inf文件;
3、搜索系统中所有的exe 文件,在exe文件上添加可执行代码,使exe在运行之前首先执行添加的代码;并在所搜索过的目录中建立desktop.ini文件,标记已访问过;
4、修改注册表:添加自启动、不显示隐藏文件、禁用注册表编辑器、禁用任务管理器。
-Pure virus program written compilation. 1, copy themselves to the system directory 2, cycle traverse system for all logical drives, copying itself to its root directory and create Autorun.inf documents 3, search the system all the exe files in the exe file add executable code to run exe before the implementation of the code to add and searched in the directory to create a desktop.ini file, marking has been visited 4, to modify the registry: Add self-starting, do not show hidden files, Disable Registry Editor, disable Task Manager.
Platform: |
Size: 8192 |
Author: 婷婷 |
Hits:
Description: 隐藏进程、模块、文件、目录、注册表、服务、TCP_UDP连接、任务栏图标-Hidden processes, modules, file, directory, registry, services, TCP_UDP connection taskbar icon
Platform: |
Size: 228352 |
Author: xiazai |
Hits:
Description: Hook劫持 隐藏注册表键值,本例子隐藏了hirosh键值-Hook hostage hidden registry key, the key example of hidden hirosh
Platform: |
Size: 25600 |
Author: kaite1010 |
Hits:
Description: 注册表清除专家v4.63
.扫描Windows注册表并且在注册表内找到错误或者过时的讯息。
.修正Windows注册表内过时的讯息和增进你的Windows效能。
.备份Windows注册表。
.从以前备份恢复Windows注册表。
.当Windows开始时管理Windows的系统进程。
.除去隐藏在你的开始项目和BHOs里的间谍程式,广告程式和特洛伊木马程式。
.保护隐私的内置踪迹橡皮擦。
支持 Windows Vista, XP, 2003, 2000, ME and 98. (For Vista and XP, both x86 and x64 version are supported)-Registry removal experts v4.63. Scan Windows registry and find errors in the registry, or outdated information. . Amended obsolete Windows registry in the message and promote your Windows performance. . Backup Windows registry. . From the previous backup to restore Windows registry. . When the Windows start process of the management of Windows systems. . Remove hidden in the beginning of your project and in the spyware BHOs, adware, and Trojan horses. . Privacy eraser built trail. Support Windows Vista, XP, 2003, 2000, ME and 98. (For Vista and XP, both x86 and x64 version are supported)
Platform: |
Size: 2843648 |
Author: maxmas |
Hits:
Description: 1. 内存中操作Hive, 而非操作磁盘hive. 比同等的Hive解析工具(eg.狙剑)速度快.
2. 操作方式和windows自带的regedit.exe相同, 而同等的工具仅列出hive对应的项,一般用户不知如何使用
3. 支持整个子键(Key) / 键值(Values) 的删除,增加,修改,重命名. 而同等的工具考虑到安全性,没有加入对Key的删除/增加 操作
4. 没有特殊情况的话,能发现一切注册表隐藏信息,解析hive的都能做到.
5. 查找功能没有暴搜hive数据结构,换用常规API. -1. Memory operation Hive, rather than the operation of the disk hive. Than analytical tools Hive same (eg. sword spy) speed. 2. Operation of regedit.exe and windows bring the same tools and the same list only hive the corresponding item, the general users do not know how to use 3. in support of the entire sub-key (Key)/key (Values) to delete, add, modify, rename. and the same tools to take into account security, do not add the delete Key/increase in operation 4. the absence of exceptional circumstances, then, to discover all the hidden registry information, are able to resolve the hive. 5. Find hive found no storm data structure, for conventional API.
Platform: |
Size: 294912 |
Author: 123 |
Hits:
Description: 文件隐藏,
进程隐藏,
注册表项隐藏,
注册表键值隐藏
-Hidden files, hidden processes, registry entries hidden, hidden registry keys
Platform: |
Size: 154624 |
Author: mark tsai |
Hits:
Description: 用vc++编写的,通过访问注册表中的一个隐藏的项,网络流量监控-Using vc++ written by accessing a hidden registry entries, network traffic monitoring
Platform: |
Size: 70656 |
Author: lulingfeng |
Hits:
Description: 远程线程控制:隐藏注册表,开机自动运行。-Remote thread control: hidden registry to start automatically.
Platform: |
Size: 3508224 |
Author: 彭国新 |
Hits:
Description: XueTr算是目前最强的反rootkit工具了,本程序完成了对Xuetr的注册表项的隐藏,采取的方式是驱动绕过,而不是简单的GUI HACKER。-XueTr considered to be the most powerful anti-rootkit tool, the program completed Xuetr hidden registry keys, takes the form of driving around, rather than a simple GUI HACKER.
Platform: |
Size: 64512 |
Author: 王田 |
Hits:
Description: VB注册表操作隐藏、显示驱动器代码VB hidden registry operation, display driver code
-VB hidden registry operation, display driver code
Platform: |
Size: 2048 |
Author: i |
Hits:
Description: 禁用USB存储设备的方法汇总。有隐藏盘符,禁止BIOS,修改注册表-Disable USB storage devices, the method summary. Have hidden the drive letter to prohibit BIOS, modify the registry, etc.
Platform: |
Size: 668672 |
Author: zhanzhihua |
Hits:
Description: 我的超级兔子
分别单击各按钮,即可设置其相应的功能。设置之前请参见最下方的注意事项。
1.系统设置管理项功能如下:
(1)备份注册表:备份系统当前的注册表内容。
(2)恢复注册表:将备份的注册表恢复到系统中。
(3)蓝屏后自动重新启动:当屏幕蓝屏时重新启动计算机。
(4)显示隐藏文件:显示系统中隐藏的文件。
(5)显示文件扩展名:显示系统中所有文件的扩展名。-My Super Rabbit click the button, respectively, to set its corresponding function. Settings before you see the bottom of the note. 1. Management of key system settings function as follows: (1) back up the registry: the contents of the current registry backup system. (2) to restore the registry: the registry restore the backup to the system. (3) automatically restarts after blue screen: blue screen when the screen when you restart the computer. (4) show hidden files: Show hidden files system. (5) shows the file extensions: show all file extensions.
Platform: |
Size: 387072 |
Author: yangsap |
Hits:
Description: 恶作剧,让别人的电脑彻底瘫痪,删除注册表
隐藏任务管理器和关机键-Prank, let someone else' s computer completely paralyzed, delete hidden registry keys Task Manager and shut down
Platform: |
Size: 2048 |
Author: 艾泽魁 |
Hits:
Description: rookit 编写 整理框架齐全,包括进程隐藏,文件隐藏,服务隐藏,注册表隐藏,端口隐藏等。各种隐藏方式,是学习rookit很好的资料-Rookit write complete finishing framework, including the hidden process, hidden files, hidden services, hidden registry port hidden. A variety of hidden learning rookit good information
Platform: |
Size: 194560 |
Author: wuying |
Hits: