Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation...
-Many people are aware of the process to port a free map of Fport FoundStone tool, but he does not provide source code, I tried from its binary documents to find some information, he is generally aware of the use of some functions not open to the public, such as : ZwOpenSection, ZwQuerySystemInformation ... Platform: |
Size: 79259 |
Author:ms-dos |
Hits:
Description: 查找进程,目录/文件,注册表等操作系统将最终调用
ZwQueryDirectoryFile,ZwQuerySystemInformation,ZwXXXvalueKey
等函数。要想拦截这些函数达到隐藏目的,需先自己实现以上函数,
并修改系统维护的一个 SYSCALL 表使之指向自己预先定义的函数。
因 SYSCALL 表在用户层不可见,所以要写 DRIVE 在 RING 0 下 才
可修改。-the search process, directories / files, the registry, such as the operating system will eventually call ZwQueryDirectoryFile, ZwQuerySystemInformation, ZwXXXvalueKey functions. To achieve these functions interception hidden purpose, the need to achieve over his first function, and modifying the system to maintain a SYSCALL table to make it at their pre-defined function. SYSCALL table for the user-visible, write DRIVE at RING 0 under any amendment. Platform: |
Size: 4060 |
Author:aaaa |
Hits:
Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation-Many people are aware of the process to port a free map of Fport FoundStone tool, but he does not provide source code, I tried from its binary documents to find some information, he is generally aware of the use of some functions not open to the public, such as : ZwOpenSection, ZwQuerySystemInformation Platform: |
Size: 141178 |
Author:杜宇 |
Hits:
Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation-Many people are aware of the process to port a free map of Fport FoundStone tool, but he does not provide source code, I tried from its binary documents to find some information, he is generally aware of the use of some functions not open to the public, such as : ZwOpenSection, ZwQuerySystemInformation Platform: |
Size: 141312 |
Author:杜宇 |
Hits:
Description: 很多人都知道端口到进程映射的一个免费工具FoundStone的Fport,可惜他不提供源码,我试着能从其二进制文件中找出一些信息,大致知道他使用了些未公开函数,诸如: ZwOpenSection,ZwQuerySystemInformation...
-Many people are aware of the process to port a free map of Fport FoundStone tool, but he does not provide source code, I tried from its binary documents to find some information, he is generally aware of the use of some functions not open to the public, such as : ZwOpenSection, ZwQuerySystemInformation ... Platform: |
Size: 78848 |
Author:ms-dos |
Hits:
Description: 查找进程,目录/文件,注册表等操作系统将最终调用
ZwQueryDirectoryFile,ZwQuerySystemInformation,ZwXXXvalueKey
等函数。要想拦截这些函数达到隐藏目的,需先自己实现以上函数,
并修改系统维护的一个 SYSCALL 表使之指向自己预先定义的函数。
因 SYSCALL 表在用户层不可见,所以要写 DRIVE 在 RING 0 下 才
可修改。-the search process, directories/files, the registry, such as the operating system will eventually call ZwQueryDirectoryFile, ZwQuerySystemInformation, ZwXXXvalueKey functions. To achieve these functions interception hidden purpose, the need to achieve over his first function, and modifying the system to maintain a SYSCALL table to make it at their pre-defined function. SYSCALL table for the user-visible, write DRIVE at RING 0 under any amendment. Platform: |
Size: 4096 |
Author:aaaa |
Hits:
Description: ZwQuerySystemInformation如题,ZwQuerySystemInformation核心函数的应用示例,编写的一个任务管理器,该函数内部50个系统信息,壳根据自己的需要得到系统的核心信息,极具参考价值!-ZwQuerySystemInformation such as title, ZwQuerySystemInformation core function of the application of the sample, prepared by a task manager, the function of information within the system 50, the shell system in accordance with their core information needs to be, very useful! Platform: |
Size: 5120 |
Author:yy |
Hits:
Description: SSDT Hook 简单示例 Hook Native Api ZwQuerySystemInformation 达到隐藏cmd.exe进程的效果,进程名没有大小写限制。(学习agony RootKit的成果)-The SSDT Hook, Native Api the ZwQuerySystemInformation native API to hide the effects of the cmd.exe process, process name is not a case limit. Platform: |
Size: 2169856 |
Author:bug |
Hits:
Description: Ring3 ZwQuerySystemInformation Hook(HideProcess) 环境是xp sp2。需要注意的是在Debug版本中可能会存在问题,因为在使用WriteProcessMemory的时候可能会把int 3拷贝过去,所以大家要使用最好使用Release版。-ZwQuerySystemInformation Hook Ring3 (HideProcess) environment is SP2 xp. It should be noted that the Debug version may be a problem, because in the use of WriteProcessMemory may be the int 3 copy in the past, so we want to use the best use of Release version. Platform: |
Size: 21504 |
Author:Gray |
Hits:
Search - ZwQuerySystemInformation a