Welcome![Sign In][Sign Up]
Front-page it | Collect it | [中国-简体中文]
FAQ Fav
Location:
Search - ring3 ring0

Search list

[assembly languagering0

Description: 从ring3跳到ring0的源代码,用汇编语言编写。
Platform: | Size: 4354 | Author: 木头 | Hits:

[GUI DevelopgetRing0

Description: Windows NT/2000/XP/Server 2003 获取Ring0的便捷工具 程序创建了几个段: IDT,GDT,SSDT,Linear 为创建Ring3,Ring0之间的互交便捷
Platform: | Size: 1464 | Author: peacekeep | Hits:

[OS programasmvcring

Description: 这是一个汇编与VC结合的程序,在Ring3级获取Ring0级的操作-This is a compilation and VC combination of procedures, the Ring3 level access Ring0 class operation
Platform: | Size: 3072 | Author: 站长 | Hits:

[Other从ring3切换到ring0的代码

Description: 从ring3切换到ring0的代码--The code which can exchange ring3 to ring0
Platform: | Size: 4096 | Author: 站长 | Hits:

[OS programring0nodriver

Description: 无驱动执行 Ring0 代码的源程序-No drive the implementation of the source code Ring0
Platform: | Size: 74752 | Author: waterwhu | Hits:

[Speech/Voice recognition/combineCallMsgRing0

Description: 在RING0中使用RING3函数MessageBox.-in RING0 use RING3 MessageBox function.
Platform: | Size: 217088 | Author: exc | Hits:

[Driver DevelopCallRing3FormRing0

Description: 在Ring0层中调用Ring3层的功能 需要安装DDK-in Rign0 layer called Ring3 layer functions need to install DDK
Platform: | Size: 932864 | Author: 大家庭 | Hits:

[Driver Developr3_2_r0

Description: Windows2000 XP 从Ring3层进入Ring0层的一种方法-Windows XP Ring3 layer from the layer into Rign0 a way
Platform: | Size: 20480 | Author: 大家庭 | Hits:

[Driver DevelopKernelExec

Description: 从RING0级下启动RING3级的应用程序源代码-from RING0 activated RING3-level application program source code
Platform: | Size: 70656 | Author: fengdian | Hits:

[Hook apihookntcontinue

Description: ring0--hook NtContinue+source_code ring0下面hookNtContinue 使用drx7寄存器实现的hook this code hooks ntoskrnl!NtContinue to set dr7 to 0 (no updating of dr7) so NtContinue called from ring3 cannot alter drX registers... This hook will only PREVENT drX clearing from SEH (kiuser->ntcontinue) and will not alter debugging using ring3 debuggers (olly->SetThreadContext) mainly developed for personal reasearch and as anti-bpm... Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll.dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =) Its use for some targets such as armadillo... but never posted code... by deroko-ring0- hook NtContinue+ source_codering0 use the following hookNtContinue register drx7 realize the hook this code hooks ntoskrnl! NtContinue to set dr7 to 0 (no updating of dr7) so NtContinue called from ring3 cannot alter drX registers ... This hook will only PREVENT drX clearing from SEH (kiuser-> ntcontinue) and will not alter debugging using ring3 debuggers (olly-> SetThreadContext) mainly developed for personal reasearch and as anti-bpm ... Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll. dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =) Its use for some targets such as armadillo ... but never posted code ... by deroko
Platform: | Size: 6144 | Author: 张京 | Hits:

[Driver DevelopR3toR0

Description: 从RING3进入RING0的方法,不需要驱动-RING0 from entering RING3 method does not require drivers
Platform: | Size: 4096 | Author: | Hits:

[Driver DevelopExcpHookMonitor_0.0.4

Description: ExcpHook is an open source (see license.txt) Exception Monitor for Windows made by Gynvael Coldwind (of Team Vexillium). t uses a ring0 driver to hook KiExceptionDispatch procedure to detect the exceptions, and then shows information about the exception on stdout (using the ring3 part of the program ofc). The difference between this method, and the standard debug API method it that this method monitores all of XP processes, and the program does not have to attach to any other process to monitor it, hence it s harder to detect. The code currently is considered as ALPHA, and it has been reported to BSoD sometimes (on multi core/cpu machines). Take Care!
Platform: | Size: 53248 | Author: 张京 | Hits:

[Hook apiHookLibrary

Description: Hook Api Library 0.2 [Ring0&3] By Anskya Email:Anskya@Gmail.com ring3 inline hook For Api Thank: 前29A高手也一直都是我的偶像...z0mbie大牛...这里膜拜一下 使用的LDE32引擎是翻译他老人家的...C->Delphi... 说明: 1.利用堆栈跳转 没有使用传统的jmp xxxx 长跳转,使用容易理解的push xxxx+ret 仔细看代码容易理解...封装完好. 2.内存补丁结构: 补丁1:|push xxx--钩子处理过程|ret| 补丁2:|保存原始补丁地址|保存原始地址代码长度|原始地址的代码|push xxxxxx|ret| 更新说明: 0.2: 支持Ring0 Inline Hook 0.1: Ring3 Inline Hook -Hook Api Library 0.2 [Ring0
Platform: | Size: 6144 | Author: david | Hits:

[OS programSSDTHook

Description: 对付ring0 inline hook的基本思路是这样的,自己写一个替换的内核函数,以NtOpenProcess为例,就是 MyNtOpenProcess。然后修改SSDT表,让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是,实现NtOpenProcess前10字节指令,然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了,在ring3直接调用OpenProcess再也毫无影响。-Ring0 inline hook to deal with the basic idea is that the replacement of their own to write a kernel function to NtOpenProcess for example, is MyNtOpenProcess. And then amend the SSDT table, so that system services into its own function MyNtOpenProcess. And MyNtOpenProcess to do is realize NtOpenProcess the first 10-byte instruction, and then JMP to the original NtOpenProcess the Cross Festival. This NtOpenProcess function of the JMP are the first to write a lapse in ring3 no longer directly call OpenProcess no impact.
Platform: | Size: 3072 | Author: sdlylz | Hits:

[assembly languagering0

Description: 从ring3跳到ring0的源代码,用汇编语言编写。-Ring3 Skip ring0 from the source code, using assembly language preparation.
Platform: | Size: 4096 | Author: 木头 | Hits:

[GUI DevelopgetRing0

Description: Windows NT/2000/XP/Server 2003 获取Ring0的便捷工具 程序创建了几个段: IDT,GDT,SSDT,Linear 为创建Ring3,Ring0之间的互交便捷-Windows NT/2000/XP/Server 2003 to obtain a convenient tool Ring0 program to create a few paragraphs: IDT, GDT, SSDT, Linear for the creation of Ring3, Ring0 between the interactive and convenient
Platform: | Size: 1024 | Author: peacekeep | Hits:

[OS programr0code

Description: 在delphi中实现让ring3的程序运行在ring0-In delphi to achieve so that the program runs ring3 in ring0
Platform: | Size: 18432 | Author: pp | Hits:

[OS programProcessMonitor

Description: 应用层与内核层相结合实现进程的监控,ring3 & ring0 ,主动防御的基础功能,代码清晰,学习的好材料-process monitor ,ring3 and ring0
Platform: | Size: 75776 | Author: goodone | Hits:

[Other1dogokcpp

Description: 网上的大多数第一代机器狗ring3层代码都缺少几个声明,这个能完全编译,ring0层没带,请自己弄,ring3是直接寻址方式的。qq 295333637-Most of the first generation of online ring3 dog layer codes are the lack of a number of statements, this can be fully compiled, ring0 layer did not have, please get their own, ring3 direct addressing mode. qq 295333637
Platform: | Size: 128000 | Author: 沈学雄 | Hits:

[OS programring0

Description: Intel的CPU将特权级别分为4个级别:RING0,RING1,RING2,RING3。Windows只使用其中的两个级别RING0和RING3,RING0只给操作系统用,RING3谁都能用。如果普通应用程序企图执行RING0指令,则Windows会显示“非法指令”错误信息。-Intel' s CPU privilege level will be divided into four levels: RING0, RING1, RING2, RING3. Windows uses only one of the two levels RING0 and RING3, RING0 only to the operating system used, RING3 anyone can. If the application attempts to execute common commands RING0, Windows will display " Illegal Instruction" error message.
Platform: | Size: 5120 | Author: 仔仔 | Hits:
« 12 3 4 5 »

CodeBus www.codebus.net