文件名称:s0rc
- 所属分类:
- 杀毒
- 资源属性:
- [Windows] [Visual C] [源码]
- 上传时间:
- 2012-11-26
- 文件大小:
- 68kb
- 下载次数:
- 0次
- 提 供 者:
- 姜*
- 相关连接:
- 无
- 下载说明:
- 别用迅雷下载,失败请重下,重下不扣分!
介绍说明--下载内容均来自于网络,请自行研究使用
新版本“NT系统通用进程保护”完整代码(exe & sys)
保护了进程&线程,除了恢复钩子,不用APC方式是杀不死的。
不过给线程胡乱发送消息还是能*,Ring 0内存清零也能*。
过几天我把防御“给线程发消息”和“Ring 0内存清零”的驱动发上来。-New version of the " NT System general process protection," complete code (exe & sys) to protect the process & thread, in addition to recovery hooks, no way to kill the APC. However, sending messages to a thread, or can kill indiscriminately, Ring 0 memory is cleared can kill. In a few days I defense " to the thread message" and " Ring 0 memory is cleared," the driver made up.
保护了进程&线程,除了恢复钩子,不用APC方式是杀不死的。
不过给线程胡乱发送消息还是能*,Ring 0内存清零也能*。
过几天我把防御“给线程发消息”和“Ring 0内存清零”的驱动发上来。-New version of the " NT System general process protection," complete code (exe & sys) to protect the process & thread, in addition to recovery hooks, no way to kill the APC. However, sending messages to a thread, or can kill indiscriminately, Ring 0 memory is cleared can kill. In a few days I defense " to the thread message" and " Ring 0 memory is cleared," the driver made up.
(系统自动生成,下载前可以参看下载内容)
下载文件列表
InlineHook_OROBH\buildchk_wnet_x86.log
................\dbghelp.h
................\ddkbuild.bat
................\inlineObReferenceObjectByHandle.dsp
................\inlineObReferenceObjectByHandle.dsw
................\inlineObReferenceObjectByHandle.ncb
................\inlineObReferenceObjectByHandle.plg
................\makefile
................\readme.txt
................\buildchk.log
................\sources
................\buildchk_wnet_x86.err
................\buildchk_wxp_x86.log
................\inlineObReferenceObjectByHandle.c
................\inlineObReferenceObjectByHandle.h
................\inlineObReferenceObjectByHandle.opt
................\VB\cls_Driver.cls
................\..\MSSCCPRJ.SCC
................\..\工程1.vbw
................\..\inlineObReferenceObjectByHandle.sys
................\..\vb_test.exe
................\..\form1.frm
................\..\工程1.vbp
................\objchk_wxp_x86\i386\inlineobreferenceobjectbyhandle.obj
................\..............\....\inlineObReferenceObjectByHandle.sys
................\..............\....\inlineObReferenceObjectByHandle.pdb
................\..............\_objects.mac
................\..............\i386
................\VB
................\objchk_wxp_x86
InlineHook_OROBH
................\dbghelp.h
................\ddkbuild.bat
................\inlineObReferenceObjectByHandle.dsp
................\inlineObReferenceObjectByHandle.dsw
................\inlineObReferenceObjectByHandle.ncb
................\inlineObReferenceObjectByHandle.plg
................\makefile
................\readme.txt
................\buildchk.log
................\sources
................\buildchk_wnet_x86.err
................\buildchk_wxp_x86.log
................\inlineObReferenceObjectByHandle.c
................\inlineObReferenceObjectByHandle.h
................\inlineObReferenceObjectByHandle.opt
................\VB\cls_Driver.cls
................\..\MSSCCPRJ.SCC
................\..\工程1.vbw
................\..\inlineObReferenceObjectByHandle.sys
................\..\vb_test.exe
................\..\form1.frm
................\..\工程1.vbp
................\objchk_wxp_x86\i386\inlineobreferenceobjectbyhandle.obj
................\..............\....\inlineObReferenceObjectByHandle.sys
................\..............\....\inlineObReferenceObjectByHandle.pdb
................\..............\_objects.mac
................\..............\i386
................\VB
................\objchk_wxp_x86
InlineHook_OROBH