文件名称:Rootkit
介绍说明--下载内容均来自于网络,请自行研究使用
看雪里面【专题四】Rootkit的学习与研究文章的收集BY:脚本QQ:175943462-Snow look inside four】 【Rootkit topic of study and research on the collection of article BY: scr ipt QQ: 175943462
(系统自动生成,下载前可以参看下载内容)
下载文件列表
| 文件名 | 大小 | 更新时间 |
|---|---|---|
| 【专题四】Rootkit的学习与研究 | ||
| .............................\Read me.txt | ||
| .............................\Rootkit | ||
| .............................\.......\1。 内核hook | ||
| .............................\.......\............\1)object hook | ||
| .............................\.......\............\..............\1)object hook.doc | ||
| .............................\.......\............\2)ssdt hook | ||
| .............................\.......\............\............\2)ssdt hook.doc | ||
| .............................\.......\............\............\SSDT Hook的妙用-对抗ring0 inline hook .doc | ||
| .............................\.......\............\............\swk0207.rar | ||
| .............................\.......\............\3)inline-hook | ||
| .............................\.......\............\..............\360SuperKill学习之--恢复FSD的IRP处理函数.doc | ||
| .............................\.......\............\..............\3)inline-hook.doc | ||
| .............................\.......\............\..............\cnnic.rar | ||
| .............................\.......\............\..............\ExpLookupHandleTableEntry.rar | ||
| .............................\.......\............\..............\ExpLookupHandleTableEntry2.rar | ||
| .............................\.......\............\..............\kill_SecuritySoftware.rar | ||
| .............................\.......\............\..............\PsLookupProcessByProcessId执行流程学习笔记.doc | ||
| .............................\.......\............\..............\句柄啊,3层表啊,ExpLookupHandleTableEntry啊.doc | ||
| .............................\.......\............\..............\干掉KV 2008 | Rising等大部分杀软.doc | |
| .............................\.......\............\..............\搜索未导出的函数地址.doc | ||
| .............................\.......\............\4)idt hook | ||
| .............................\.......\............\...........\bhwin_keysniff.rar | ||
| .............................\.......\............\...........\IDT Hook .doc | ||
| .............................\.......\............\5)IRP hook | ||
| .............................\.......\............\...........\5)IRP hook.doc | ||
| .............................\.......\............\...........\irphook1.rar | ||
| .............................\.......\............\...........\irphook2.rar | ||
| .............................\.......\............\...........\irphook3.rar | ||
| .............................\.......\............\6)SYSENTER hook | ||
| .............................\.......\............\................\6)SYSENTER hook.doc | ||
| .............................\.......\............\................\SysEnterHook.rar | ||
| .............................\.......\............\7)IAT HOOK | ||
| .............................\.......\............\...........\7)IAT HOOK.doc | ||
| .............................\.......\............\...........\HybridHook.rar | ||
| .............................\.......\............\...........\testtest.rar | ||
| .............................\.......\............\8)EAT HOOK | ||
| .............................\.......\............\...........\8)EAT HOOK.doc | ||
| .............................\.......\............\...........\利用导出表来禁止一些驱动程序的加载.doc | ||
| .............................\.......\............\...........\导出表钩子.rar | ||
| .............................\.......\2。保护模式篇章第一部分: ring3进ring0之门 | ||
| .............................\.......\..........................................\1)通过调用门访问内核 | ||
| .............................\.......\..........................................\....................\1)通过调用门访问内核.doc | ||
| .............................\.......\..........................................\....................\myCallGate.rar | ||
| .............................\.......\..........................................\....................\test.rar | ||
| .............................\.......\..........................................\2)通过中断门访问内核 | ||
| .............................\.......\..........................................\....................\2)通过中断门访问内核.doc | ||
| .............................\.......\..........................................\....................\myIntGate.rar | ||
| .............................\.......\...................................... |