搜索资源列表
_936480533__def_disable
- 利用恢复SSDT来对付杀毒软件的主动防御的代码例子-resume SSDT use anti-virus software to deal with the active defense of code examples
_936480533__def_disable
- 利用恢复SSDT来对付杀毒软件的主动防御的代码例子-resume SSDT use anti-virus software to deal with the active defense of code examples
Silberman-Butler
- 鼎鼎大名的反rootkit工具RAIDE的官方设计文档!-Anti-rootkit tools鼎鼎大名raide the official design document!
antiTX
- 1.恢复shadow ssdt 2.恢复 NtReadVirtualMemory NtWriteVirtualMemory NtOpenProcess NtOpenThread KiAttachProce-1.恢复shadow ssdt 2.恢复 NtReadVirtualMemory NtWriteVirtualMemory NtOpenProcess NtOpenThread K
anti-hook-ssdt
- ssdt钩子检测,利用查找ntkrnlpa.exe中导出的ssdt的起始地址和大小,比较实际的ssdt地址表中的内容,找出钩子-ssdt hook detection, the use of export ntkrnlpa.exe Find ssdt the start address and size, a more realistic ssdt address the contents of the table to find ou
SESYS
- 取page段地址的代码 大概包括了ssdt, idt, msr钩子,3种notify,还有从文件读取偏移抗猥琐的代码. 支持这个编程板块-Get page segment address code probably includes ssdt, idt, msr hook, three kinds of notify, also read from the file offset anti-insignificant code. To
SSDT_UnHook_C
- SSDT_UnHook_C ssdt 绕过杀毒软件主动防御-SSDT_UnHook_C ssdt to bypass anti-virus software, Active Defense
UTM4XP
- 一个简单ARK源码。包括进线程操作,隐藏进程检测,SSDT,SHADOW SSDT hook查看-An anti-rookit tool
NtReadVirtualMemorysswe
- SSDT 下恢复 ntreadvirtualmemory 对抗一些反病毒程序 -SSDT resume ntreadvirtualmemory against some anti-virus program
SSDT
- 通过伪造SSDT表绕过360,安全卫士等杀毒软件主动防御-SSDT table to bypass 360 by forging, security guards and other anti-virus software, Active Defense
anti-ssdt
- Windows XP是通过sysenter调用KiFastCallEntry将ntdll.dll的调用切换到内核的。KiFastCallEntry的原理是通过在SSDT中查找函数地址跳转。所以只要伪造一张原始SSDT,就可以使得SSDT-HOOK无效了。-Windows XP by calling KiFastCallEntry sysenter ntdll.dll call will switch to the kernel. Ki
antiAVDLL
- 对抗杀毒软件的代码,来自一个抓取的样本,用了一些猥琐手段加载驱动,恢复SSDT-Against anti-virus software, code, sample from a crawl, with some insignificant means to load the driver and restore SSDT
SSDT--11
- SSDT的全稱是System Services Descr iptor Table,系統服務描述符表。這個表就是一個把ring3的Win32 API和ring0的內核API聯繫起來。SSDT並不僅僅只包含一個龐大的位址索引表,它還包含著一些其他有用的資訊,諸如位址索引的基底位址、服務函數個數等。 通過修改此表的函數位址可以對常用windows函數及API進行hook,從而實現對一些關心的系統動作進行過濾、監控的目的。一些HIPS
RestoreShadowSource
- SSDT恢复源代码,是学习SSDTHOOK的参考资料,可以应用于外挂反调试学习当中-SSDT recover the source code, is to learn SSDTHOOK reference, can be applied to study which external anti-debugging
anti_ssdt
- 过大多数网游反外挂代码 恢复各种SSDT inline hook-anti SSDT inline hook