搜索资源列表
hHooksZwQuerySystemInformation
- hHook 内核ntoskrnl sZwQuerySystemInformation隐藏任务管理器进程名-hHook kernel ntoskrnl sZwQuerySystemInforma tion task management device hidden from the process
hookntcontinue
- ring0--hook NtContinue+source_code ring0下面hookNtContinue 使用drx7寄存器实现的hook this code hooks ntoskrnl!NtContinue to set dr7 to 0 (no updating of dr7) so NtContinue called from ring3 cannot alter drX registers...
ssdt.
- Delphi开发驱动的一个例子 1.映射ntoskrnl.exe到内存 2.重定位信息... 3.搜索SSDT基址 4.补丁回去
hHooksZwQuerySystemInformation
- hHook 内核ntoskrnl sZwQuerySystemInformation隐藏任务管理器进程名-hHook kernel ntoskrnl sZwQuerySystemInforma tion task management device hidden from the process
hookntcontinue
- ring0--hook NtContinue+source_code ring0下面hookNtContinue 使用drx7寄存器实现的hook this code hooks ntoskrnl!NtContinue to set dr7 to 0 (no updating of dr7) so NtContinue called from ring3 cannot alter drX registers...
iceext-0.70-src
- ICEExt for Driver Studio3.2的sourcecode -ICEExt for Driver Studio3.2 the sourcecode
ssdt.
- Delphi开发驱动的一个例子 1.映射ntoskrnl.exe到内存 2.重定位信息... 3.搜索SSDT基址 4.补丁回去-Delphi developed an example-driven 1. Mappings ntoskrnl.exe into memory 2. ... 3, re-positioning information. Search SSDT base address 4. Patch
SKSRA
- 解析内核ntoskrnl的EAT,获取相应的内核例程的地址-analyze ntoskrnl s EAT ,and get the address of related system rountine.
TEasySYS
- EasySYS English version Driver maker
cputemp
- CPUTemp - the compact monitor of temperature of the processor. Used libraries: ntoskrnl.lib
KernelLookup
- Open Source SSDT Hook detection utility, it will scan the SSDT Entries in the kernel (ntoskrnl.exe) and find the functions that are hooked & not in the kernel base address range .
x64ssdt
- Get entry point of SSDT on x64 which not exported from ntoskrnl.exe like older os
neihe
- 获取内核ntoskrnl.exe基地址的几种常见办法-Access to the kernel ntoskrnl.exe base address several common approaches
test_blue
- 一个进入ring0并且能调用ntoskrnl.exe的导出函数的源码。十分整蛊。-This is the code to enter RING0 and call the export function in ntoskrnl.exe ...Very tricky.
InstDrv
- 驱动编译说明: 可以支持多个Obj驱动编译,编译出错会回馈错误信息 编译时,只能把驱动obj文件和所需的LIB支持库,放在“驱动编译.exe”目录下 使用某些LIB支持库编译成功的驱动,也会加载不了 比如:"C:\1.obj" 编译时,请把"C:\1.*" 保存好,否则会误删 驱动是否编译成功,以驱动加载工具为效果,与以下支持库有冲突的都编译成功的驱动,也会加载不了
ntoskrnlsZwQuerySystemInformation
- 对 Hook 内核ntoskrnl sZwQuerySystemInformation隐藏任务管理器进程名 的彻底完善-Hook the kernel ntoskrnl' sZwQuerySystemInformation hide the Task Manager process name completely perfect
ntoskrnl
- 这是一个有关RING0编程中需要的数据结构,采用了C++格式,希望能对大家有帮助!-This is a RING0 programming required data structures, using a C++ format, I hope you can help!
CreateProcessNotify
- NT/2K provides a set of APIs, known as "Process Structure Routines" [2] exported by NTOSKRNL. One of these APIs PsSetCreateProcessNotifyRoutine() offers the ability to register system-wide callback function which is call
SDT_UnHook_Code
- 通过读取ntoskrnl.exe文件的导出函数API相对虚拟地址,找到ntoskrnl.exe在内存中的基地址,计算各个API真正的起始地址,比较SSDT表中对应的API地址,不同则去掉SSDT钩子的驱动代码-First,the driver code acquires the RVA of APIs the export table of ntoskrnl.exe.Second,program acquires the base a
neihe
- 获取内核ntoskrnl.exe基地址的几种常见办法-Access to the kernel ntoskrnl.exe base address several common approaches