搜索资源列表
dvKrnlData
- 该代码为我学习winnt内核时所写,主要功能是在ring3下通过DeviceIoControl与驱动进行通信,获取内核的数据以及sdt,idt信息等。并实现了hook NtQuerySystemInformation函数来实现进程隐藏的功能-The code for the kernel, I am learning winnt wrote, Its main function is in ring3 through DeviceIoControl communication with the
HideProcessHookMDL
- 通过驱动编程截获内核函数,实现隐藏进程,现今的木马一般选用这种技术-driven programming intercepted by the kernel function and realize hidden process, the current Trojan generally choose this technology
sysMonitor
- 一个实现系统注册表,进程启动和驱动加载的主动防御源代码
HideDriver_source.rar
- 在驱动下实现进程隐藏,在驱动下实现进程隐藏.,在驱动下实现进程隐藏,在驱动下实现进程隐藏.
driver
- 驱动级进程管理软件实现思路及源码分析。用于了解驱动进程管理机制的实现。-Drive process management software implementation ideas and source analysis. Used to understand the realization of process management mechanism driven.
Miss920
- Miss920程序行为监视器,运用SSDT HOOK技术,可以简单有效的监控程序行为,现在已经实现了进程监控,文件监控,注册表监控,并且可以有效快捷地进行二次开发。-Miss920 monitor program behavior, the use of SSDT HOOK technology, can be simple and effective monitoring of program behavior, the process has already been realized to
APCInsert
- 驱动创建进程,通过将异步APC注入到用户进程中实现-Driven creation process, through asynchronous APC is injected into the user process to achieve
DriverHideProcess
- 驱动级的隐藏进程---通过断链,PspCidTable,Csrss这几张表来实现进程的隐藏,源码可以直接编译!-HideProcess by driver ...
list
- 内核下的使用LIST_ENTRY实现的双链表,非进程安全 加入 删除 清空 功能. 包括一个自己定义的结构里面 ,根据某字符项删除某节点-Kernel LIST_ENTRY implemented the use of double linked list, deletion of non-empty process security features. Including a definition of the structure of their own which, accordi
syshide
- 通过hook实现文件,进程等的隐藏,注释详细,容易读懂-Through the hook files, processes, such as hidden, comments, detailed, easy to read
ProcessAndFileHider
- 实现了隐藏进程,使进程对任务管理器和进程查看器均不可见,使文件对资源管理器不可见 是驱动编程入门的好例子-Implement hiding process, make process invisible to task manager and process explorer and enable files invisible for windows explorer, it is a perfect example for driver programming.
24ProcessARK
- 驱动中实现检测隐藏进程的24种方法,带全部源码,非常有用!-Drive to achieve the 24 hidden processes detection methods, with full source code, very useful!
pci9054_dll
- 该应用程序调用pci9054驱动程序,实现pci板卡到PC机的数据传输,并在磁盘存盘。 2.主要优点:增加了本进程的工作集,开了较大的缓存,能用于大量突发数据的实时性传输。使用文件映射的方式写盘,速度很快。 3.使用方法:在你自己的应用程序中直接显式的或隐式的调用该DLL即可。该程序已在windows XP平台上测试通过 -The application calls pci9054 driver to achieve the pci card to a PC data transfer and
Hidden-process-detection
- 进程隐藏与检测,在驱动中通过hook ssdt表来实现进程隐藏的目的!-Hidden process detection process hidden in the drive through the hook ssdt table!
ProcessMonitor
- 驱动层实现枚举所有正在运行的进程id以及进程的名称-Get current processes id and their names in ring 0
YATMon_src
- 通过异步过程调用 APC 来实现内核枚举进程 。-Thread Monitor presents a view of process and thread execution with a bit more granularity than TaskManager, and uses the sparsely documented Asynchronous Procedure Call (APC) mechanism tocommunicate the kernels creation and
Windows_kernel
- Windows驱动编程,在内核级监听80端口,并实现进程隐藏-windows kernel
HideProcess.sys
- ssdt hook实现隐藏进程功能的驱动代码文件-ssdt hook hidden process driver code files
foundprocess
- 用VC++6.0实现的查找进程信息的小工具,浅显易懂;非常适合初学者对进程的了解;-This file contains a summary of what you will find in each of the files thatmake up your ShowAllProcess application.
testdeamon
- linux守护进程实现,centos6.2上编译通过-linux daemon