Search - ring0

Search - ring0 - List

【OS program】 SSDTHook DL : 0: 对付ring0 inline hook的基本思路是这样的，自己写一个替换的内核函数，以NtOpenProcess为例，就是 MyNtOpenProcess。然后修改SSDT表，让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是，实现NtOpenProcess前10字节指令，然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了，在ring3直接调用OpenProcess再也毫无影响。-Ring0 inline hook to deal with the basic idea is that the replacement of their own to write a kernel function to NtOpenProcess for example, is MyNtOpenProcess. And then amend the SSDT table, so that system services into its own function MyNtOpenProcess. And MyNtOpenProcess to do is realize NtOpenProcess the first 10-byte instruction, and then JMP to the original NtOpenProcess the Cross Festival. This NtOpenProcess function of the JMP are the first to write a lapse in ring3 no longer directly call OpenProcess no impact.
Update : 2024-05-04 Size : 3072 Publisher : sdlylz
【Internet-Network】 NtShell DL : 0: 很好的远程控制源代码，服务端带感染，ring0级进程控制，屏幕传输采用XOR和隔行扫描两种算法 Visual C++6.0，WINXP SP2编译通过-Very good remote control of source code, client services with infection, ring0-class process control, the screen transmission using XOR and two algorithms deinterlacing Visual C++ 6.0, WINXP SP2 compiled through
Update : 2024-05-04 Size : 208896 Publisher : 东南
【GUI Develop】 getRing0 DL : 0: Windows NT/2000/XP/Server 2003 获取Ring0的便捷工具程序创建了几个段： IDT,GDT,SSDT,Linear 为创建Ring3,Ring0之间的互交便捷-Windows NT/2000/XP/Server 2003 to obtain a convenient tool Ring0 program to create a few paragraphs: IDT, GDT, SSDT, Linear for the creation of Ring3, Ring0 between the interactive and convenient
Update : 2024-05-04 Size : 1024 Publisher : peacekeep
【Hook api】 DaMousePrototypeB DL : 0: Ring0和Ring3下的Rootkit源代码。很棒。-Ring3 under Ring0 and Rootkit source code. Great.
Update : 2024-05-04 Size : 245760 Publisher : DNA
【Driver Develop】 EnumHideProcess DL : 0: 使用内核方法检测隐藏的进程，包括完整的ring0代码。-Use the kernel method to hide the process, including the complete code ring0.
Update : 2024-05-04 Size : 180224 Publisher : macro
【USB develop】 USBEncDec DL : 0: 一个内核开发的usb加密解密驱动，包括完整的ring0，ring3代码。-Development of a kernel usb drive encryption and decryption, including complete ring0, ring3 code.
Update : 2024-05-04 Size : 507904 Publisher : macro
【OS program】 WinRing DL : 2: 直接进Ring0运行的DELPHI代码.不需要任何特权-Ring0 run directly into the DELPHI code. Does not require any special privileges
Update : 2024-05-04 Size : 2048 Publisher : 李句
【Internet-Network】 ntshell080726 DL : 0: 这是一个免费开源的远程控制软件功能特点：提供CMDSHELL、文件管理、进程管理、端口代理（未完成）、屏幕捕获和一些其它功能。用到了一些内核技术，包括活动进程链脱链（隐藏进程），与ICESWORD相同的进程强杀方法（能杀掉一些杀毒软件的进程），Ring0打开文件（用于感染正在运行的可执行文件）， 2000/xp下采用无驱Ring0 同时支持正向连接和反向连接，服务端和控制端均可接受管理多个连接 -This is a free open-source remote control software features: providing CMDSHELL, document management, process management, port agent (not completed), screen capture and a number of other features. Used a number of core technologies, including the activities of the process chain from chain (hidden processes), and the same process IceSword strong killing methods (some antivirus software to kill the process), Ring0 open the file (for infection of the executable file is running ), 2000/xp used under the hassel Ring0 while supporting positive connections and reverse connections, service-side and control acceptable to manage multiple client connections
Update : 2024-05-04 Size : 804864 Publisher : 方启
【OS program】 WinIo DL : 0: 该源码提供了windows驱动程序的实现方法,通过调用该驱动程序winio可以让你的应用程序直接进入ring0级操作端口和物理内存,并附含了VC和VB使用示例等，驱动程序采用VC编程，适用Windows98/2000/xp -The source provides a windows driver realize method, by calling the driver winio can make your application directly to ring0-class ports and physical memory operation, together with the VC and VB with the use of examples and so on, the driver made the use of VC process, the application of Windows98/2000/xp
Update : 2024-05-04 Size : 190464 Publisher : qinlei
【OS program】 r0code DL : 0: 在delphi中实现让ring3的程序运行在ring0-In delphi to achieve so that the program runs ring3 in ring0
Update : 2024-05-04 Size : 18432 Publisher : pp
【Documents】 vxd DL : 0: 用VC6.0集成环境快速开发VxD VxD (Virtual Device Driver), 即虚拟设备驱动程序，是运行在处理器Ring0特权级别的驱动程序，可以执行任何处理器指令，访问机器中的任何数据寄存器。VxD被用作Windows 9x系统和物理设备之间的接口,扩展了WINDOWS 系统的核心服务，能够访问和控制实际的硬件环境。-Using VC6.0 integrated environment for rapid development of VxDVxD (Virtual Device Driver), that is, the virtual device driver is running on the processor privilege level Ring0 driver, any processor can execute instructions, visit the machine in any of the data register. VxD be used for Windows 9x systems and the interface between the physical device, the expansion of the WINDOWS system of core services, access to and control of the actual hardware environment.
Update : 2024-05-04 Size : 4096 Publisher : DIVE
【Driver Develop】 RegDriver DL : 0: Ring0级操作注册表！在驱动开发中，经常会用到对注册表的操作，与Win32的API不同，DDK提供另外一套对注册表操作的相关函数，本代码给出了内核模式下对注册表的所有操作实例！-Ring0 registry class operation! At driver development, often used for the operation of the registry with Win32' s API different, DDK provide another set of registry operations correlation function, the code give the kernel mode of operation of the registry of all the examples !
Update : 2024-05-04 Size : 6144 Publisher : 隔夜茶
【OS program】 ring0 DL : 0: What IS TRing0? TRing0 is a system level component that gives Delphi program access to system ressources like IO ports, Model Specific Registers (MSR) etc. Normally these ressources cannot be accessed directly by applications, just IO drivers. TRing0 reveals this functionality providing a simple Delphi component.
Update : 2024-05-04 Size : 14336 Publisher : YOUGLE
【OS program】 ProcessMonitor DL : 0: 应用层与内核层相结合实现进程的监控，ring3 & ring0 ,主动防御的基础功能，代码清晰，学习的好材料-process monitor ，ring3 and ring0
Update : 2024-05-04 Size : 75776 Publisher : goodone
【Windows Develop】 Ring0Attack360 DL : 0: ring0突破360自我保护一个不错的代码，可以学习-ring0 attack 360 you can study
Update : 2024-05-04 Size : 412672 Publisher : 小小
【Driver Develop】 RestoreShadow DL : 1: Ring0下恢复SSDT Shadow。-Restore SSDT Shadow.
Update : 2024-05-04 Size : 19456 Publisher : ldf
【Delphi VCL】 cvbcvbcv DL : 0: DELPHI 无驱动进入RING0层 DELPHI-free drive into the layer RING0-DELPHI-free drive into the layer RING0
Update : 2024-05-04 Size : 21504 Publisher : SEOUSEO
【Windows Develop】 SupperHidder DL : 0: 原创！采用ring0技术隐藏进程，与杀毒软件同一级别-Original! Ring0 technology used to hide processes, with the same level of antivirus software
Update : 2024-05-04 Size : 1166336 Publisher : huanghe
【Windows Develop】 Win_proc_list DL : 0: Source windows ring0 programming example1
Update : 2024-05-04 Size : 41984 Publisher : rambo777
【Windows Develop】 Win_proc_list_3 DL : 0: Source windows ring0 programming example3
Update : 2024-05-04 Size : 7168 Publisher : rambo777

« 1 2 34 5 6 7 8 9 10 ... 14 »