Windows Rootkit相关链接
2006-09-14 14:58
405 查看
[ 1] Avoiding Windows Rootkit Detection/Bypassing PatchFinder 2 - Edgar Barbosa[2004-02-17]
http://www.geocities.com/embarbosa/bypass/bypassEPA.pdf
[ 2] TOCTOU with NT System Service Hooking
http://www.securityfocus.com/archive/1/348570
TOCTOU with NT System Service Hooking Bug Demo
http://www.securesize.com/Resources/hookdemo.shtml
[ 3] Hooking Windows NT System Services
http://www.windowsitlibrary.com/content/356/06/1.html
http://www.windowsitlibrary.com/content/356/06/2.html
[ 4] NTIllusion: A portable Win32 userland rootkit - Kdm <Kodmaker@syshell.org>
http://www.phrack.org/phrack/62/p62-0x0c_Win32_Portable_Userland_Rootkit.txt
[ 5] Kernel-mode backdoors for Windows NT - firew0rker <firew0rker@nteam.ru>
http://www.phrack.org/phrack/62/p62-0x06_Kernel_Mode_Backdoors_for_Windows_NT.txt
[ 6] Win2K Kernel Hidden Process/Module Checker 0.1 (Proof-Of-Concept) - Tan Chew Keong[2004-05-23]
http://www.security.org.sg/code/kproccheck.html
http://www.security.org.sg/code/KProcCheck-0.1.zip
[ 7] port/connection hiding - akcom[2004-06-18]
http://www.rootkit.com/newsread_print.php?newsid=143
[ 8] Process Invincibility - metro_mystery[2004-06-13]
http://www.rootkit.com/newsread_print.php?newsid=139
[ 9] KCode Patching - hoglund[2004-06-06]
http://www.rootkit.com/newsread_print.php?newsid=152
http://www.rootkit.com/vault/hoglund/migbot.zip
[10] Hiding Window Handles through Shadow Table Hooking on Windows XP - metro_mystery[2004-06-12]
http://www.rootkit.com/newsread_print.php?newsid=137
[11] hooking functions not exported by ntoskrnl - akcom[2004-07-02]
http://www.rootkit.com/newsread_print.php?newsid=151
[12] A method of get the Address of PsLoadedModuleList - stoneclever[2004-06-10]
http://www.rootkit.com/newsread_print.php?newsid=135
[13] Fun with Kernel Structures (Plus FU all over again) - fuzen_op[2004-06-08]
http://www.rootkit.com/newsread_print.php?newsid=134
http://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip
[14] Getting Kernel Variables from KdVersionBlock, Part 2 - ionescu007[2004-07-11]
http://www.rootkit.com/newsread_print.php?newsid=153
[15] Byepass Scheduler List Process Detection - SoBeIt <kinvis@hotmail.com>[2004-04-25]
http://www.rootkit.com/newsread_print.php?newsid=117
[16] Detecting Hidden Processes by Hooking the SwapContext Function - worthy[2004-08-03]
http://www.rootkit.com/newsread_print.php?newsid=170
http://www.geocities.com/embarbosa/bypass/bypassEPA.pdf
[ 2] TOCTOU with NT System Service Hooking
http://www.securityfocus.com/archive/1/348570
TOCTOU with NT System Service Hooking Bug Demo
http://www.securesize.com/Resources/hookdemo.shtml
[ 3] Hooking Windows NT System Services
http://www.windowsitlibrary.com/content/356/06/1.html
http://www.windowsitlibrary.com/content/356/06/2.html
[ 4] NTIllusion: A portable Win32 userland rootkit - Kdm <Kodmaker@syshell.org>
http://www.phrack.org/phrack/62/p62-0x0c_Win32_Portable_Userland_Rootkit.txt
[ 5] Kernel-mode backdoors for Windows NT - firew0rker <firew0rker@nteam.ru>
http://www.phrack.org/phrack/62/p62-0x06_Kernel_Mode_Backdoors_for_Windows_NT.txt
[ 6] Win2K Kernel Hidden Process/Module Checker 0.1 (Proof-Of-Concept) - Tan Chew Keong[2004-05-23]
http://www.security.org.sg/code/kproccheck.html
http://www.security.org.sg/code/KProcCheck-0.1.zip
[ 7] port/connection hiding - akcom[2004-06-18]
http://www.rootkit.com/newsread_print.php?newsid=143
[ 8] Process Invincibility - metro_mystery[2004-06-13]
http://www.rootkit.com/newsread_print.php?newsid=139
[ 9] KCode Patching - hoglund[2004-06-06]
http://www.rootkit.com/newsread_print.php?newsid=152
http://www.rootkit.com/vault/hoglund/migbot.zip
[10] Hiding Window Handles through Shadow Table Hooking on Windows XP - metro_mystery[2004-06-12]
http://www.rootkit.com/newsread_print.php?newsid=137
[11] hooking functions not exported by ntoskrnl - akcom[2004-07-02]
http://www.rootkit.com/newsread_print.php?newsid=151
[12] A method of get the Address of PsLoadedModuleList - stoneclever[2004-06-10]
http://www.rootkit.com/newsread_print.php?newsid=135
[13] Fun with Kernel Structures (Plus FU all over again) - fuzen_op[2004-06-08]
http://www.rootkit.com/newsread_print.php?newsid=134
http://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip
[14] Getting Kernel Variables from KdVersionBlock, Part 2 - ionescu007[2004-07-11]
http://www.rootkit.com/newsread_print.php?newsid=153
[15] Byepass Scheduler List Process Detection - SoBeIt <kinvis@hotmail.com>[2004-04-25]
http://www.rootkit.com/newsread_print.php?newsid=117
[16] Detecting Hidden Processes by Hooking the SwapContext Function - worthy[2004-08-03]
http://www.rootkit.com/newsread_print.php?newsid=170
相关文章推荐
- Windows Rootkit相关链接[转]
- Windows Rootkit相关链接
- 【转】Rootkit相关链接
- WINDOWS相关软件下载链接
- windows中链接远端服务器中的Oracle相关问题总结
- windows相关技术----资源查询链接
- Windows下Qt 5.2 for Android开发入门 + 相关链接
- Windows文件系统驱动程序编程相关链接
- Windows文件系统驱动程序编程相关链接
- Windows文件系统驱动程序编程相关链接
- windows rootkit 有用链接(转载)
- 计算机视觉相关领域的网站链接,其中有CV牛人的主页,CV研究小组的主页,CV领域的paper,代码,CV领域的最新动态,国内的应用情况等等。
- windows核心编程心解--进程相关
- 原创 C++应用程序在Windows下的编译、链接:第三部分 静态链接(一)
- 注册Windows service及其相关
- 常用资源与相关链接 转载网友的
- Android 应用中含有相关产品链接的格式
- 【Windows程序设计】与文字输出相关的函数及使用方法
- Redis2.2.2源码学习——Server&Client链接的建立以及相关Event
- 一些与编译,链接相关的问题(zz)