[转载]Defeating Kernel Native API Hookers by Direct KiServiceTable Restoration
Defeating Kernel Native API Hookers by Direct KiServiceTable Restoration文章作者:Tan Chew Keong
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])
--[ Table of contents
• User-space API calls and Native APIs
• Redirecting the execution path of Native APIs
• Locating and restoring the KiServiceTable
• Defeating Native API hooking rootkits and security tools.
[url=http://www.security.org.sg/code/kproccheck.html]Win2K Kernel Hidden Process Module Checker 0.1[/url] 好文, 和SDTrestore有点儿像.用的就是90210的方法呀:lol
页:
[1]