文件列表:

Common (0, 2013-12-09)
Common\DataStruct.h (1778, 2013-12-09)
Common\IoControlCmd.h (1930, 2013-12-09)
Common\MajorFunctionName.h (798, 2013-12-09)
Common\VistaShadowSSDT.h (23021, 2013-12-09)
Common\W2K3ShadowSSDT.h (19177, 2013-12-09)
Common\W2KShadowSSDT.h (34052, 2013-12-09)
Common\Win7ShadowSSDT.h (24969, 2013-12-09)
Common\XPShadowSSDT.h (19203, 2013-12-09)
Common\ring3common.h (491, 2013-12-09)
ScDetective (0, 2013-12-09)
ScDetective\ScDetective.sln (879, 2013-12-09)
ScDetective\ScDetective (0, 2013-12-09)
ScDetective\ScDetective\Function (0, 2013-12-09)
ScDetective\ScDetective\Function\Driver (0, 2013-12-09)
ScDetective\ScDetective\Function\Driver\Driver.cpp (5301, 2013-12-09)
ScDetective\ScDetective\Function\Driver\Driver.h (1262, 2013-12-09)
ScDetective\ScDetective\Function\File (0, 2013-12-09)
ScDetective\ScDetective\Function\File\File.cpp (4621, 2013-12-09)
ScDetective\ScDetective\Function\File\File.h (524, 2013-12-09)
ScDetective\ScDetective\Function\OS (0, 2013-12-09)
ScDetective\ScDetective\Function\OS\OS.cpp (4861, 2013-12-09)
ScDetective\ScDetective\Function\OS\OS.h (462, 2013-12-09)
ScDetective\ScDetective\Function\PE (0, 2013-12-09)
ScDetective\ScDetective\Function\PE\PE.cpp (3668, 2013-12-09)
ScDetective\ScDetective\Function\PE\PE.h (443, 2013-12-09)
ScDetective\ScDetective\Function\module (0, 2013-12-09)
ScDetective\ScDetective\Function\module\Module.cpp (6312, 2013-12-09)
ScDetective\ScDetective\Function\module\Module.h (579, 2013-12-09)
ScDetective\ScDetective\Function\module\Process.cpp (8645, 2013-12-09)
ScDetective\ScDetective\Function\module\Process.h (360, 2013-12-09)
ScDetective\ScDetective\Function\ssdt (0, 2013-12-09)
ScDetective\ScDetective\Function\ssdt\ssdt.cpp (14748, 2013-12-09)
ScDetective\ScDetective\Function\ssdt\ssdt.h (554, 2013-12-09)
ScDetective\ScDetective\Page1.cpp (8417, 2013-12-09)
ScDetective\ScDetective\Page1.h (1022, 2013-12-09)
ScDetective\ScDetective\Page2.cpp (11144, 2013-12-09)
ScDetective\ScDetective\Page2.h (1020, 2013-12-09)
... ...

ScDetective [](https://sourcegraph.com/github.com/kedebug/ScDetective) ============================================================== A kernel level Anti-Rootkit tool which runs on the windows platform. ## Basic information - GUI : VS2008 - MFC - Driver :VS2005 - ddkwizard - DDK Version:7600.16385.1 - Debug : Windbg - VirtualKD - VMware - Platform :XPSP3 & WIN7 - Finished : 2010.12 - Author: kedebug (Wei Sun) ## Kernel module There are about 6 modules in the ScDetective_Driver content: 1. Detect and restore the SSDT and shadow SSDT. - Checking SSDT in both user and kernel module to ensure accuracy. 2. Detect and static judging the active processes. - Get the accuracy process list from PspCidTable. - Brute force all the process from memory section. 3. Detect and static judging the drivers. 4. HookEngine module and part of the work was reversed from CNNIC driver. - Send Deferred Procedure Call(DPC) to ensure the safety during the hooking. - The Engine was reversed from CNNIC hook module. 5. Self-protect module(some DKOM skills). - Remove ourself from process link list. - Erase our handle from global handle table. 6. A demo file filter driver depended on sfilter library(In progress). ## Thanks ScDetective is my very first project, and it's currently in a very alpha state. It was finished in my third year in college, at that time I was addicted to the windows driver programming and accumulated lot of debug skills. Thanks to the great open source spirit, without previous work I couldn't do all this alone. Thanks to the [bbs.pediy.com](http://bbs.pediy.com/) forum, it gave me so much happiness and unforgetable memories in my college life. If you have any suggestion or questions, please feel free to get in touch via sunweiqq@gmail.com.

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：