| 程序名称 |
作者 |
说明 |
| Hook NtContinue |
deroko/ARTeam |
Ban dr7 changing from ring3 and foobaring hardware breakpoints |
| Hook ZwQuery |
deroko/ARTeam |
Hook NtZwQuerySystemInformation to hide SoftICE drivers |
| IopXxxControlFile Hook |
deroko/ARTeam |
catch Control Codes sent to themida driver |
| Ring0 memory dumper |
deroko/ARTeam |
dump ring0 memory only |
| Fake RDTSC |
deroko/ARTeam |
make rdtsc privileged instruction and handle it system wide |
| Loader from ring0 |
deroko/ARTeam |
loader for ring3 from ring0 |
| Hook scan |
deroko/ARTeam |
scan for hooks in exported procedures from ntoskrnl.exe |
| IntFooBar |
deroko/ARTeam |
hook int1/3 with 0FFFFFFFF and make IDT user visible/writable |
| Tasm 32 DDK |
deroko/ARTeam |
make drivers using tasm32 |
