[下载]Dream Of Every Reverser-安全工具-看雪-安全社区|安全招聘|kanxue.com

最新回复 (6)
KuNgBiM 雪币： 817 活跃值： (1927) 能力值： ( LV12，RANK：2670 ) 在线值：发帖 500 回帖 2517 粉丝 23 关注私信	KuNgBiM 66 2 楼 deroko of ARTeam 2007-5-31 19:24 0
softworm 雪币： 494 活跃值： (629) 能力值： ( LV9，RANK：1210 ) 在线值：发帖 66 回帖 1050 粉丝 13 关注私信	softworm 30 3 楼不错,可惜没有源码,顺便问问林版有没有Shadow Walker的源码? 2007-5-31 19:25 0
linhanshi 雪币： 106803 活跃值： (202484) 能力值： (RANK：10 ) 在线值：发帖 9315 回帖 28046 粉丝 488 关注私信	linhanshi 4 楼 use IDA to rip the code .... as i kown ,Shadow Walker no open the full source......Shadow Walker's code is base on FU rootkit... ----[ 3.4 - Proof Of Concept Implementation Our current implementation uses a modified FU rootkit and a new page fault handler called Shadow Walker. Since FU alters kernel data structures to hide processes and does not utilize any code hooks, we only had to be concerned with hiding the FU driver in memory. The kernel accounts for every process running on the system by storing an object called an EPROCESS block for each process in an internal linked list. FU disconnects the process it wants to hide from this linked list. ------[ 3.4.a - Modified FU Rootkit see more. english：8b1K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8Z5M7X3q4U0K9#2)9J5k6h3!0J5k6#2)9J5c8X3q4J5j5$3S2A6N6X3g2K6i4K6u0r3y4U0y4Q4x3V1k6H3y4U0y4Q4x3X3b7H3P5o6l9^5i4K6g2X3f1X3q4A6M7$3W2F1k6#2)9#2k6W2c8Z5k6g2)9#2k6V1u0S2M7W2)9#2k6V1k6G2M7W2)9#2k6W2N6A6L8X3c8G2N6%4y4Q4y4h3k6d9L8$3!0@1K9$3W2@1i4K6g2X3c8r3g2@1k6h3y4@1K9h3!0F1i4K6u0W2N6s2S2@1 chinese：bc3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4S2X3L8$3y4#2M7#2)9J5k6h3&6W2N6q4)9J5c8X3q4J5N6r3W2U0L8r3g2K6i4K6u0r3x3U0l9H3y4e0l9^5i4K6u0r3z5o6p5J5i4K6u0W2K9s2c8E0L8l9`.`. 2007-5-31 19:57 0
okdodo 雪币： 233 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 12 回帖 396 粉丝 1 关注私信	okdodo 2 5 楼 THANKS LIN AND DEROKO 2007-5-31 20:34 0
crackpc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 12 粉丝 0 关注私信	crackpc 6 楼看>看~~~~~~~~~~~~~ 2007-5-31 22:09 0
uunuu 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 12 粉丝 0 关注私信	uunuu 7 楼看看再说呵呵。 2007-6-6 11:38 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (6)
KuNgBiM 雪币： 817 活跃值： (1927) 能力值： ( LV12，RANK：2670 ) 在线值：发帖 500 回帖 2517 粉丝 23 关注私信	KuNgBiM 66 2 楼 deroko of ARTeam 2007-5-31 19:24 0
softworm 雪币： 494 活跃值： (629) 能力值： ( LV9，RANK：1210 ) 在线值：发帖 66 回帖 1050 粉丝 13 关注私信	softworm 30 3 楼不错,可惜没有源码,顺便问问林版有没有Shadow Walker的源码? 2007-5-31 19:25 0
linhanshi 雪币： 106803 活跃值： (202484) 能力值： (RANK：10 ) 在线值：发帖 9315 回帖 28046 粉丝 488 关注私信	linhanshi 4 楼 use IDA to rip the code .... as i kown ,Shadow Walker no open the full source......Shadow Walker's code is base on FU rootkit... ----[ 3.4 - Proof Of Concept Implementation Our current implementation uses a modified FU rootkit and a new page fault handler called Shadow Walker. Since FU alters kernel data structures to hide processes and does not utilize any code hooks, we only had to be concerned with hiding the FU driver in memory. The kernel accounts for every process running on the system by storing an object called an EPROCESS block for each process in an internal linked list. FU disconnects the process it wants to hide from this linked list. ------[ 3.4.a - Modified FU Rootkit see more. english：8b1K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8Z5M7X3q4U0K9#2)9J5k6h3!0J5k6#2)9J5c8X3q4J5j5$3S2A6N6X3g2K6i4K6u0r3y4U0y4Q4x3V1k6H3y4U0y4Q4x3X3b7H3P5o6l9^5i4K6g2X3f1X3q4A6M7$3W2F1k6#2)9#2k6W2c8Z5k6g2)9#2k6V1u0S2M7W2)9#2k6V1k6G2M7W2)9#2k6W2N6A6L8X3c8G2N6%4y4Q4y4h3k6d9L8$3!0@1K9$3W2@1i4K6g2X3c8r3g2@1k6h3y4@1K9h3!0F1i4K6u0W2N6s2S2@1 chinese：bc3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4S2X3L8$3y4#2M7#2)9J5k6h3&6W2N6q4)9J5c8X3q4J5N6r3W2U0L8r3g2K6i4K6u0r3x3U0l9H3y4e0l9^5i4K6u0r3z5o6p5J5i4K6u0W2K9s2c8E0L8l9`.`. 2007-5-31 19:57 0
okdodo 雪币： 233 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 12 回帖 396 粉丝 1 关注私信	okdodo 2 5 楼 THANKS LIN AND DEROKO 2007-5-31 20:34 0
crackpc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 12 粉丝 0 关注私信	crackpc 6 楼看>看~~~~~~~~~~~~~ 2007-5-31 22:09 0
uunuu 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 12 粉丝 0 关注私信	uunuu 7 楼看看再说呵呵。 2007-6-6 11:38 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复