白日梦

利用 TDI HOOK 实现任意端口复用

CDrea — Tue, 30 May 2006 17:43:00 GMT

利用 TDI HOOK 实现任意端口复用

Kick the Heuristic Anti-virus out of the Rootkit

CDrea — Thu, 06 Apr 2006 00:19:00 GMT

Recently, Some friend complained to me that their rootkit driver had been killed by anti-virus software like McAfee and Nod32.So I began to find why. http://www.rootkit.com/newsread.php?newsid=101

Simple Hooking of Functions not Exported by Ntoskrnl.exe

CDrea — Wed, 05 Apr 2006 23:54:00 GMT

As many of you will know, hooking functions not exported by ntoskrnl.exe is a real pain, as you need to hard code their position in KeServiceDescriptorTable, and this will change between windows releases.

NDIS and TDI Hooking, Part II

CDrea — Wed, 05 Apr 2006 23:19:00 GMT

This is the second and last article on how to hook into the NDIS and TDI layer. The approach we will use will be slightly different from the NDIS case. However, a neat side effect is that this method can be used to hook into any device chain, for example the keyboard to sniff key strokes. It all boils down to getting a pointer to the device object and replace all major functions with our own dispatch function.

Hooking into NDIS and TDI, part 1

CDrea — Wed, 05 Apr 2006 23:15:00 GMT

This is the fist part in a series of 2 articles on how to hook into the NDIS and TDI layer. In this first one, we will discuss where and how to hook in to the NDIS layer.

Bypassing Blacklight and IceSword

CDrea — Wed, 05 Apr 2006 04:01:00 GMT

This article was released in the Uninformed Journal Vol 3. It is important to remember that this article displays Proof of Concept (POC) ideas and code. FUTo may result in specific applications crashing when hidden. However in most common tests it works. The code like the original FU is open source, CHAOS and I encourage the community to make modifications.

新年音乐会

CDrea — Sun, 01 Jan 2006 14:10:00 GMT

2006年维也纳新年音乐会

Kernel mode sockets library for the masses[zt]

CDrea — Sun, 01 Jan 2006 13:50:00 GMT

Kernel mode socket library

挂钩Windows API[zt]

CDrea — Mon, 22 Aug 2005 00:02:00 GMT

Holy_Father的经典文章《挂钩Windows API》

修改导入表载入DLL

CDrea — Wed, 17 Aug 2005 05:17:00 GMT

修改导入表载入DLL

[转载]合并 DLL

CDrea — Tue, 16 Aug 2005 05:27:00 GMT

原文见:http://www.vckbase.com/document/viewdoc/?id=1128

Apache 1.33与PHP 4.4.0配置手记

CDrea — Sun, 14 Aug 2005 06:08:00 GMT

Apache 1.33与PHP 4.4.0配置手记

[转载]使用windbg来调试程序

CDrea — Tue, 02 Aug 2005 03:26:00 GMT

原文见:http://blog.joycode.com/gangp/articles/18088.aspx

为应用程序添加插件功能

CDrea — Fri, 29 Jul 2005 03:25:00 GMT

现在很多程序都支持插件,有利于程序功能的扩展.也方便用户为程序定制一些个性化的功能.

最佳的75个安全工具

CDrea — Sun, 27 Mar 2005 10:33:00 GMT

在2000年的5、6月间，nmap-hackers邮件列表中发起了最佳安全工具的评选活动，活动取得了成功，最终由1200名Nmap用户评选出了50个最佳安全工具，评选结果发布在insecure.org网站，得到了网友们的普遍认可。时隔三年，nmap-hackers邮件列表中又发起了同样的评选活动，1854个用户参与了此次活动，每个用户最多可以选择8个最佳工具，并且这次评选出的最佳安全工具由50个增加到了75个。因为是在nmap-hackers邮件列表中做出的评选，因此没有把nmap安全扫描器（http://www.insecure.org/nmap/）评选在内。这次评选出来的75个最佳安全工具在网络安全领域都是一些很有代表性的软件，对于那些在网络安全方面不知从何处开始的新手们来说，这对他们有相当的参考价值。