Tue, 30 May 2006 17:43:00 GMT我不苟同你的思想，但是我绝对捍卫你思想的自由。http://blog.csdn.net/cdrea/http://blog.csdn.net/CDrea/archive/2006/05/30/764022.aspxhttp://blog.csdn.net/cdrea/comments/764022.aspx3http://blog.csdn.net/cdrea/comments/commentRss/764022.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=764022利用 TDI HOOK 实现任意端口复用<img src ="http://blog.csdn.net/cdrea/aggbug/764022.aspx" width = "1" height = "1" />Wed, 31 May 2006 01:43:00 +0800CDreahttp://blog.csdn.net/CDrea/archive/2006/05/30/764022.aspx#Feedbackhttp://blog.csdn.net/CDrea/archive/2006/05/30/764022.aspxCDreahttp://blog.csdn.net/CDrea/archive/2006/04/06/652189.aspxhttp://blog.csdn.net/cdrea/comments/652189.aspx0http://blog.csdn.net/cdrea/comments/commentRss/652189.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=652189Recently, Some friend complained to me that their rootkit driver had been killed by anti-virus software like McAfee and Nod32.So I began to find why. http://www.rootkit.com/newsread.php?newsid=101<img src ="http://blog.csdn.net/cdrea/aggbug/652189.aspx" width = "1" height = "1" />Thu, 06 Apr 2006 08:19:00 +0800CDreahttp://blog.csdn.net/CDrea/archive/2006/04/06/652189.aspx#Feedbackhttp://blog.csdn.net/CDrea/archive/2006/04/06/652189.aspxCDreahttp://blog.csdn.net/CDrea/archive/2006/04/05/652174.aspxhttp://blog.csdn.net/cdrea/comments/652174.aspx1http://blog.csdn.net/cdrea/comments/commentRss/652174.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=652174As many of you will know, hooking functions not exported by ntoskrnl.exe is a real pain, as you need to hard code their position in KeServiceDescriptorTable, and this will change between windows releases.<img src ="http://blog.csdn.net/cdrea/aggbug/652174.aspx" width = "1" height = "1" />Thu, 06 Apr 2006 07:54:00 +0800CDreahttp://blog.csdn.net/CDrea/archive/2006/04/05/652174.aspx#Feedbackhttp://blog.csdn.net/CDrea/archive/2006/04/05/652174.aspxCDreahttp://blog.csdn.net/CDrea/archive/2006/04/05/652141.aspxhttp://blog.csdn.net/cdrea/comments/652141.aspx0http://blog.csdn.net/cdrea/comments/commentRss/652141.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=652141This is the second and last article on how to hook into the NDIS and TDI layer. The approach we will use will be slightly different from the NDIS case. However, a neat side effect is that this method can be used to hook into any device chain, for example the keyboard to sniff key strokes. It all boils down to getting a pointer to the device object and replace all major functions with our own dispatch function. <img src ="http://blog.csdn.net/cdrea/aggbug/652141.aspx" width = "1" height = "1" />Thu, 06 Apr 2006 07:19:00 +0800CDreahttp://blog.csdn.net/CDrea/archive/2006/04/05/652141.aspx#Feedbackhttp://blog.csdn.net/CDrea/archive/2006/04/05/652141.aspxCDreahttp://blog.csdn.net/CDrea/archive/2006/04/05/652138.aspxhttp://blog.csdn.net/cdrea/comments/652138.aspx0http://blog.csdn.net/cdrea/comments/commentRss/652138.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=652138This is the fist part in a series of 2 articles on how to hook into the NDIS and TDI layer. In this first one, we will discuss where and how to hook in to the NDIS layer. <img src ="http://blog.csdn.net/cdrea/aggbug/652138.aspx" width = "1" height = "1" />Thu, 06 Apr 2006 07:15:00 +0800CDreahttp://blog.csdn.net/CDrea/archive/2006/04/05/652138.aspx#Feedbackhttp://blog.csdn.net/CDrea/archive/2006/04/05/652138.aspxCDreahttp://blog.csdn.net/CDrea/archive/2006/04/05/650999.aspxhttp://blog.csdn.net/cdrea/comments/650999.aspx0http://blog.csdn.net/cdrea/comments/commentRss/650999.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=650999This article was released in the Uninformed Journal Vol 3. It is important to remember that this article displays Proof of Concept (POC) ideas and code. FUTo may result in specific applications crashing when hidden. However in most common tests it works. The code like the original FU is open source, CHAOS and I encourage the community to make modifications.<img src ="http://blog.csdn.net/cdrea/aggbug/650999.aspx" width = "1" height = "1" />Wed, 05 Apr 2006 12:01:00 +0800CDreahttp://blog.csdn.net/CDrea/archive/2006/04/05/650999.aspx#Feedbackhttp://blog.csdn.net/CDrea/archive/2006/04/05/650999.aspxCDreahttp://blog.csdn.net/CDrea/archive/2006/01/01/567960.aspxhttp://blog.csdn.net/cdrea/comments/567960.aspx0http://blog.csdn.net/cdrea/comments/commentRss/567960.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=5679602006年维也纳新年音乐会<img src ="http://blog.csdn.net/cdrea/aggbug/567960.aspx" width = "1" height = "1" />Sun, 01 Jan 2006 22:10:00 +0800CDreahttp://blog.csdn.net/CDrea/archive/2006/01/01/567960.aspx#Feedbackhttp://blog.csdn.net/CDrea/archive/2006/01/01/567960.aspxCDreahttp://blog.csdn.net/CDrea/archive/2006/01/01/567944.aspxhttp://blog.csdn.net/cdrea/comments/567944.aspx0http://blog.csdn.net/cdrea/comments/commentRss/567944.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=567944Kernel mode socket library<img src ="http://blog.csdn.net/cdrea/aggbug/567944.aspx" width = "1" height = "1" />Sun, 01 Jan 2006 21:50:00 +0800CDreahttp://blog.csdn.net/CDrea/archive/2006/01/01/567944.aspx#Feedbackhttp://blog.csdn.net/CDrea/archive/2006/01/01/567944.aspxCDreahttp://blog.csdn.net/CDrea/archive/2005/08/22/460960.aspxhttp://blog.csdn.net/cdrea/comments/460960.aspx0http://blog.csdn.net/cdrea/comments/commentRss/460960.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=460960Holy_Father的经典文章《挂钩Windows API》<img src ="http://blog.csdn.net/cdrea/aggbug/460960.aspx" width = "1" height = "1" />Mon, 22 Aug 2005 08:02:00 +0800CDreahttp://blog.csdn.net/CDrea/archive/2005/08/22/460960.aspx#Feedbackhttp://blog.csdn.net/CDrea/archive/2005/08/22/460960.aspxCDreahttp://blog.csdn.net/CDrea/archive/2005/08/17/456296.aspxhttp://blog.csdn.net/cdrea/comments/456296.aspx0http://blog.csdn.net/cdrea/comments/commentRss/456296.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=456296修改导入表载入DLL<img src ="http://blog.csdn.net/cdrea/aggbug/456296.aspx" width = "1" height = "1" />Wed, 17 Aug 2005 13:17:00 +0800CDreahttp://blog.csdn.net/CDrea/archive/2005/08/17/456296.aspx#Feedbackhttp://blog.csdn.net/CDrea/archive/2005/08/17/456296.aspxCDrea