KDU

This is a Windows driver code, specifically a device driver for a fictional device called "DUMMYDRV". The code is written in C and is compiled into a Windows driver executable. The code consists of two parts: dummy.sys and dummy2.sys. Both files are Windows driver executables, but they have...

Bypassing Anti-Rookit kernel modules scanning techniques-vulnerability warning-the black bar safety net

This article describes some of the methods, you can bypass the current mainstream of the modernAnti-rootkittools, including, but not limited to:Icesword latest version, Gmer latest version, Rootkit unhooker latest version, DarkSpy latest edition and AVG Anti-rootkit latest version, etc. The curre...

Breakthrough IceSword process itself protection method-vulnerability warning-the black bar safety net

IceSword drive on its own process to do the protection, so that the malicious program is terminated not him. IceSword did not use HOOK the SSDT method, but is also useless what is too perverted method, but the Inline Hook the NtOpenProcess And NtTerminateProcess several functions, namely to modif...