Enumerate varios hook places for antirootkit

I need a driver which dumps the following information to a file (ZwCreateFile, ZwWriteFile, csv formatted):

- SSDT and Shadow SSDT (Index + Function Address)


- IDT (Name + Trap Handler Address)

- IAT and EAT off all loaded drivers (Name + Function Address)

- First n-bytes of all exported functions off all loaded drivers

- IAT and EAT of all modules in usermode (Name + Function Address)

- First n-bytes of all exported functions off modules in usermode processes

- Device stacks for all drivers

- Notivication routines: process create, thread create, image load, registry (Type + Function Address)

- Object manager types: IoFileObjectType, IoDeviceObjectType, MmSectionObjectType (Type + Procedure type + Address)

For XP, VISTA and W7, all 32bit.

Habilidades: Segurança de computadores, Segurança na rede

Veja mais: stacks and stacks, Device Drivers, dumps, idt, create image object, shadow ssdt, ssdt shadow, driver 32bit, Security Manager, thread manager, hook driver, zwcreatefile, image security, file shadow, process computer, enumerate iat, function thread, file type handler, enumerate computer, create object image, vista hook, hook hook, create image function, process create csv file, security image

Acerca do Empregador:
( 0 comentários ) Switzerland

ID do Projeto: #3047488