- 1、本文档共6页,可阅读全部内容。
- 2、原创力文档(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
突破主动防御之注册表监控篇(已更新)(Break through active defense registry monitor (Updated))
突破主动防御之注册表监控篇(已更新)(Break through active defense registry monitor (Updated))
[original] breakthrough of active defense articles (Updated) registry monitoring
Article title: [original] breakthrough of active defense (Updated) registry monitoring in the top xyzreg published: 2007-02-2605:29 landlord [[original] breakthrough initiative defense articles (Updated) registry monitoring
Author: xyzreg[E.S.T] ()
Source: EvilOctal security team ()
The concept of active defense has been popular, many anti-virus software, HIPS software and fire have registry monitoring function, prevent self start and IE related keys are modified to no small role in preventing the virus trojan and malware and other malicious applications. But the existing registry monitoring is not perfect, we can still bypass the registry to modify the registry monitoring.
Methods to bypass the registry monitoring more than one, should be applied flexibly according to different situations. In addition to modify the registry method of the demo program using HIVE file operation, we can also write the driver release registry monitoring program of the hook, or directly call the CmXXXXX function to operate the registry is not exported.
Kaba GSS, 2007, 6, rising Jiangmin 2007 contains registry monitoring function of security software testing, I write this demo program can successfully modify the registry through them.
This program is only for science and security alerts, in order to improve the safety awareness of everyone and choose a better security products. Do not put the method in the program for illegal purposes.
February 27Ri update:
The program has been upgraded, can break through the previous version cannot break through SSM (SystemSafetyMonitor), the latest version of the latest version of the 6, ZoneAlarmPro7 kappa EQSecure, ProSecurity, etc.. At present, the increase of the special method to modify the registry B can break apart Rhino (Safe n Sec) in addition to all of the real-time interception class reg
您可能关注的文档
- 我第一次参加cia考试居然全部通过了(附有考试心得,希望对大家有用)(I took the CIA test for the first time, and I passed it all).doc
- 我院电子信息存储系统配置实施分析(Implementation and analysis of electronic information storage system in our institute).doc
- 所有单人地图(All single maps).doc
- 所有答案(All answers).doc
- 所有图片格式的特点总结(Summary of features of all picture formats).doc
- 所有者权益练习(Owner equity exercise).doc
- 手动修复注册表(Manual repair registry).doc
- 手机sd卡中的文件夹(Folder in mobile SD card).doc
- 手机互联网(Mobile Internet).doc
- 手机使用误区全揭秘 弱电辐射大千倍(Mobile phone use error of full secret electroweak thousand times).doc
- 《GB/T 32151.42-2024温室气体排放核算与报告要求 第42部分:铜冶炼企业》.pdf
- GB/T 32151.42-2024温室气体排放核算与报告要求 第42部分:铜冶炼企业.pdf
- GB/T 38048.6-2024表面清洁器具 第6部分:家用和类似用途湿式硬地面清洁器具 性能测试方法.pdf
- 中国国家标准 GB/T 38048.6-2024表面清洁器具 第6部分:家用和类似用途湿式硬地面清洁器具 性能测试方法.pdf
- 《GB/T 38048.6-2024表面清洁器具 第6部分:家用和类似用途湿式硬地面清洁器具 性能测试方法》.pdf
- 《GB/T 18238.2-2024网络安全技术 杂凑函数 第2部分:采用分组密码的杂凑函数》.pdf
- GB/T 18238.2-2024网络安全技术 杂凑函数 第2部分:采用分组密码的杂凑函数.pdf
- 《GB/T 17215.686-2024电测量数据交换 DLMS/COSEM组件 第86部分:社区网络高速PLCISO/IEC 12139-1配置》.pdf
- GB/T 13542.4-2024电气绝缘用薄膜 第4部分:聚酯薄膜.pdf
- 《GB/T 13542.4-2024电气绝缘用薄膜 第4部分:聚酯薄膜》.pdf
文档评论(0)