0GiNr技术社区 › 论坛 › 系统底层开发 › 查看主题

论坛

9803 查看	46 回复

12 3 4 5 下一页

返回列表

iceboy

特邀大牛

Rank: 10

金钱: 131354 元
经验: 13843 点
威望: 127 点
贡献: 7 点
精华: 9

go

PsNull 完整可编译源代码

1楼

发表于 2009-6-18 20:22 | 只看该作者 | 倒序看帖 | 打印

凡本论坛原创内容，其作者享有著作权，未经许可谢绝转载。

本帖最后由 iceboy 于 2009-12-22 19:29 编辑

在 FC 的威逼利诱下终于把这个东西从硬盘里挖出来了.

版本号是 1436, 兼容 2000-Vista, 可以在 Win7 下正常运行.

原创部分:
1. 神奇的 feeb inline hook. (已公开)
2. hookapc -> ... -> 结束进程. (已公开)
3. IcyListView. (已公开, 不过这里面是较老的版本, 更容易看懂 )
4. 比较 AI 的 inline hook scan.
5. 从资源文件中加载 dll.
6. 对 PeekMessage 进行和谐.
etc.

还有一些神奇的技术, 比如 BSTR hack, DOS Device Trie, Native API Engine, PDB Loader, 和谐绕过 ss 和 kv 的 apc hook, hook ObRef & NtUserQueryWindow, etc.

时间比较久远, 以上信息难免有疏漏之处. 另外, 时间比较久远, 见到一些很烂的代码片断请不要有任何联想.
文件列表

D:\Project\PsNull3>dir *.* /s /b > sb.txt

D:\Project\PsNull3\Driver

D:\Project\PsNull3\GUI

D:\Project\PsNull3\PsNull3_fullsrc.rar

D:\Project\PsNull3\sb.txt

D:\Project\PsNull3\Driver\ade32.c

D:\Project\PsNull3\Driver\bin

D:\Project\PsNull3\Driver\Bugcheck.txt

D:\Project\PsNull3\Driver\buildfre_wnet_x86.log

D:\Project\PsNull3\Driver\dbgview.exe

D:\Project\PsNull3\Driver\ddkbuild.cmd

D:\Project\PsNull3\Driver\DdkVcproj

D:\Project\PsNull3\Driver\dispatch.c

D:\Project\PsNull3\Driver\dumpmem.c

D:\Project\PsNull3\Driver\hashtable.c

D:\Project\PsNull3\Driver\hookapc.c

D:\Project\PsNull3\Driver\hookobref.c

D:\Project\PsNull3\Driver\hookwnd.c

D:\Project\PsNull3\Driver\loaddrv.exe

D:\Project\PsNull3\Driver\locate.c

D:\Project\PsNull3\Driver\makefile

D:\Project\PsNull3\Driver\mybuild.bat

D:\Project\PsNull3\Driver\objfre_wnet_x86

D:\Project\PsNull3\Driver\pn3drv.c

D:\Project\PsNull3\Driver\PN3Drv.ncb

D:\Project\PsNull3\Driver\PN3Drv.sln

D:\Project\PsNull3\Driver\PN3Drv.vcproj

D:\Project\PsNull3\Driver\PN3Drv.vcproj.iceboy-PC.iceboy.user

D:\Project\PsNull3\Driver\pn3entry.h

D:\Project\PsNull3\Driver\pn3fs.h

D:\Project\PsNull3\Driver\pn3hook.h

D:\Project\PsNull3\Driver\pn3imp.h

D:\Project\PsNull3\Driver\pn3krnl.h

D:\Project\PsNull3\Driver\pn3misc.h

D:\Project\PsNull3\Driver\pn3proc.h

D:\Project\PsNull3\Driver\psdelete.c

D:\Project\PsNull3\Driver\psenum.c

D:\Project\PsNull3\Driver\pshide.c

D:\Project\PsNull3\Driver\psquery.c

D:\Project\PsNull3\Driver\readfile.c

D:\Project\PsNull3\Driver\sources

D:\Project\PsNull3\Driver\ssdt.c

D:\Project\PsNull3\Driver\tea32.c

D:\Project\PsNull3\Driver\Todo.txt

D:\Project\PsNull3\Driver\wpoff.c

D:\Project\PsNull3\Driver\bin\i386

D:\Project\PsNull3\Driver\bin\i386\PN3Drv.pdb

D:\Project\PsNull3\Driver\bin\i386\PN3Drv.sys

D:\Project\PsNull3\Driver\DdkVcproj\BuildLog.htm

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386

D:\Project\PsNull3\Driver\objfre_wnet_x86\_objects.mac

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\ade32.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\dispatch.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\dumpmem.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\hashtable.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\hookapc.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\hookobref.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\hookwnd.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\locate.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\pn3drv.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\psdelete.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\psenum.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\pshide.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\psquery.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\readfile.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\ssdt.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\tea32.obj

D:\Project\PsNull3\Driver\objfre_wnet_x86\i386\wpoff.obj

D:\Project\PsNull3\GUI\c_icy_codescan.cls

D:\Project\PsNull3\GUI\c_icy_hashtable.cls

D:\Project\PsNull3\GUI\c_icy_reportview.cls

D:\Project\PsNull3\GUI\c_icy_tabcontrol.cls

D:\Project\PsNull3\GUI\c_pe_engine.cls

D:\Project\PsNull3\GUI\f_about.frm

D:\Project\PsNull3\GUI\f_about.frx

D:\Project\PsNull3\GUI\f_gdt.frm

D:\Project\PsNull3\GUI\f_gdt.frx

D:\Project\PsNull3\GUI\f_idt.frm

D:\Project\PsNull3\GUI\f_idt.frx

D:\Project\PsNull3\GUI\f_mainform.frm

D:\Project\PsNull3\GUI\f_mainform.frx

D:\Project\PsNull3\GUI\f_msg_hook.frm

D:\Project\PsNull3\GUI\f_msg_hook.frx

D:\Project\PsNull3\GUI\f_scan_inline.frm

D:\Project\PsNull3\GUI\f_scan_inline.frx

D:\Project\PsNull3\GUI\f_scan_inline_result.frm

D:\Project\PsNull3\GUI\f_scan_inline_result.frx

D:\Project\PsNull3\GUI\f_shadow.frm

D:\Project\PsNull3\GUI\f_shadow.frx

D:\Project\PsNull3\GUI\f_ssdt.frm

D:\Project\PsNull3\GUI\f_ssdt.frx

D:\Project\PsNull3\GUI\f_wait.frm

D:\Project\PsNull3\GUI\f_wait.frx

D:\Project\PsNull3\GUI\m_ade32_disasm.bas

D:\Project\PsNull3\GUI\m_api_const.bas

D:\Project\PsNull3\GUI\m_api_internal.bas

D:\Project\PsNull3\GUI\m_api_type.bas

D:\Project\PsNull3\GUI\m_api_win32.bas

D:\Project\PsNull3\GUI\m_crypto.bas

D:\Project\PsNull3\GUI\m_dos_device_trie.bas

D:\Project\PsNull3\GUI\m_driver.bas

D:\Project\PsNull3\GUI\m_enum_msg_hooks.bas

D:\Project\PsNull3\GUI\m_gui_windowex.bas

D:\Project\PsNull3\GUI\m_hook_loadlibrary.bas

D:\Project\PsNull3\GUI\m_hook_peekmessage.bas

D:\Project\PsNull3\GUI\m_krnl_data.bas

D:\Project\PsNull3\GUI\m_krnl_module.bas

D:\Project\PsNull3\GUI\m_loader.bas

D:\Project\PsNull3\GUI\m_misc_stuff.bas

D:\Project\PsNull3\GUI\m_ps_enum.bas

D:\Project\PsNull3\GUI\m_system_service.bas

D:\Project\PsNull3\GUI\PsNull3.1426.rar

D:\Project\PsNull3\GUI\PsNull3.1436.unstable.rar

D:\Project\PsNull3\GUI\PsNull3.exe

D:\Project\PsNull3\GUI\PsNull3.RES

D:\Project\PsNull3\GUI\PsNull3.vbp

D:\Project\PsNull3\GUI\PsNull3.vbw

D:\Project\PsNull3\GUI\PsNull3_original.exe

D:\Project\PsNull3\GUI\Readme.txt

D:\Project\PsNull3\GUI\Resource

D:\Project\PsNull3\GUI\Resource\PsNull.ico

D:\Project\PsNull3\GUI\Resource\PsNull.jpg
复制代码