GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → MandConsultingGroup → ring3-kit

MandConsultingGroup / ring3-kit

Licence: MIT license
Hides Process From Task Manager Using NT API Hooking (NtQuerySystemInformation)

Programming Languages

C++
36643 projects - #6 most used programming language

Labels

win32apihooks-api

Projects that are alternatives of or similar to ring3-kit

old-new-win32api
Organized bookmarks to Win32API posts of Raymond Chen's blog "The Old New Thing".
Stars: ✭ 170 (+183.33%)
Mutual labels:  win32api
Orca
Advanced Malware with multifeatures written in ASM/C/C++ , work on all windows versions ! (uncompleted)
Stars: ✭ 184 (+206.67%)
Mutual labels:  win32api
Reactos
A free Windows-compatible Operating System
Stars: ✭ 10,216 (+16926.67%)
Mutual labels:  win32api
Pywinauto
Windows GUI Automation with Python (based on text properties)
Stars: ✭ 3,175 (+5191.67%)
Mutual labels:  win32api
Examples Win32
Shows how to use Win32 controls by programming code (c++17).
Stars: ✭ 22 (-63.33%)
Mutual labels:  win32api
wcecl
Allows to run Windows CE applications on Windows!
Stars: ✭ 54 (-10%)
Mutual labels:  win32api
programming-windows-5th-edition
Unofficial source code repo for Charles Petzold's Programming Windows 5th Edition.
Stars: ✭ 28 (-53.33%)
Mutual labels:  win32api
XScreenSaverWin
XScreenSaver for Windows
Stars: ✭ 76 (+26.67%)
Mutual labels:  win32api
hookwin10calc
Reverse engineered Windows 10 Calculator.exe (UWP application) hacker. 한글/漢文을 배운 윈도우 계산기 패치.
Stars: ✭ 19 (-68.33%)
Mutual labels:  win32api
UniWinApiAsset
A window controller for Unity using Windows API
Stars: ✭ 58 (-3.33%)
Mutual labels:  win32api
Api-Break-for-x64dbg
x64dbg plugin to set breakpoints automatically to Win32/64 APIs
Stars: ✭ 136 (+126.67%)
Mutual labels:  win32api
malwinx
Just a normal flask web app to understand win32api with code snippets and references.
Stars: ✭ 76 (+26.67%)
Mutual labels:  win32api
ThreadBoat
Program Uses Thread Execution Hijacking To Inject Native Shell-code Into a Standard Win32 Application
Stars: ✭ 162 (+170%)
Mutual labels:  win32api
Ayase
🥥 Control everything by keyboard. Built for hackers and the blind.
Stars: ✭ 53 (-11.67%)
Mutual labels:  win32api
creating-controls-in-assembler
Gitbook: https://mrfearless.gitbooks.io/creating-controls-in-assembler
Stars: ✭ 20 (-66.67%)
Mutual labels:  win32api
Live-Desktop-Capture
A Live Desktop Capture using Go and WebSockets
Stars: ✭ 42 (-30%)
Mutual labels:  win32api

ring3-kit

Hides Process From Task Manager Using NT Hooking (NtQuerySystemInformation). A simple Ring-3 (user mode) rootkit.

How

  • Hook the API function NtQuerySystemInformation() with our own function that hides a process from task manager
  • Hooked function gets called instead
  • The DLL is injected into Taskmgr.exe so there is a virtual memory space available to execute our hooked code

Disclaimer

The developer, Josh Schiavone is not responsible or liable for the misuse of this simple rootkit. Do not deploy this rootkit in association with legitmate malware programs on machines that you have no authorized access to. May God bless you all.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].