Mirrors
/
Windows-Rootkits
mirror of https://github.com/ciyze0101/Windows-Rootkits
6
0
Fork 0
Code Issues Projects Releases Wiki Activity
Windows-Rootkits/ProtectFilex86
History
LycorisGuard 94f523ced9 update 
update
 		2018-08-14 21:58:47 +08:00
..
FileProtectX86.c update 2018-08-14 21:58:47 +08:00
FileProtectX86.h update 2018-08-14 21:58:47 +08:00
FileProtectX86.sln Add files via upload 2016-08-29 11:02:47 +08:00
FileProtectX86.vcxproj Add files via upload 2016-08-29 11:02:47 +08:00
ReadMe.txt Create ReadMe.txt 2016-08-29 11:00:49 +08:00
common.h update 2018-08-14 21:58:47 +08:00
sources Add files via upload 2016-08-29 11:02:47 +08:00
struct.h update 2018-08-14 21:58:47 +08:00

ReadMe.txt 

1.Hook NtSetInformationFile to change target file
2.Hook NtWriteFile to write the target file
3.Hook NtDeleteFile to delete the target file
4.bind keyboard Filter Driver to avoid "ctrl+c" copy the content
There has a problem : the keyboard filter Driver is global , and other process cann't use "ctrl+c" also.