⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 sample.txt

📁 IDT Hook 检测及恢复 此程序在 Ring3 下打开物理内存对象取得当前内存中的 IDT
💻 TXT
字号:
🔍 
Interrupt Descriptor Table(IDT) Guard
<matt@msuiche.net> www.msuiche.net
Version 0.1 - (c) December, 2005 -


INT 0x01 has been hooked at 0x816C001D (Org INT = 0x80466786) by Unknow
INT 0x02 has been hooked at 0x0000145E (Org INT = 0x80466826) by Unknow
INT 0x03 has been hooked at 0x816C003C (Org INT = 0x80466A5E) by Unknow
INT 0x08 has been hooked at 0x000014B8 (Org INT = 0x80467670) by Unknow
INT 0x0E has been hooked at 0x816C007A (Org INT = 0x804688F4) by Unknow
INT 0x13 has been hooked at 0x8046900B (Org INT = 0x80468C8F) by ntoskrnl.exe
INT 0x1F has been hooked at 0x80064908 (Org INT = 0x80468C8F) by hal.dll
INT 0x2D has been hooked at 0xBE8C2B5C (Org INT = 0x8046694E) by DbgMsg.SYS
INT 0x37 has been hooked at 0x800640B8 (Org INT = 0x80464C56) by hal.dll
INT 0x3D has been hooked at 0x80065254 (Org INT = 0x80464C92) by hal.dll
INT 0x41 has been hooked at 0x800650C8 (Org INT = 0x80464CBA) by hal.dll
INT 0x50 has been hooked at 0x80064190 (Org INT = 0x80464D50) by hal.dll
INT 0x51 has been hooked at 0x816878A4 (Org INT = 0x80464D5A) by Unknow
INT 0x52 has been hooked at 0x81688DC4 (Org INT = 0x80464D64) by Unknow
INT 0x83 has been hooked at 0x81674424 (Org INT = 0x80464F4E) by Unknow
INT 0x92 has been hooked at 0x816B4584 (Org INT = 0x80464FE4) by Unknow
INT 0x93 has been hooked at 0x81686DC4 (Org INT = 0x80464FEE) by Unknow
INT 0xA2 has been hooked at 0x81687D64 (Org INT = 0x80465084) by Unknow
INT 0xA3 has been hooked at 0x816B6504 (Org INT = 0x8046508E) by Unknow
INT 0xB1 has been hooked at 0x816F8044 (Org INT = 0x8046511A) by Unknow
INT 0xB3 has been hooked at 0x816891C4 (Org INT = 0x8046512E) by Unknow
INT 0xC1 has been hooked at 0x800642FC (Org INT = 0x804651BA) by hal.dll
INT 0xD1 has been hooked at 0x80063964 (Org INT = 0x8046525A) by hal.dll
INT 0xE1 has been hooked at 0x80064858 (Org INT = 0x804652FA) by hal.dll
INT 0xE3 has been hooked at 0x800645D4 (Org INT = 0x8046530E) by hal.dll
INT 0xFD has been hooked at 0x80064D64 (Org INT = 0x804653E2) by hal.dll
INT 0xFE has been hooked at 0x80064EEC (Org INT = 0x804653E9) by hal.dll

27 Interruptions have been modified.

Help:
        q    :quit
        s    :reshow list of modified interrupt
        r X  :restore interruption X in IDT(sample: r 0xA1)
        h    :show this help


cmd>r 0x2D
Are you sure that you want to restore the Interruption 0x2D(45)? (y/n)y

Let's restore it !
I will do that :
        Offset   : 0xBE8C2B5C => 0x8046694E
        Dpl      :       0x01 =>       0x01
        Type     : IntG32     => IntG32

Are you sure?(y/n)y

Reconstrution of the INT 0x2D
	Offset value...Done
	Dpl(Descriptor Privilege Level) value...Done
	Type value...Done

OKiE

cmd>s
INT 0x01 has been hooked at 0x816C001D (Org INT = 0x80466786) by Unknow
INT 0x02 has been hooked at 0x0000145E (Org INT = 0x80466826) by Unknow
INT 0x03 has been hooked at 0x816C003C (Org INT = 0x80466A5E) by Unknow
INT 0x08 has been hooked at 0x000014B8 (Org INT = 0x80467670) by Unknow
INT 0x0E has been hooked at 0x816C007A (Org INT = 0x804688F4) by Unknow
INT 0x13 has been hooked at 0x8046900B (Org INT = 0x80468C8F) by ntoskrnl.exe
INT 0x1F has been hooked at 0x80064908 (Org INT = 0x80468C8F) by hal.dll
INT 0x37 has been hooked at 0x800640B8 (Org INT = 0x80464C56) by hal.dll
INT 0x3D has been hooked at 0x80065254 (Org INT = 0x80464C92) by hal.dll
INT 0x41 has been hooked at 0x800650C8 (Org INT = 0x80464CBA) by hal.dll
INT 0x50 has been hooked at 0x80064190 (Org INT = 0x80464D50) by hal.dll
INT 0x51 has been hooked at 0x816878A4 (Org INT = 0x80464D5A) by Unknow
INT 0x52 has been hooked at 0x81688DC4 (Org INT = 0x80464D64) by Unknow
INT 0x83 has been hooked at 0x81674424 (Org INT = 0x80464F4E) by Unknow
INT 0x92 has been hooked at 0x816B4584 (Org INT = 0x80464FE4) by Unknow
INT 0x93 has been hooked at 0x81686DC4 (Org INT = 0x80464FEE) by Unknow
INT 0xA2 has been hooked at 0x81687D64 (Org INT = 0x80465084) by Unknow
INT 0xA3 has been hooked at 0x816B6504 (Org INT = 0x8046508E) by Unknow
INT 0xB1 has been hooked at 0x816F8044 (Org INT = 0x8046511A) by Unknow
INT 0xB3 has been hooked at 0x816891C4 (Org INT = 0x8046512E) by Unknow
INT 0xC1 has been hooked at 0x800642FC (Org INT = 0x804651BA) by hal.dll
INT 0xD1 has been hooked at 0x80063964 (Org INT = 0x8046525A) by hal.dll
INT 0xE1 has been hooked at 0x80064858 (Org INT = 0x804652FA) by hal.dll
INT 0xE3 has been hooked at 0x800645D4 (Org INT = 0x8046530E) by hal.dll
INT 0xFD has been hooked at 0x80064D64 (Org INT = 0x804653E2) by hal.dll
INT 0xFE has been hooked at 0x80064EEC (Org INT = 0x804653E9) by hal.dll

cmd>q

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -