IceStealth 是一个 SoftICE 隐藏工具,可以防止:
CreateFileA、CreateFileW、NtCreateFile 和 nmtrans.dll 也不会使用这些方法找到 SoftICE
NtQueryDirectoryObject
查询对象
OpenServiceA、OpenServiceW、EnumServicesStatusA、EnumServicesStatusW、EnumServicesStatusExA、EnumServicesStatusExW
UnhandledExceptionFilter(2 个选项)
SEH BPM 保护
BPM 保护
NtQuerySystemInformation
int 41 被杀 + DPL 0
内部 1 DPL 0
基本注册表保护(如果需要)
(RegOpenKeyExA、RegOpenKeyExW、RegOpenKeyA、RegOpenKeyW)
保存磁盘保护
(IceStealth is a SoftICE hiding tool, that should protect from:
CreateFileA, CreateFileW, NtCreateFile, also nmtrans.dll wont find SoftICE with these methods
NtQueryDirectoryObject
NtQueryObject
OpenServiceA, OpenServiceW, EnumServicesStatusA,EnumServicesStatusW,EnumServicesStatusExA, EnumServicesStatusExW
UnhandledExceptionFilter (2 Options)
SEH BPM Protection
BPM Protection
NtQuerySystemInformation
int 41 killed + DPL 0
int 1 DPL 0
Basic Registry Protection (if ever needed)
(RegOpenKeyExA, RegOpenKeyExW, RegOpenKeyA, RegOpenKeyW)
SaveDisk Protection)
1623997184029.rar
|
收藏
