activedefense's Introduction

Sml主动防御

在Win7 64位下测试通过

####[背景介绍] 这是我学习Windows驱动开发的练手作品，希望不要班门弄斧。

####[开发环境]

系统：Windows 8
编译工具：VS2013 & WDK8.1

####[主要功能]

1.进程监控[创建进程回调函数，由应用层决定程序禁止或放行]
2.进程保护[采用DKOM方式操作EPROCESS 修改FLAGS标志位实现保护]
3.文件保护[使用MiniFilter框架对文件进行过滤，禁止保护文件的写入,删除及修改信息]
4.驱动监控[通过设置映像加载通告例程，判断如果是驱动文件，提交应用层处理]

####[注意事项]

驱动并未进行签名，需要在禁用强制驱动程序签名的模式下使用。

####[其他] 这份源码里借鉴了N多大牛的代码，在这里向大牛们致敬。

附上运行的截图

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.

Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

TensorFlow

An Open Source Machine Learning Framework for Everyone

Django

The Web framework for perfectionists with deadlines.

Laravel

A PHP framework for web artisans

D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

web

Some thing interesting about web. New door for the world.

server

A server is a program made to process requests and deliver data to clients.

Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

Visualization

Some thing interesting about visualization, use data art

Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.

Microsoft

Open source projects and samples from Microsoft.

Google

Google ❤️ Open Source for everyone.

Alibaba

Alibaba Open Source for everyone

D3

Data-Driven Documents codes.

Tencent

China tencent open source team.

fengjixuchui / activedefense Goto Github PK