文件名称:EasyAntiPatchGuard:Easy Anti PatchGuard
文件大小:16KB
文件格式:ZIP
更新时间:2024-05-06 07:19:26
C++
EasyAntiPatchGuard ##支持系统 = Win8(Win8-Win10 21H4) 如何使用 1.构建EasyAntiPatchGuard.sln 2.加载EasyAntiPatchGuard.sys 细节 众所周知,patchguard执行链: 在pgentry上-> CmpAppendDllSection(解密上下文)-> ExQueueWorkItem-> FsRtlMdlReadCompleteDevEx-> MmAllocateIndependentPages / ExAllocatePoolWithTag->重新加密上下文->插入新上下文-> FreePool / Page当前上下文。 一些pgentry(apc,dpc,..): 00 fffffd0c`0d40d868 fffff802`0a52410d 0xffffc405 `84a020d
【文件预览】:
EasyAntiPatchGuard-main
----EasyAntiPatchGuard()
--------GetKernelBase.asm(919B)
--------DriverEntry.cpp(4KB)
--------EasyAntiPatchGuard.vcxproj(8KB)
--------EasyAntiPatchGuard.vcxproj.filters(1KB)
----README.md(9KB)
----EasyAntiPatchGuard.sln(3KB)
----EasyAntiPatchGuard.sys(12KB)