You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
gmh5225
3b1797b196
|
3 years ago | |
|---|---|---|
| images | 3 years ago | |
| .clang-format | 3 years ago | |
| LICENSE | 3 years ago | |
| README.md | 3 years ago | |
| detect.h | 3 years ago | |
| detect.poc.pooltag.cpp | 3 years ago | |
| main.cpp | 3 years ago | |
| poc.sln | 3 years ago | |
| poc.vcxproj | 3 years ago | |
| poc.vcxproj.filters | 3 years ago | |
| util.cpp | 3 years ago | |
| util.h | 3 years ago | |
README.md
AntiKernelDebug-poc
What's this?
A POC about how to detect windows kernel debug by pool tag.
How does this poc actually work?
Query system pool tag information matches TagUlong == 'oIdK'.
Tested in Win10 1809
Compile
- Visual Studio 2019
- llvm-msvc [link]