gmh5225
/
AntiKernelDebug-POC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
AntiKernelDebug-POC/README.md

16 lines
353 B
Raw Permalink Normal View History Unescape

Update
2 years ago
# AntiKernelDebug-poc
Initial commit
2 years ago
Update
2 years ago
## What's this?
A POC about how to detect windows kernel debug by pool tag.
## How does this poc actually work?
Query system pool tag information matches TagUlong == 'oIdK'.
Tested in Win10 1809
Update
2 years ago
![image](images/1.png)
Update
2 years ago
## Compile
- Visual Studio 2019
- llvm-msvc [[link]](https://github.com/NewWorldComingSoon/llvm-msvc-build)