You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
gmh5225
3b1797b196
|
3 years ago | |
---|---|---|
images | 3 years ago | |
.clang-format | 3 years ago | |
LICENSE | 3 years ago | |
README.md | 3 years ago | |
detect.h | 3 years ago | |
detect.poc.pooltag.cpp | 3 years ago | |
main.cpp | 3 years ago | |
poc.sln | 3 years ago | |
poc.vcxproj | 3 years ago | |
poc.vcxproj.filters | 3 years ago | |
util.cpp | 3 years ago | |
util.h | 3 years ago |
README.md
AntiKernelDebug-poc
What's this?
A POC about how to detect windows kernel debug by pool tag.
How does this poc actually work?
Query system pool tag information matches TagUlong == 'oIdK'.
Tested in Win10 1809
Compile
- Visual Studio 2019
- llvm-msvc [link]