You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16 lines
353 B
16 lines
353 B
# AntiKernelDebug-poc
|
|
|
|
## What's this?
|
|
A POC about how to detect windows kernel debug by pool tag.
|
|
|
|
## How does this poc actually work?
|
|
Query system pool tag information matches TagUlong == 'oIdK'.
|
|
|
|
Tested in Win10 1809
|
|
|
|
|
|
|
|
## Compile
|
|
- Visual Studio 2019
|
|
- llvm-msvc [[link]](https://github.com/NewWorldComingSoon/llvm-msvc-build)
|