-
I am running Windows 10 with all updates installed. If I look at Task Manager I see Windows Explorer is using about 75 meg. I soon as I load Open-Shell the memory usage goes up to 1.7 to 1.9 gig. If I…
-
实验环境:
* Windows自带的视频播放器(非机密进程)
* 加密后的mp4文件
在使用自带视频播放器尝试打开mp4文件时,PostRead函数的FltLockUserBuffer函数报错。主要信息如下:
```bash
INVALID_PROCESS_ATTACH_ATTEMPT (5)
Arguments:
Arg1: ffffcf8fa3b71080
Arg2: ff…
-
## 环境
* 测试文件:机密文件夹下新写入的机密后缀名的txt文档
* 写入进程:机密进程
* 代码:你这边的最新的代码
* 测试程序:TEST.exe见后文,需要将其设置为机密进程
* 机密进程:notepad++.exe
* 非机密进程:notepad.exe
## bug复现步骤
1. 运行驱动
2. 运行TEST.exe向机密文件夹下写入文件,运行完毕后关闭该程…
-
1>正在生成代码...
1>yara.obj : error LNK2019: 无法解析的外部符号 compile_files,函数 main 中引用了该符号
1>yara.obj : error LNK2019: 无法解析的外部符号 define_external_variables,函数 main 中引用了该符号
1>D:\code\Windows-driver-samples-mast…
-
Really nice, I have tried compiling it as well as the compiled binary and the service always fails at FltRegisterFilter() running on Win 7 SP1 x86. The log file is created with that error and a "Bye" …
-
**Description**
> *Note*: There is a long two-year old discussion, with lots of "me too" comments on this issue at docker/for-win#3884. Re-opening here based on feedback from @stephen-turner.
St…
-
-
### Information
- Windows Version: Windows 10 1903
- Docker for Windows Version: 2.0.4.0 (33772) - Windows Containers
Create new project from ASP.NET Core 3 API template with Enable Docker …
-
Hi, thanks for your research and for writing this util!
I played with the code, and was wondering whether if except for getting a memory dump it would be possible to kill a remote PPL protected proce…
xorpd updated
3 years ago
-
Hi iam new in reverse engineering iam
using the sys calls and while debugging my exe .
the sys call is done success and the registery manpulated success but after theas things is done .
the KasperS…