-
I get this error when I try kdu.exe -dse 6
```
[#] Kernel Driver Utility v1.2.8 (build 2212) started, (c)2020 - 2022 KDU Project
[#] Build at Fri Dec 9 07:44:47 2022, header checksum 0x4FDEE
[#…
-
实验环境:
* Windows自带的视频播放器(非机密进程)
* 加密后的mp4文件
在使用自带视频播放器尝试打开mp4文件时,PostRead函数的FltLockUserBuffer函数报错。主要信息如下:
```bash
INVALID_PROCESS_ATTACH_ATTEMPT (5)
Arguments:
Arg1: ffffcf8fa3b71080
Arg2: ff…
-
Just checked for update on process hacker and windows told me this:
-
## 环境
* 测试文件:机密文件夹下新写入的机密后缀名的txt文档
* 写入进程:机密进程
* 代码:你这边的最新的代码
* 测试程序:TEST.exe见后文,需要将其设置为机密进程
* 机密进程:notepad++.exe
* 非机密进程:notepad.exe
## bug复现步骤
1. 运行驱动
2. 运行TEST.exe向机密文件夹下写入文件,运行完毕后关闭该程…
-
I would like to use ProjFS in my projects without needing to vendor the library. Is there any reason why https://www.nuget.org/packages/Microsoft.Windows.ProjFS/ was deprecated and no longer updated?
-
when enable "File" in fleet via endpoint "security integration" in the "event collection windows" we can monitor a lot of file event (deletion, modification, rename, ...) but NOT access/open file.
…
-
I am running Windows 10 with all updates installed. If I look at Task Manager I see Windows Explorer is using about 75 meg. I soon as I load Open-Shell the memory usage goes up to 1.7 to 1.9 gig. If I…
-
你好,我在虚拟机测试ppt文档时,修改文档生成出.tmp会触发PocPostSetInformationOperation->FltDeleteStreamContext NewFileName = \Users\Administrator\Desktop\qd\加密流量分析功能(ETA) - 副本~0B0E52.tmp.,他然后会zwcreatefile然后走,PocReentryToEncry…
-
1>正在生成代码...
1>yara.obj : error LNK2019: 无法解析的外部符号 compile_files,函数 main 中引用了该符号
1>yara.obj : error LNK2019: 无法解析的外部符号 define_external_variables,函数 main 中引用了该符号
1>D:\code\Windows-driver-samples-mast…
-
Really nice, I have tried compiling it as well as the compiled binary and the service always fails at FltRegisterFilter() running on Win 7 SP1 x86. The log file is created with that error and a "Bye" …