search

BlackINT3 / OpenArk

The Next Generation of Anti-Rookit(ARK) tool for Windows.
https://openark.blackint3.com
GNU Lesser General Public License v2.1
8.26k stars 834 forks source link

c0000365 load driver error. #116

Open oiiohaunrjg049 opened 1 year ago

oiiohaunrjg049 commented 1 year ago

[ArkDrvApi::Process::OpenProcess] [ERR] OpenProcess by Kernel pid:4 err:2 [ArkDrvApi::Process::OpenProcess] [ERR] OpenProcess by Kernel pid:4 err:2 [OpenArk::onActionCheckUpdate] [INFO] requset server:http://file.blackint3.com:88/openark/version.txt [OpenArk::onActionCheckUpdate::::operator ()] [INFO] local appver:1.3.0, build:202302271420 [OpenArk::onActionCheckUpdate::::operator ()] [INFO] server responsed:{ "err": 0, "appver": "1.3.0", "appbd": "202302271420", "appcl": "6L+b56iL566h55CG5aKe5by677yM6Ieq5Yqo5Yi35paw77yM5pSv5oyB5ouW5Yqo6YCJ5oup56qX5Y+jCuWGheaguOWinuWKoFNTRFQvU2hhZG93L1dGUC9GaWx0ZXIvTWluaWZpbHRlci9UaW1lcuetieWkmuenjeWbnuiwgwrng63plK7mlK/mjIFXaW4xMQrlt6XlhbflupPlkIjlubbvvIzmm7TmlrDmjaLku6PvvIzmlK/mjIHmn6Xor6IK5omr5o+P5Zmo5aKe5YqgRUxG44CB5pmu6YCa5paH5Lu25omr5o+PCuWinuWKoOaVsOWtpuiuoeeul+etiee8lueoi+WKqeaJiwrlkITnp41CVUfkv67lpI3vvIzlkITnp43orrDkuI3muIXnmoTlip/og70K5pe26ZqU5LiA5bm077yM5Y+q6IO96K+077yMR29vZCBMdWNrIDIwMjPvvIEKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCkltcG92ZWQgcHJvY2VzcyBtYW5hZ2VyLCByZWZyZXNoIGF1dG9tYXRpY2FsbHkuCkFkZGVkIGtlcm5lbCBmZWF0dXJlcywgU1NEVC9TaGFkb3cvV0ZQL0ZpbHRlci9NaW5pZmlsdGVyL1RpbWVyIGV0Yy4KQWRkZWQgZW51bSBob3RrZXkgZm9yIHdpbjExLgpBZGRlZCB0b29scyByZXBvLCBzZWFyY2ggc3VwcG9ydGVkLgpBZGRlZCBFTEYvRklMRSBzY2FubmVyIC4KQWRkZWQgbWF0Y2ggY2FjdWxhdG9yIGluIGNvZGVraXRzLgpCdWdmaXhlZCBhbmQgb3RoZXIgZmVhdHVyZXMuCkdvb2QgTHVjayAyMDIzIQo=", "appurl": "https://github.com/BlackINT3/OpenArk/releases" }

[OpenArk::onActionCheckUpdate::::operator ()] [INFO] OpenArk is latest. [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\Sry0\AppData\Roaming\OpenArk\symbols\fltMgr.pdb\969A6F3F7B6B03139ED9D16D82046A491\fltMgr.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\Sry0\AppData\Roaming\OpenArk\symbols\netio.pdb\82D9B95D33C01AD2CCA525064EB1AE681\netio.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\Sry0\AppData\Roaming\OpenArk\symbols\ntkrnlmp.pdb\BA9ADAB7BA8CB5E25979A446F50D627D1\ntkrnlmp.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\Sry0\AppData\Roaming\OpenArk\symbols\win32kfull.pdb\F7004E0F4D6398B701768DF43EED9B8F1\win32kfull.pdb [UNONE::ObLoadDriverW] [ERR] NtLoadDriver service:\Registry\Machine\System\CurrentControlSet\Services\OpenArkDrv64 err:c0000365 [Kernel::onClickKernelMode] [ERR] InstallDriver C:\Users\Sry0\AppData\Roaming\OpenArk\kernel\OpenArkDrv64.sys err

BlackINT3 commented 1 year ago

@oiiohaunrjg049 看上去驱动像是被拦截了,需要加白放行。

S3L1M commented 1 year ago

@oiiohaunrjg049 Do you have anti-cheat software installed (e.g., Vangaud or FACEIT)? It's likely true if you have Valorant. If so, uninstalling it will solve your issue.

(CN-Translated) @oiiohaunrjg049 你有安装反作弊软件吗(例如Vangaud或FACEIT)?如果你有Valorant的话,很可能会有这个软件。 如果是的话,卸载它可以解决你的问题。

BlackINT3 commented 7 months ago

@oiiohaunrjg049 Do you have anti-cheat software installed (e.g., Vangaud or FACEIT)? It's likely true if you have Valorant. If so, uninstalling it will solve your issue.

(CN-Translated) @oiiohaunrjg049 你有安装反作弊软件吗(例如Vangaud或FACEIT)?如果你有Valorant的话,很可能会有这个软件。 如果是的话,卸载它可以解决你的问题。

Cool, You are right. it just be prohibited by vgk.sys.

vgk.sys 0xFFFFF802531A0000 - C:\Program Files\Riot Vanguard\vgk.sys - - Riot Games, Inc. 1.14.1.23 Vanguard kernel-mode driver.