search

BlackINT3 / OpenArk

The Next Generation of Anti-Rookit(ARK) tool for Windows.
https://openark.blackint3.com
GNU Lesser General Public License v2.1
8.29k stars 835 forks source link

内核模式 点击后无反应 #153

Closed Leon-Shaw closed 8 months ago

Leon-Shaw commented 8 months ago

系统信息 Windows 10 专业工作站版 22H2 内部版本 19045.3570

经查err:c0000603为: STATUS_IMAGE_CERT_REVOKED (0xC0000603): 证书已被颁发者直接吊销。

控制台信息 [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\LeonShaw\AppData\Roaming\OpenArk\symbols\fltMgr.pdb\C6B7358770920641714F8F39943309AC1\fltMgr.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\LeonShaw\AppData\Roaming\OpenArk\symbols\netio.pdb\4EE18C895B06AFCE34AC7F0F7C5862E31\netio.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\LeonShaw\AppData\Roaming\OpenArk\symbols\ntkrnlmp.pdb\606FF669409B00F7FC8C61A9C16701291\ntkrnlmp.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\LeonShaw\AppData\Roaming\OpenArk\symbols\win32kfull.pdb\151C3FD156383785149071174DFF74601\win32kfull.pdb [UNONE::ObLoadDriverW] [ERR] NtLoadDriver service:\Registry\Machine\System\CurrentControlSet\Services\OpenArkDrv64 err:c0000603 [Kernel::onClickKernelMode] [ERR] InstallDriver C:\Users\LeonShaw\AppData\Roaming\OpenArk\kernel\OpenArkDrv64.sys er

BlackINT3 commented 8 months ago

v1.3.2 released.