search

BlackINT3 / OpenArk

The Next Generation of Anti-Rookit(ARK) tool for Windows.
https://openark.blackint3.com
GNU Lesser General Public License v2.1
8.29k stars 835 forks source link

内核模式Minifilter禁用过滤器功能BUG #166

Closed Gy4n closed 1 month ago

Gy4n commented 5 months ago

如果过滤器中只存在POST回调时,patch 为return 1,会导致文件操作卡死,此时应该patch 为return 0

Gy4n commented 5 months ago

测试的是火绒剑 独立版 2.0.0.14

Gy4n commented 5 months ago

禁用这个IRP_MJ_CLEANUP_POST回调后,文件操作会被卡死。 image

BlackINT3 commented 5 months ago

@Gy4n Thanks for feedbacking. It works in v1.3.6.

BlackINT3 commented 1 month ago

v1.3.6 released.