search

BlackINT3 / OpenArk

The Next Generation of Anti-Rookit(ARK) tool for Windows.
https://openark.blackint3.com
GNU Lesser General Public License v2.1
8.29k stars 835 forks source link

OpenArk v1.3.4 无法进入内核模式 #177

Closed hunter40340340403 closed 1 month ago

hunter40340340403 commented 3 months ago

OpenArk v1.3.4 无法进入内核模式, 以管理员模式启动之后点击内核模式想查看系统热键没反应。 重装系统后一开始还能看到,关机使用一段时间后又不行了。

OpenArk Console Copyright (C) 2019 BlackINT3 https://github.com/BlackINT3/OpenArk [UNONE::FsReadFileDataW] [WARN] C:\Users\13431\AppData\Roaming\OpenArk\console\history.txt is empty file [UNONE::PsGetProcessInfo64W] [ERR] VirtualOpenProcess pid:4 err:5 [Kernel::InitKernelEntryView::::operator ()] [INFO] 操作系统 : Windows 11 [Kernel::InitKernelEntryView::::operator ()] [INFO] 主版本号 : 10 [Kernel::InitKernelEntryView::::operator ()] [INFO] 副版本号 : 0 [Kernel::InitKernelEntryView::::operator ()] [INFO] 发行编号 : 23H2 [Kernel::InitKernelEntryView::::operator ()] [INFO] 编译号 : 22631 [Kernel::InitKernelEntryView::::operator ()] [INFO] 主服务包 : 0 [Kernel::InitKernelEntryView::::operator ()] [INFO] 副服务包 : 0 [Kernel::InitKernelEntryView::::operator ()] [INFO] R3地址空间 : 0x10000 - 0x7FFFFFFEFFFF [Kernel::InitKernelEntryView::::operator ()] [INFO] R0地址空间 : 0xFFFF080000000000 - 0xFFFFFFFFFFFFFFFF [Kernel::InitKernelEntryView::::operator ()] [INFO] 页面大小 : 4 KB [Kernel::InitKernelEntryView::::operator ()] [INFO] 物理内存 : 32 GB [Kernel::InitKernelEntryView::::operator ()] [INFO] CPU核数 : 32 [Kernel::InitKernelEntryView::::operator ()] [INFO] 系统根目录 : C:\Windows [Kernel::InitKernelEntryView::::operator ()] [INFO] 启动时间 : 2024-04-08 12:12:22 (0Day/0Hour/10Min) [Kernel::InitKernelEntryView::::operator ()] [INFO] BootInfo : UEFI & SecureBoot [Kernel::InitKernelEntryView::::operator ()] [INFO] HVM : VT Enabled [OpenArk::onActionCheckUpdate] [INFO] requset server:http://file.blackint3.com:88/openark/version.txt [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\13431\AppData\Roaming\OpenArk\symbols\ci.pdb\ADF139643E90B9662DA0914DA17586E21\ci.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/ci.pdb/ADF139643E90B9662DA0914DA17586E21/ci.pdb [OpenArk::onActionCheckUpdate::::operator ()] [INFO] local appver:1.3.4, build:202312202152 [OpenArk::onActionCheckUpdate::::operator ()] [INFO] server responsed:{ "err": 0, "appver": "1.3.4", "appbd": "202312202152", "appcl": "LSDov5vnqIvlop7lvLrvvJrlop7liqDlhoXlrZjkvb/nlKjjgIFQRULjgIFURULjgIHnur/nqIvmoIjjgIHnu5PmnZ/nur/nqIvnrYnlkITnp43lip/og70NCi0g5YaF5qC45aKe5by677ya5aKe5Yqg5YWo5YaF5a2Y5pCc57Si44CB5Y246L296amx5Yqo5YiX6KGo44CB6ZWc5YOP5Yqr5oyB44CB5Yqg6L2956ym5Y+3562J5ZCE56eN5Yqf6IO9DQotIOaJq+aPj+aPkOWNh++8muS8mOWMllBF5omr5o+P44CB5pSv5oyB6Kej5p6Q5YaF5a2Y5YyWUEXnrYnlip/og70NCi0g6Kej5Yaz6YOo5YiG5LiN6IO96L+b5YWl5YaF5qC45qih5byP55qE6Zeu6aKYDQotIEJVR+S/ruWkje+8jOi/mOacieWFtuWug+W+iOWkmuacquaPkOWPiueahOWKn+iDvQ0KLSDnibnliKvor7TmmI7vvJrlop7liqDoh7TosKLlkI3ljZXvvIzmhJ/osKLlr7lPcGVuQXJr55qE5pSv5oyB77yBDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCi0gSW1wb3ZlZCBwcm9jZXNzIG1hbmFnZXI6IEFkZGVkIG1lbW9yeSB1c2FnZSwgUEVCLCBURUIsIENhbGxTdGFjaywgVGVybWluYXRlIFRocmVhZCBldGMuDQotIEltcG92ZWQga2VybmVsIG1hbmFnZXI6IEFkZGVkIG1lbW9yeSBzZWFyY2gsIFVubG9hZGVkIGRyaXZlcnMsIElGRU8sIExvYWQgc3ltYm9scyBldGMuDQotIEltcHJvdmVkIHNjYW5uZXI6IEltcHJvdmVkIHBlIHNjYW5uZXIsIEFkZGVkIHNjYW5uZXIgZm9yIE1lbW9yeSBQRS4NCi0gRml4ZWQgc29tZSBmYWlsdXJlIGNhc2Ugd2hlbiBlbnRlciBrZXJuZWwgbW9kZS4NCi0gQnVnZml4ZWQgYW5kIG1hbnkgb3RoZXIgdW5tZW50aW9uZWQgZmVhdHVyZXMuDQotIFNwZWNpYWwgTm90ZXM6IEFkZGVkIGFja25vd2xlZGdlbWVudHMsIHRoYW5rcyBmb3IgeW91ciBzdXBwb3J0IQ==", "appurl": "https://github.com/BlackINT3/OpenArk/releases" }

[OpenArk::onActionCheckUpdate::::operator ()] [INFO] OpenArk is latest. [HttpDownload::::operator ()] [INFO] Download failed, err:3, msg:Host msdl.blackint3.com not found [Kernel::ParseKernelSymbol] [ERR] LoadSymbol: C:\Users\13431\AppData\Roaming\OpenArk\symbols\ci.pdb\ADF139643E90B9662DA0914DA17586E21\ci.pdb err [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\13431\AppData\Roaming\OpenArk\symbols\fltMgr.pdb\83BB2BA7D753BA4755EA363DD75677321\fltMgr.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/fltMgr.pdb/83BB2BA7D753BA4755EA363DD75677321/fltMgr.pdb [HttpDownload::::operator ()] [INFO] Download failed, err:3, msg:Host msdl.blackint3.com not found [Kernel::ParseKernelSymbol] [ERR] LoadSymbol: C:\Users\13431\AppData\Roaming\OpenArk\symbols\fltMgr.pdb\83BB2BA7D753BA4755EA363DD75677321\fltMgr.pdb err [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\13431\AppData\Roaming\OpenArk\symbols\netio.pdb\97AC2E53A8622279859E195113EA6DBA1\netio.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/netio.pdb/97AC2E53A8622279859E195113EA6DBA1/netio.pdb [HttpDownload::::operator ()] [INFO] Download failed, err:3, msg:Host msdl.blackint3.com not found [Kernel::ParseKernelSymbol] [ERR] LoadSymbol: C:\Users\13431\AppData\Roaming\OpenArk\symbols\netio.pdb\97AC2E53A8622279859E195113EA6DBA1\netio.pdb err [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\13431\AppData\Roaming\OpenArk\symbols\ntkrnlmp.pdb\54C8C67BD2A54FA5BD82F1BE21CF4A3A1\ntkrnlmp.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/ntkrnlmp.pdb/54C8C67BD2A54FA5BD82F1BE21CF4A3A1/ntkrnlmp.pdb [HttpDownload::::operator ()] [INFO] Download failed, err:3, msg:Host msdl.blackint3.com not found [Kernel::ParseKernelSymbol] [ERR] LoadSymbol: C:\Users\13431\AppData\Roaming\OpenArk\symbols\ntkrnlmp.pdb\54C8C67BD2A54FA5BD82F1BE21CF4A3A1\ntkrnlmp.pdb err [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\13431\AppData\Roaming\OpenArk\symbols\win32k.pdb\7BAD1A903050A647A0C3B6CE172545001\win32k.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/win32k.pdb/7BAD1A903050A647A0C3B6CE172545001/win32k.pdb [HttpDownload::::operator ()] [INFO] Download failed, err:3, msg:Host msdl.blackint3.com not found [Kernel::ParseKernelSymbol] [ERR] LoadSymbol: C:\Users\13431\AppData\Roaming\OpenArk\symbols\win32k.pdb\7BAD1A903050A647A0C3B6CE172545001\win32k.pdb err [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\13431\AppData\Roaming\OpenArk\symbols\win32kbase.pdb\03E62055FEC1CCC045B8BE46847E97BD1\win32kbase.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/win32kbase.pdb/03E62055FEC1CCC045B8BE46847E97BD1/win32kbase.pdb [HttpDownload::::operator ()] [INFO] Download failed, err:3, msg:Host msdl.blackint3.com not found [Kernel::ParseKernelSymbol] [ERR] LoadSymbol: C:\Users\13431\AppData\Roaming\OpenArk\symbols\win32kbase.pdb\03E62055FEC1CCC045B8BE46847E97BD1\win32kbase.pdb err [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\13431\AppData\Roaming\OpenArk\symbols\win32kfull.pdb\EB706B7F54961CCC7B5CB9676892BF751\win32kfull.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/win32kfull.pdb/EB706B7F54961CCC7B5CB9676892BF751/win32kfull.pdb [HttpDownload::::operator ()] [INFO] Download failed, err:3, msg:Host msdl.blackint3.com not found [Kernel::ParseKernelSymbol] [ERR] LoadSymbol: C:\Users\13431\AppData\Roaming\OpenArk\symbols\win32kfull.pdb\EB706B7F54961CCC7B5CB9676892BF751\win32kfull.pdb err

hunter40340340403 commented 2 months ago

问题已解决,将拳头的Riot Vanguard反作弊卸载就好了

BlackINT3 commented 2 months ago

116 c0000365 load driver error.