search

BlackINT3 / OpenArk

The Next Generation of Anti-Rookit(ARK) tool for Windows.
https://openark.blackint3.com
GNU Lesser General Public License v2.1
9.17k stars 888 forks source link

点击进入内核模式无反应 #180

Closed Apoil closed 4 months ago

Apoil commented 4 months ago

日志: [UNONE::PsGetProcessInfo64W] [ERR] VirtualOpenProcess pid:4 err:5 [Kernel::InitKernelEntryView::::operator ()] [INFO] 操作系统 : Windows 11 [Kernel::InitKernelEntryView::::operator ()] [INFO] 主版本号 : 10 [Kernel::InitKernelEntryView::::operator ()] [INFO] 副版本号 : 0 [Kernel::InitKernelEntryView::::operator ()] [INFO] 发行编号 : [Kernel::InitKernelEntryView::::operator ()] [INFO] 编译号 : 22635 [Kernel::InitKernelEntryView::::operator ()] [INFO] 主服务包 : 0 [Kernel::InitKernelEntryView::::operator ()] [INFO] 副服务包 : 0 [Kernel::InitKernelEntryView::::operator ()] [INFO] R3地址空间 : 0x10000 - 0x7FFFFFFEFFFF [Kernel::InitKernelEntryView::::operator ()] [INFO] R0地址空间 : 0xFFFF080000000000 - 0xFFFFFFFFFFFFFFFF [Kernel::InitKernelEntryView::::operator ()] [INFO] 页面大小 : 4 KB [Kernel::InitKernelEntryView::::operator ()] [INFO] 物理内存 : 16 GB [Kernel::InitKernelEntryView::::operator ()] [INFO] CPU核数 : 16 [Kernel::InitKernelEntryView::::operator ()] [INFO] 系统根目录 : C:\WINDOWS [Kernel::InitKernelEntryView::::operator ()] [INFO] 启动时间 : 2024-05-10 09:56:34 (0Day/2Hour/27Min) [Kernel::InitKernelEntryView::::operator ()] [INFO] BootInfo : UEFI & SecureBoot [Kernel::InitKernelEntryView::::operator ()] [INFO] HVM : VT Enabled [OpenArk::onActionCheckUpdate] [INFO] requset server:http://file.blackint3.com:88/openark/version.txt [OpenArk::onActionCheckUpdate::::operator ()] [INFO] local appver:1.3.4, build:202312202152 [OpenArk::onActionCheckUpdate::::operator ()] [INFO] server responsed:{ "err": 0, "appver": "1.3.4", "appbd": "202312202152", "appcl": "LSDov5vnqIvlop7lvLrvvJrlop7liqDlhoXlrZjkvb/nlKjjgIFQRULjgIFURULjgIHnur/nqIvmoIjjgIHnu5PmnZ/nur/nqIvnrYnlkITnp43lip/og70NCi0g5YaF5qC45aKe5by677ya5aKe5Yqg5YWo5YaF5a2Y5pCc57Si44CB5Y246L296amx5Yqo5YiX6KGo44CB6ZWc5YOP5Yqr5oyB44CB5Yqg6L2956ym5Y+3562J5ZCE56eN5Yqf6IO9DQotIOaJq+aPj+aPkOWNh++8muS8mOWMllBF5omr5o+P44CB5pSv5oyB6Kej5p6Q5YaF5a2Y5YyWUEXnrYnlip/og70NCi0g6Kej5Yaz6YOo5YiG5LiN6IO96L+b5YWl5YaF5qC45qih5byP55qE6Zeu6aKYDQotIEJVR+S/ruWkje+8jOi/mOacieWFtuWug+W+iOWkmuacquaPkOWPiueahOWKn+iDvQ0KLSDnibnliKvor7TmmI7vvJrlop7liqDoh7TosKLlkI3ljZXvvIzmhJ/osKLlr7lPcGVuQXJr55qE5pSv5oyB77yBDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCi0gSW1wb3ZlZCBwcm9jZXNzIG1hbmFnZXI6IEFkZGVkIG1lbW9yeSB1c2FnZSwgUEVCLCBURUIsIENhbGxTdGFjaywgVGVybWluYXRlIFRocmVhZCBldGMuDQotIEltcG92ZWQga2VybmVsIG1hbmFnZXI6IEFkZGVkIG1lbW9yeSBzZWFyY2gsIFVubG9hZGVkIGRyaXZlcnMsIElGRU8sIExvYWQgc3ltYm9scyBldGMuDQotIEltcHJvdmVkIHNjYW5uZXI6IEltcHJvdmVkIHBlIHNjYW5uZXIsIEFkZGVkIHNjYW5uZXIgZm9yIE1lbW9yeSBQRS4NCi0gRml4ZWQgc29tZSBmYWlsdXJlIGNhc2Ugd2hlbiBlbnRlciBrZXJuZWwgbW9kZS4NCi0gQnVnZml4ZWQgYW5kIG1hbnkgb3RoZXIgdW5tZW50aW9uZWQgZmVhdHVyZXMuDQotIFNwZWNpYWwgTm90ZXM6IEFkZGVkIGFja25vd2xlZGdlbWVudHMsIHRoYW5rcyBmb3IgeW91ciBzdXBwb3J0IQ==", "appurl": "https://github.com/BlackINT3/OpenArk/releases" }

[OpenArk::onActionCheckUpdate::::operator ()] [INFO] OpenArk is latest. [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\20169\AppData\Roaming\OpenArk\symbols\ci.pdb\51CED2066021F857022AE9E35A0FE5401\ci.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\20169\AppData\Roaming\OpenArk\symbols\fltMgr.pdb\5EF09FCA1A5196C35EDD1D0DD67D0C8E1\fltMgr.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\20169\AppData\Roaming\OpenArk\symbols\netio.pdb\97AC2E53A8622279859E195113EA6DBA1\netio.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\20169\AppData\Roaming\OpenArk\symbols\ntkrnlmp.pdb\0E05343CDF2EC64CFB403715DF4193981\ntkrnlmp.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/ntkrnlmp.pdb/0E05343CDF2EC64CFB403715DF4193981/ntkrnlmp.pdb [Kernel::ParseKernelSymbol] [ERR] LoadSymbol: C:\Users\20169\AppData\Roaming\OpenArk\symbols\ntkrnlmp.pdb\0E05343CDF2EC64CFB403715DF4193981\ntkrnlmp.pdb err [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\20169\AppData\Roaming\OpenArk\symbols\win32k.pdb\D89BC9272BF796841DF43E7AC30971321\win32k.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\20169\AppData\Roaming\OpenArk\symbols\win32kbase.pdb\E64841AC18381A61D5A3C29983B908591\win32kbase.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\20169\AppData\Roaming\OpenArk\symbols\win32kfull.pdb\E07B1F42F7404D24D1CB04039146D2F51\win32kfull.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/win32kfull.pdb/E07B1F42F7404D24D1CB04039146D2F51/win32kfull.pdb [UNONE::ObLoadDriverW] [ERR] NtLoadDriver service:\Registry\Machine\System\CurrentControlSet\Services\OpenArkDrv64 err:c0000428 [Kernel::ParseKernelSymbol] [ERR] LoadSymbol: C:\Users\20169\AppData\Roaming\OpenArk\symbols\win32kfull.pdb\E07B1F42F7404D24D1CB04039146D2F51\win32kfull.pdb err [Kernel::onEnterKernelMode] [INFO] InstallDriver 1. [Kernel::onEnterKernelMode] [INFO] InstallDriver 2. [Kernel::onEnterKernelMode] [ERR] InstallDriver C:\Users\20169\AppData\Roaming\OpenArk\kernel\OpenArkDrv64.sys err

hexiyou commented 4 months ago

同样的问题,应该是最近Windows补丁更新升级后,软件不适配了

unreading commented 4 months ago

我也。

BlackINT3 commented 4 months ago

Try again or upgrade to v1.3.6.