HVCI模式代码区域内存读写改进

BlackINT3 / OpenArk

The Next Generation of Anti-Rookit(ARK) tool for Windows.

https://openark.blackint3.com

GNU Lesser General Public License v2.1

9.51k stars 915 forks source link

Open Gy4n opened 5 months ago

Gy4n commented 5 months ago

打开了HVCI后进入内核模式，写任意驱动代码段会蓝屏。由于HVCI的限制所以写入操作会产生异常，所以相关代码得包一层try catch。