search

BlackINT3 / OpenArk

The Next Generation of Anti-Rookit(ARK) tool for Windows.
https://openark.blackint3.com
GNU Lesser General Public License v2.1
9.17k stars 888 forks source link

进入内核模式后电脑的时间被重置了 #47

Closed Tegrisco closed 2 years ago

sjlei commented 3 years ago

遇到同样的问题

XZiar commented 3 years ago

同样的问题。 image 随手搜了一下似乎是这边定义的修改时间,而且结束后会恢复时间: https://github.com/BlackINT3/OpenArk/blob/cf3d548b962f0f5cfb764c626f0c71b37f1ac06b/src/OpenArk/kernel/driver/driver.h#L77-L97 但根据日志,改变时间前时区先变了,导致后来时间显示不对,手动同步时间后恢复。

hzqst commented 3 years ago

我建议直接Patch掉CertVerifyTimeValidity:https://github.com/hzqst/FuckCertVerifyTimeValidity

BlackINT3 commented 2 years ago

@Tegrisco @sjlei @XZiar v1.2.0 fixed.