search

BlackINT3 / OpenArk

The Next Generation of Anti-Rookit(ARK) tool for Windows.
https://openark.blackint3.com
GNU Lesser General Public License v2.1
9.17k stars 888 forks source link

无法进入内核模式 #54

Closed zz541843 closed 2 years ago

zz541843 commented 3 years ago

进入内核模式一直点没用,下了最新的也没用,没装那些软件,我都退掉了也进不去,没有任何异常,只是时间会被清零,但系统自己又获取回来了,以前都能用的,不知道咋回事

YYforymj commented 3 years ago

遇到了同样的问题,不知道是不是跟系统更新有关系,最近有更新系统,更新之前是可以用的,更新之后就不行了

Snipaste_2021-07-28_12-02-45
zz541843 commented 3 years ago

@YYforymj 我觉得有可能,我现在两台电脑都无法进入内核模式,我的印象中1909的都可以进,我现在一台20H2,一台2004

snsnsjsn commented 3 years ago

我的也无法进入内核模式 image

aengusjiang commented 3 years ago

遇到同样问题

0nizuka commented 3 years ago

Edition Windows 10 Pro Version 20H2 Installed on ‎11/‎21/‎2020 OS build 19042.1110 Experience Windows Feature Experience Pack 120.2212.3530.0

点击内核模式控制台输出: [UNONE::ObLoadDriverW] [ERR] NtLoadDriver service:\Registry\Machine\System\CurrentControlSet\Services\OpenArkDrv64 err:c0000603 [Kernel::onClickKernelMode] [ERR] InstallDriver C:\Users***\AppData\Local\Temp\OpenArkDrv64.sys err

chinauncle commented 3 years ago

版本 Windows 10 专业版 版本号 21H1 安装日期 ‎2021/‎6/‎2 操作系统内部版本 19043.1110 体验 Windows Feature Experience Pack 120.2212.3530.0

[UNONE::ObLoadDriverW] [ERR] NtLoadDriver service:\Registry\Machine\System\CurrentControlSet\Services\OpenArkDrv64 err:c0000603 [Kernel::onClickKernelMode] [ERR] InstallDriver C:\Users***\AppData\Local\Temp\OpenArkDrv64.sys err

flyleave commented 3 years ago

[UNONE::ObLoadDriverW] [ERR] NtLoadDriver service:\Registry\Machine\System\CurrentControlSet\Services\OpenArkDrv64 err:c0000603 [Kernel::onClickKernelMode] [ERR] InstallDriver C:\Users\lenovo\AppData\Local\Temp\OpenArkDrv64.sys err [UNONE::ObLoadDriverW] [ERR] NtLoadDriver service:\Registry\Machine\System\CurrentControlSet\Services\OpenArkDrv64 err:c0000603 [Kernel::onClickKernelMode] [ERR] InstallDriver C:\Users\lenovo\AppData\Local\Temp\OpenArkDrv64.sys err

RekklessO commented 3 years ago

我20h2也不行,现在我ctrl+f的热键不知道被谁占用了,现在什么软件都不能用搜索,烦死了

wangkaish commented 3 years ago

+1

jan-bar commented 3 years ago

选择进入内核模式就卡死。。关键点内核模式立马把电脑时间改成0点了。

wenmin92 commented 3 years ago

我20h2也不行,现在我ctrl+f的热键不知道被谁占用了,现在什么软件都不能用搜索,烦死了

使用 spy++ 也可以定位快捷键占用 参考: https://superuser.com/questions/11308/how-can-i-determine-which-process-owns-a-hotkey-in-windows/1204019#1204019

andronoob commented 3 years ago

58

BlackINT3 commented 2 years ago

v1.2.0 fixed.

ezhengping commented 1 year ago

根据 错误代码 C0000603 我找到了相关错误提示为:STATUS_IMAGE_CERT_REVOKED (0xC0000603): 证书已被颁发者直接吊销。

[UNONE::ObLoadDriverW] [ERR] NtLoadDriver service:\Registry\Machine\System\CurrentControlSet\Services\OpenArkDrv64 err:c0000603

相应的在coder.social中找到了该错误的解决办法。 https://coder.social/BlackINT3/OpenArk

codeking01 commented 1 year ago

解决措施,大家可以试一下: https://github.com/BlackINT3/OpenArk/issues/58?ref=https://githubhelp.com

Jf710001011 commented 9 months ago

重启app对我有效