Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
GNU General Public License v3.0
313
stars
46
forks
source link
Added ZwTerminateProcess to list of dangerous functions #26
Closed
eranzim closed 2 years ago
ZwTerminateProcess can be used to terminate any process in the system (even protected processes such as AVs). See also: https://youtu.be/ViWLMfSwGVA