search

brad-sp / cuckoomon-modified

Modified edition of cuckoomon
GNU General Public License v3.0
23 stars 15 forks source link

Add a hook for NtQueryDirectoryObject #25

Closed KillerInstinct closed 9 years ago

KillerInstinct commented 9 years ago

We'll use this for some additional AntiVM detections. May add in proper buffer parsing later, but for now we can detect enumerations from calls to this API alone.