Closed get1n closed 3 months ago
dom0ng
commented
1 year ago @get1n
You need to create this key to see additional informations.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter The set the Default Value to 0xf.
get1n
commented
1 year ago I have :( @dom0ng
ekknod
commented
1 year ago First of all nice release @ekknod :)
I tried to run your fun - hooker but unfortunately it doens't work; After reinstalling driver it only prints out 640_done:
settings are: Capture kernel, Enable verbose, Pass-Through and Capture events.
What am I missing?
fun-hooker is installing PsSetLoadImageNotifyRoutine, that routine is looking for the target driver being loaded and then patches functions to provide debug information. Could the driver name be different with your system for unknown reason?
ekknod
commented
1 year ago I found source code in case someone needs https://pastebin.com/fNnyWKVj
First of all nice release @ekknod :)
I tried to run your fun - hooker but unfortunately it doens't work; After reinstalling driver it only prints out 640_done:
settings are: Capture kernel, Enable verbose, Pass-Through and Capture events.
What am I missing?