Closed xmzyshypnc closed 5 years ago
richinseattle
commented
5 years ago Hello, a mitigation introduced for Patchguard broke our use of ToPA. I recommend you look at Alex Ionescu's library that interfaces with the now built-in ipt.sys in build 1803 and later. https://github.com/ionescu007/winipt
xmzyshypnc
commented
5 years ago Hello, a mitigation introduced for Patchguard broke our use of ToPA. I recommend you look at Alex Ionescu's library that interfaces with the now built-in ipt.sys in build 1803 and later. https://github.com/ionescu007/winipt
Thanks a lot man! You guys did have finished a brilliant job, as you have suggested, I downloaded the winipt and compile it with vs2017, it worked perfectly. But I have an another puzzle. Here is the question: When I got the train.bin, I used simplePt in Linux to resolove it. And the result is the record of full process(with 6 threads), so I wonder if there is some way to distinguish the result of different thread in a process? If so, please let me know. Best wishes.
973771793
commented
5 years ago Hello, a mitigation introduced for Patchguard broke our use of ToPA. I recommend you look at Alex Ionescu's library that interfaces with the now built-in ipt.sys in build 1803 and later. https://github.com/ionescu007/winipt
Thanks a lot man! You guys did have finished a brilliant job, as you have suggested, I downloaded the winipt and compile it with vs2017, it worked perfectly. But I have an another puzzle. Here is the question: When I got the train.bin, I used simplePt in Linux to resolove it. And the result is the record of full process(with 6 threads), so I wonder if there is some way to distinguish the result of different thread in a process? If so, please let me know. Best wishes.
LaoGe ,Can you share the winipt compiled files? I meet many problems when i try to compile it. thanks
Here is the problem, I start the service and open the ControlApp.exe. Then I don't know what should be put in to trace a usermod process and a kernel driver. service name? process number or others? Please give me a clear usage about it.