qilingframework / qiling

A True Instrumentable Binary Emulation Framework

https://qiling.io

GNU General Public License v2.0

5.12k stars 743 forks source link

Closed learn-more closed 3 years ago

learn-more commented 3 years ago

*Describe the bug In windows, drivers can import from ntoskrnl.exe, but usermode applications / dlls cannot.

Expected behavior When starting a 'normal' application, or loading a dll that is not going to run as service, ntoskrnl.exe should not be loaded.

learn-more commented 3 years ago

606 aims to fix this.

xwings commented 3 years ago

Merge PR #606 and close.