Search found 81 matches

by m5home
Sun Nov 05, 2017 2:50 am
Forum: Kernel-Mode Development
Topic: WIN64 Driver Development Basic Tutorial
Replies: 19
Views: 42889

Re: WIN64 Driver Development Basic Tutorial

myid wrote:Code of enumerate create process notification is outdated, could you update your code?
Could you tell me how to enumerate the process notifications created by PsSetCreateProcessNotifyRoutineEx2?
It is not so different between all systems. All process notifications are in the same array.
by m5home
Sun Nov 05, 2017 2:40 am
Forum: Tools/Software
Topic: [2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)
Replies: 98
Views: 336553

New Version Released!

WIN64AST 1.19 - Support WIN10-16299

Download URLs:
https://pan.baidu.com/s/1skNHd9r
https://pan.baidu.com/s/1hspJHOw (WITH .NET4 FRAMEWORK)
(If you do not have ID on this forum, you can download WIN64AST via these URLs)
by m5home
Sat Sep 02, 2017 1:50 pm
Forum: Kernel-Mode Development
Topic: Reading pageable memory at HIGH_LEVEL
Replies: 3
Views: 7903

Re: Reading pageable memory at HIGH_LEVEL

I don't think anyone can read the pageable memory when IRQL is higher than APC_LEVEL.
by m5home
Sat Sep 02, 2017 1:42 pm
Forum: Kernel-Mode Development
Topic: Very Simple Question: How to read any kernel address safely?
Replies: 7
Views: 14605

Re: Very Simple Question: How to read any kernel address saf

Use MmGetPhysicalAddress to get the physical address of the your virtual address, if it return a none-zero value, use MmMapIoSpace to get a NEW virtual address and read it.
If you want to know more details about verify a virtual address is valid or not, try to read the source code of Cheat Engine.
by m5home
Sun May 14, 2017 2:34 am
Forum: Tools/Software
Topic: [2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)
Replies: 98
Views: 336553

New Version Released!

WIN64AST 1.10 BETA8 - Support WIN10-15063

Download URLs:
http://pan.baidu.com/s/1qYyNgN6
http://pan.baidu.com/s/1dF7WXnb (WITH .NET4 FRAMEWORK)
(If you do not have ID on this forum, you can download WIN64AST via these URLs)
by m5home
Wed Aug 31, 2016 12:14 pm
Forum: Tools/Software
Topic: [2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)
Replies: 98
Views: 336553

New Version Released!

WIN64AST 1.10 BETA7 - Support WIN10-14393

Download URLs:
http://pan.baidu.com/s/1nvRfOdr
http://pan.baidu.com/s/1nvPJXxv (WITH .NET4 FRAMEWORK)
(If you do not have ID on this forum, you can download WIN64AST via these URLs)
by m5home
Mon Dec 28, 2015 4:22 pm
Forum: Tools/Software
Topic: [2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)
Replies: 98
Views: 336553

New Version Released!

WIN64AST 1.10 BETA6 - Support WIN10-10586

Download URLs:
http://pan.baidu.com/s/1dEeXaTz
http://pan.baidu.com/s/1c1eZdfi (WITH .NET4 FRAMEWORK)
(If you do not have ID on this forum, you can download WIN64AST via these URLs)
by m5home
Mon Dec 28, 2015 4:17 pm
Forum: Tools/Software
Topic: [2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)
Replies: 98
Views: 336553

Re: [2015-08-04]ARK for Windows x64: WIN64AST(Page8#78)

Hi m5home, Since I'm extensively using the behavior blocker function I noticed another BSOD that seems to be reproducible reliably. The issue occurs if I attempt to create a process with an initial thread in it using the well known steps listed below. NtCreateSection("csrss.exe") NtCreateProcess Nt...
by m5home
Mon Nov 02, 2015 8:24 am
Forum: Kernel-Mode Development
Topic: Kernel - Handle Hiding (7,8,8.1,10) x64 (4 Methods)
Replies: 5
Views: 6616

Re: Kernel - Handle Hiding (7,8,8.1,10) x64 (4 Methods)

I like hide process nearly 6 years ago.
I found that hide process is not useful, because it make process cannot work normally (Some API, like CreateProcess, will always return failed after hide process).
by m5home
Mon Nov 02, 2015 8:15 am
Forum: Tools/Software
Topic: [2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)
Replies: 98
Views: 336553

Re: [2015-08-04]ARK for Windows x64: WIN64AST(Page8#78)

tcxyqs wrote:Good tool. Could you support WIN10 10525?
Not support any preview/beta version system.