Search found 4240 matches

by EP_X0FF
Thu Aug 16, 2018 8:03 am
Forum: Tools/Software
Topic: Windows Object Explorer 64-bit (WinObjEx64)
Replies: 13
Views: 36741

Re: Windows Object Explorer 64-bit (WinObjEx64)

v1.5.4

Added display of Process Trust Label for Directory object type.

Links same as above.
by EP_X0FF
Thu Aug 16, 2018 4:28 am
Forum: Newbie Questions
Topic: Export drivers
Replies: 11
Views: 180

Re: Export drivers

Def is standard module definition file same as when you create usual DLL. If you unfamiliar with creating dlls in user mode, ffs why you want to do this in kernel?
by EP_X0FF
Wed Aug 15, 2018 1:55 pm
Forum: Newbie Questions
Topic: Export drivers
Replies: 11
Views: 180

Re: Export drivers

https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/creating-export-drivers e.g. https://github.com/asnorkin/windows_kernel_logger_driver/tree/be8c34a34be6d38fe2a354516657c35643e9d536/library_driver/library_driver/library_driver, https://github.com/osresearch/uxen/tree/83bad53c220541fd1...
by EP_X0FF
Fri Aug 10, 2018 1:15 pm
Forum: Newbie Questions
Topic: show pids from PEPROCESS and PLIST_ENTRY
Replies: 2
Views: 228

Re: show pids from PEPROCESS and PLIST_ENTRY

currentProcess = (PEPROCESS)((unsigned char *)currentLink - ACTIVE_PROCESS_LINK_OFFS64); //2f0 currentPID = ((HANDLE*)currentLink - 0x8); i++; KdPrint(("Current PID: %d", currentPID)); Are you sure you understand what you do? currentLink is LIST_ENTRY not EPROCESS object. Your EPROCESS object is cu...
by EP_X0FF
Thu Aug 09, 2018 4:45 pm
Forum: General Discussion
Topic: Help me please.
Replies: 1
Views: 171

Re: Help me please.

by EP_X0FF
Thu Aug 09, 2018 4:42 pm
Forum: Newbie Questions
Topic: pass function argument as Addr
Replies: 3
Views: 532

Re: pass function argument as Addr

Your kernel module lacks most of code.

http://derekmolloy.ie/writing-a-linux-k ... er-device/
by EP_X0FF
Mon Aug 06, 2018 4:02 pm
Forum: Tools/Software
Topic: MpEnum - dump all threat families from Windows Defender
Replies: 0
Views: 457

MpEnum - dump all threat families from Windows Defender

https://github.com/hfiref0x/MpEnum What it can: enumerate all "bad" threats (families) from AV DB, list it by category (> 50 categories) and save each category families list to file. What it can't: enumerate actual definitions in each family. As you understand this is out of my interest. Compiled bi...
by EP_X0FF
Tue Jul 24, 2018 12:08 pm
Forum: Completed Malware Requests
Topic: Looking for 1 trojan
Replies: 4
Views: 530

Re: Looking for 1 trojan

I do not understand, I made a request under the rules No you not. You have posted zero content, only 2 posts in this thread which is a request. Requests from users with ZERO (0) posts, "thank-you" only posts, or requests-only posts not allowed. Posts will be removed and user will be banned, dependi...
by EP_X0FF
Tue Jul 17, 2018 3:39 pm
Forum: Completed Malware Requests
Topic: need help finding these
Replies: 3
Views: 5152

Re: need help finding these

Dead thread. Closed.
If you still need these samples/have additional info - feel free to contact mods - we will gracefully reopen this thread and move it back.