Search found 211 matches

by Brock
Mon Sep 11, 2017 3:27 pm
Forum: Newbie Questions
Topic: trouble: 2 threads accessing simultaneous the same item of a
Replies: 4
Views: 12304

Re: trouble: 2 threads accessing simultaneous the same item

Vrtule is right however if you want to use WinAPI directly it's only a few lines of code and you don't need classes or OO for it. var CritSec: RTL_CRITICAL_SECTION; procedure EnterLock; begin EnterCriticalSection(CritSec); end; procedure LeaveLock; begin LeaveCriticalSection(CritSec); end; procedure...
by Brock
Fri Sep 08, 2017 10:58 am
Forum: Kernel-Mode Development
Topic: WIN64 Driver Development Basic Tutorial
Replies: 19
Views: 42894

Re: WIN64 Driver Development Basic Tutorial

EP_X0FF has already answered your question, kernelmode.info is not affiliated with other forums or websites so we (members here) have no knowledge of another forum's rules and regulations, registration procedures etc. That would be like asking Microsoft for your forgotten Yahoo email password, they ...
by Brock
Sat Aug 05, 2017 8:03 pm
Forum: Tools/Software
Topic: IRPMon: An improved version of IrpTracker
Replies: 2
Views: 15550

Re: IRPMon: An improved version of IrpTracker

What a great tool, VrTule. Thank you for releasing it! I like it a lot
by Brock
Tue Jul 18, 2017 9:22 am
Forum: Kernel-Mode Development
Topic: Very Simple Question: How to read any kernel address safely?
Replies: 7
Views: 14611

Re: Very Simple Question: How to read any kernel address saf

SEH wrapped MDL access can accomplish this
by Brock
Thu Jun 22, 2017 8:36 pm
Forum: Kernel-Mode Development
Topic: remove protection csrss system hang?
Replies: 2
Views: 16412

Re: remove protection csrss system hang?

@nullpointer,

From a security standpoint this is not a sound practice. Why not just make your own process a protected process instead, assuming you use one? If you do this you can access other protected processes without having to remove their protected process status.
by Brock
Sat May 27, 2017 11:24 pm
Forum: Kernel-Mode Development
Topic: What is the correct way to load a kernel mode WFP driver
Replies: 5
Views: 13393

Re: What is the correct way to load a kernel mode WFP driver

I don't see why not. Perhaps create a new thread with any question(s) pertaining to cloud computing, maybe a few members can offer you information about the subject
by Brock
Fri May 26, 2017 10:23 pm
Forum: Kernel-Mode Development
Topic: What is the correct way to load a kernel mode WFP driver
Replies: 5
Views: 13393

Re: What is the correct way to load a kernel mode WFP driver

Article looks accurate after quickly glancing over it. Something not mentioned in that however is this, if you want to avoid user intervention when installing the .INF then you can just spawn an instance of the InfDefaultInstall.exe process and pass your .INF filename as a parameter. This accomplish...
by Brock
Thu May 18, 2017 4:13 pm
Forum: Kernel-Mode Development
Topic: What is the correct way to load a kernel mode WFP driver
Replies: 5
Views: 13393

Re: What is the correct way to load a kernel mode WFP driver

How would this be done properly ? "Properly" is to use a .INF file containing your driver installation and start information such as start type, loader order group etc. However, it's not required as you can use SCM directly and any registry values that may not be created you can then create by hand...
by Brock
Tue May 09, 2017 7:22 pm
Forum: Reverse Engineering and Debugging
Topic: "Not a valid win32 application"
Replies: 3
Views: 12616

Re: "Not a valid win32 application"

You might start by statically analyzing the program in question with a tool like CFF Explorer and looking for any invalid values contained within the image's PE structures, assuming an unpacked sample. These fields are usually highlighted in Red by the program to give you a visual indication of "inv...