A forum for reverse engineering, OS internals and malware analysis 

Search found 1 match

 Go to advanced search

Sample of kernel-mode malware, which modifies allocated memory in kernel

 by igorkorkin ¦  Thu Mar 22, 2018 7:52 am ¦  Forum: Malware ¦  Topic: Sample of kernel-mode malware, which modifies allocated memory in kernel ¦  Replies: 1 ¦  Views: 2615

Hi all, I'm looking for a kernel-mode driver, which accesses (modifies or reads) the content of allocated memory. This memory was allocated before by a legal driver. I'm considering the case: a legitimate driver allocates memory by ExAllocatePoolWithTag routine and malware driver accesses these data...