A forum for reverse engineering, OS internals and malware analysis 

Search found 10 matches

 Go to advanced search

The software's data file has been updated on 2019-06-01. It supports Windows 10 19H1.

The software was updated on 2019-03-29. Everyone can download the latest version in the "binary" directory.

Re: Stealth Hook

 by AxtMueller ¦  Tue Mar 26, 2019 12:41 am ¦  Forum: Kernel-Mode Development ¦  Topic: Stealth Hook ¦  Replies: 3 ¦  Views: 1184

Try to use VEH hook? You can do it in user mode.

Re: [C] HTTP-Downloader

 by AxtMueller ¦  Tue Mar 26, 2019 12:36 am ¦  Forum: Newbie Questions ¦  Topic: [C] HTTP-Downloader ¦  Replies: 5 ¦  Views: 2080

Using URLDownloadToFile is the best solution, it supports not only HTTP but also HTTPS.

The software was updated on 2019-03-26. Everyone can download the latest version in the "binary" directory.

The software was updated on 2019-03-25. Everyone can download the latest version in the "binary" directory.

I released a new version of it today. Download latest version in "binaries" directory.

Re: Read Unknown Kernel Address In A Safe Way

 by AxtMueller ¦  Thu Jan 17, 2019 7:36 pm ¦  Forum: Kernel-Mode Development ¦  Topic: Read Unknown Kernel Address In A Safe Way ¦  Replies: 2 ¦  Views: 1625

These methods as well as many others have been shared on this forum for some time now but for those less informed your examples may be informative, so thanks for this. As of 8.1 MmCopyMemory() is imho the best choice because it was designed to do exactly this and performs the underlying PTE validat...

Read Unknown Kernel Address In A Safe Way

 by AxtMueller ¦  Mon Dec 31, 2018 3:44 pm ¦  Forum: Kernel-Mode Development ¦  Topic: Read Unknown Kernel Address In A Safe Way ¦  Replies: 2 ¦  Views: 1625

Author: Axt Müller If you are engaged in Windows driver development for many years, I guess you have a nightmare: how to read an unknown address in an absolutely safe way. We all know that, it is useless to test the validity of the address by MmIsAddressValid, even if this function return TRUE, the...

Project URL on GitHub: https://github.com/AxtMueller/Windows-Kernel-Explorer Introduction Windows Kernel Explorer (you can simply call it as "WKE") is a free but powerful Windows kernel research tool. It supports from Windows XP to Windows 10, 32-bit and 64-bit. Compare to popular tools (such as WI...