Search found 212 matches

by Brock
Sat Feb 23, 2019 1:44 pm
Forum: Newbie Questions
Topic: My AV says my router is infected
Replies: 4
Views: 549

Re: My AV says my router is infected

Perhaps this is VPNFilter malware?

You can quickly and easily check for its presence online below

http://www.symantec.com/filtercheck/
by Brock
Mon Feb 04, 2019 3:55 am
Forum: User-Mode Development
Topic: [DELPHI] How to execute a batch file via ShellExecute from an app launched by a service?
Replies: 2
Views: 914

Re: [DELPHI] How to execute a batch file via ShellExecute from an app launched by a service?

What does the code look like which spawns the VCL app from the service? The VCL app might have issues with the user environment. Post your code for executing the VCL app from the service, I assume in the service you're using CreateProcessAsUser() or similar? * Basically, ShellExecute() isn't an API ...
by Brock
Thu Jan 31, 2019 7:38 pm
Forum: General Discussion
Topic: Windows 10 booting issue
Replies: 1
Views: 558

Re: Windows 10 booting issue

Try almighty Google first, it's as simple as querying the system error code you mentioned here

https://neosmart.net/wiki/0xc0000428/
by Brock
Tue Jan 15, 2019 1:42 pm
Forum: Newbie Questions
Topic: [C] HTTP-Downloader
Replies: 4
Views: 1560

Re: [C] HTTP-Downloader

by Brock
Sun Jan 13, 2019 12:14 am
Forum: Newbie Questions
Topic: [C] HTTP-Downloader
Replies: 4
Views: 1560

Re: [C] HTTP-Downloader

Took a quick peek at the code, don't forget to close thread and process handles upon successful call returns. Only mentioning this because you mentioned the word "clean" twice and these are resource leaks. Download.cpp download_thread() ---> CloseHandle(pInfo->hThread); CloseHandle(pInfo->hProcess);...
by Brock
Wed Jan 02, 2019 12:45 am
Forum: Kernel-Mode Development
Topic: Read Unknown Kernel Address In A Safe Way
Replies: 2
Views: 1342

Re: Read Unknown Kernel Address In A Safe Way

These methods as well as many others have been shared on this forum for some time now but for those less informed your examples may be informative, so thanks for this. As of 8.1 MmCopyMemory() is imho the best choice because it was designed to do exactly this and performs the underlying PTE validati...
by Brock
Sat Dec 29, 2018 9:53 pm
Forum: Tools/Software
Topic: Making ReactOS Great Again*, Part 1
Replies: 9
Views: 10785

Re: Making ReactOS Great Again*, Part 1

Nice write-up, EP_X0FF.

#16 (NtUserCreateAcceleratorTable) was my favorite faux pas
2pzz26.jpg
by Brock
Sun Aug 12, 2018 4:30 pm
Forum: Kernel-Mode Development
Topic: Hooking the offical way?
Replies: 8
Views: 7395

Re: Hooking the offical way?

Originally you posted this regardless of the Kernel Mode Development section of the forum I've got a question on how to be able to hook various WinAPI functions like VirtualQuery and be able to see the parameters being passed to a certain process Your question, I assumed after your mentioning of a u...
by Brock
Thu Aug 09, 2018 11:25 pm
Forum: Kernel-Mode Development
Topic: Hooking the offical way?
Replies: 8
Views: 7395

Re: Hooking the offical way?

Should have mentioned previously that v4.0.1 is now open source and supports both x86 and x64 and will work with all NT-based operating systems. Years ago this wasn't the case, the source for licensing v4.0 was (iirc) $10,000 USD

https://github.com/Microsoft/Detours