|
|
0350ec46d9
|
Scan unloaded module/driver
By reversing MmLocateUnloadedDriver, we can know the algorithm
to extract name/start/end of unloaded drivers
|
2020-06-22 22:30:35 +07:00 |
|
|
|
5619048a4a
|
Update lpus feature
Traverse scan
- PsActiveProcessHead
- PsLoadedModuleList
- KiProcessListHead
- HandleTableList
pdb_store has dt(struct) to display struct
|
2020-06-22 17:45:06 +07:00 |
|
|
|
8cf91aef79
|
Update scan for kernel modules and driver
Scan kernel modules
Driver scan major functions' address
|
2020-06-22 14:52:15 +07:00 |
|
|
|
1707b301ff
|
Generalize the API for common scan and return json
|
2020-06-17 01:47:20 +07:00 |
|
|
|
060f222c0a
|
Introducing Address type
Use address type to represent address
Decompose address with ease using DriverState.decompose
|
2020-06-11 01:27:26 +07:00 |
|
|
|
7be3b2fc05
|
General updates
Driver is renamed to lpus.sys
Pdb will be downloaded ino %APPDATA%/nganhkhoa/lpus
And some little fixes
|
2020-05-20 15:02:09 +07:00 |
|
|
|
dae10a5312
|
multiple binary and code refactor
|
2020-05-19 03:52:18 +07:00 |
|
