3214e79d63
code renew build ok
2020-05-18 04:04:40 +07:00
cbc3cb7e15
update new design in code call, no test build
2020-05-04 11:40:31 +00:00
862a5c0788
hide process call
2020-02-27 23:37:04 +07:00
d0c0161b06
find eprocess offset base on CreateTime
2020-02-27 08:25:39 +07:00
d08852af55
finish device io call to scan
2020-02-27 03:27:54 +07:00
0ca87a871c
fix driver file name path
2020-02-25 01:33:16 +07:00
2ee77d16c7
Fix load driver issue
...
The Buffer pointer of UNICODE_STRING seems to be cleaned up after
routine, so we cannot store the string, but have to init the string when
needed.
2020-02-25 01:20:54 +07:00
8928e4e4cb
add device io call
2020-02-24 22:53:30 +07:00
c036f3645a
Merge pull request #1 from nganhkhoa/loaddriver
...
Load Driver and PdbStore
2020-02-24 00:36:04 +07:00
ebeea02962
remove warnings
2020-02-24 00:32:53 +07:00
f872b8e14a
moved functions to modules
2020-02-24 00:10:00 +07:00
71b59861c5
add driver to registry
2020-02-23 03:06:01 +07:00
30da3fe60a
load driver code
2020-02-23 02:04:09 +07:00
fc61c5e605
update sample ouput
2020-02-18 17:44:14 +07:00
0bb4ecd0e3
update 18/2/2020
2020-02-18 17:39:31 +07:00
c53fb94ddf
add rekall source reference in readme
2020-02-15 18:35:09 +07:00
4a9c49a61e
add readme
2020-02-15 18:34:04 +07:00
1bf07214ef
first init
...
Working pdb download and parser
- Read ntoskrnl.exe for GUID
- Download correspoding pdb file
- Parse for globals symbols
- Parse for offset in structs
(Only symbols and structs helps with finding
NonPagedPool{Start,End/First,Last}[Va] are parsed)
2020-02-15 17:39:45 +07:00