4bf2bb71ff
check read access when dump file name in _FILE_OBJECT
2020-05-29 01:39:32 +07:00
ecc476c604
Update scan frontend
...
Reject invalid block size
Unicode string handle for empty ptr, empty size
Add _FILE_OBJECT scan
Add FileImage dump of _EPROCESS scan
2020-05-22 14:44:47 +07:00
7be3b2fc05
General updates
...
Driver is renamed to lpus.sys
Pdb will be downloaded ino %APPDATA%/nganhkhoa/lpus
And some little fixes
2020-05-20 15:02:09 +07:00
5842ed216c
Add Windows 10 2019 support
2020-05-20 13:51:38 +07:00
ff53a1a31c
Fix runtime BOSD
...
Chunk size and tag is check before handle.
Check if heuristics search is not correct, and the try_ptr goes of the bound,
making dereference an invalid address.
2020-05-20 00:42:24 +07:00
dae10a5312
multiple binary and code refactor
2020-05-19 03:52:18 +07:00
3214e79d63
code renew build ok
2020-05-18 04:04:40 +07:00
cbc3cb7e15
update new design in code call, no test build
2020-05-04 11:40:31 +00:00
862a5c0788
hide process call
2020-02-27 23:37:04 +07:00
d0c0161b06
find eprocess offset base on CreateTime
2020-02-27 08:25:39 +07:00
d08852af55
finish device io call to scan
2020-02-27 03:27:54 +07:00
