nganhkhoa/lpus
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
33 Commits 3 Branches 3 Tags 1.3 MiB
8cf91aef79
Commit Graph

10 Commits

Author SHA1 Message Date
nganhkhoa
8cf91aef79 Update scan for kernel modules and driver 
Scan kernel modules
Driver scan major functions' address
 2020-06-22 14:52:15 +07:00
nganhkhoa
1707b301ff Generalize the API for common scan and return json 2020-06-17 01:47:20 +07:00
nganhkhoa
060f222c0a Introducing Address type 
Use address type to represent address
Decompose address with ease using DriverState.decompose
 2020-06-11 01:27:26 +07:00
nganhkhoa
72a947ccd7 Update scan algorithm 
- Scan _ETHREAD with PoolTag='Thre'
- Parse pid/ppid from _EPROCESS
- Build process tree from output log
- Static link for machine missing Windows C++ dev environment
 2020-06-09 04:13:15 +07:00
nganhkhoa
c8ce82e8a7 Update lpus 
File scan printing update
Update values sent to driver in ioctl for Windows 10 2019/2018
 2020-06-02 16:27:29 +07:00
nganhkhoa
4bf2bb71ff check read access when dump file name in _FILE_OBJECT 2020-05-29 01:39:32 +07:00
nganhkhoa
ecc476c604 Update scan frontend 
Reject invalid block size
Unicode string handle for empty ptr, empty size
Add _FILE_OBJECT scan
Add FileImage dump of _EPROCESS scan
 2020-05-22 14:44:47 +07:00
nganhkhoa
7be3b2fc05 General updates 
Driver is renamed to lpus.sys
Pdb will be downloaded ino %APPDATA%/nganhkhoa/lpus
And some little fixes
 2020-05-20 15:02:09 +07:00
nganhkhoa
ff53a1a31c Fix runtime BOSD 
Chunk size and tag is check before handle.
Check if heuristics search is not correct, and the try_ptr goes of the bound,
making dereference an invalid address.
 2020-05-20 00:42:24 +07:00
nganhkhoa
dae10a5312 multiple binary and code refactor 2020-05-19 03:52:18 +07:00