Finds the PEPROCESS for a process name by traversing ActiveProcessLinks & comparing ImageFileName values.
- For other versions you will need to remake the
_MY_EPROCESSstruct. This can be done easily usingWinDbg.
-
Notifications
You must be signed in to change notification settings - Fork 1
Stealthy, kernel way to find a process by its name.
im-razvan/Kernel_FindProcessByName
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
Stealthy, kernel way to find a process by its name.
Topics
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published