Skip to content
/ System_Monitor Public

windows kernel programming requires a lot of searching. requires programming skills and reversing skills.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kgyeongseong/System_Monitor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits

README.md

README.md

 
 

block_process_execution.cpp

block_process_execution.cpp

 
 

block_process_execution.png

block_process_execution.png

 
 

create_remote_thread_detection.cpp

create_remote_thread_detection.cpp

 
 

create_remote_thread_detection_1.png

create_remote_thread_detection_1.png

 
 

create_remote_thread_detection_2.png

create_remote_thread_detection_2.png

 
 

system_monitor_client.cpp

system_monitor_client.cpp

 
 

Repository files navigation

block_process_execution

PPS_CREATE_NOTIFY_INFO 구조체 이용 프로세스 실행 차단
CreateInfo->CreationStatus = STATUS_ACCESS_DENIED;

create_remote_thread_detection

EPROCESS 구조체의 ActiveThreads 필드 이용 CreateRemoteThread 탐지

About

windows kernel programming requires a lot of searching. requires programming skills and reversing skills.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages