Skip to content
/ DKOM Public

Windows 10 - Direct Kernel Object Manipulation

2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

slava-aes/DKOM

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
call_driver_usermode
call_driver_usermode
 
 
driver
driver
 
 
README.md
README.md
 
 

Repository files navigation

Windows 10 - Direct Kernel Object Manipulation

PatchGuard takes some minutes to cause a bugcheck

The ActiveProcessLinks offset is hardcoded for this windows build.

This is not required, however.

Although this offset might change in the next version, it's always after UniqueProcessId

One can check this by using WinDbg to dump _EPROCESS.

For a historic view of how these offsets have been changing across diferent windows versions see here

Demo:

Demo

About

Windows 10 - Direct Kernel Object Manipulation

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages