https://github.com/gmh5225/antikerneldebug-poc

POC about how to detect windows kernel debug by pool tag.
https://github.com/gmh5225/antikerneldebug-poc

antidebug driver kernel llvm-msvc pooltag windows

Last synced: about 1 month ago
JSON representation

POC about how to detect windows kernel debug by pool tag.

Host: GitHub
URL: https://github.com/gmh5225/antikerneldebug-poc
Owner: gmh5225
License: mit
Created: 2022-02-11T13:36:27.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2023-06-16T02:32:14.000Z (almost 2 years ago)
Last Synced: 2025-04-06T05:25:03.799Z (about 2 months ago)
Topics: antidebug, driver, kernel, llvm-msvc, pooltag, windows
Language: C
Homepage:
Size: 47.9 KB
Stars: 12
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # AntiKernelDebug-poc

## What's this?

A POC about how to detect windows kernel debug by pool tag.

## How does this poc actually work?

Query system pool tag information matches TagUlong == 'oIdK'.

Tested in Win10 1809

![image](https://github.com/gmh5225/AntiKernelDebug-poc/blob/main/images/1.png)

## Compile

- Visual Studio 2019

- llvm-msvc [[link]](https://github.com/NewWorldComingSoon/llvm-msvc-build/releases)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/gmh5225/antikerneldebug-poc

Awesome Lists containing this project

README