当前位置:网站首页>To bypass obregistercallbacks, you need to drive the signature method
To bypass obregistercallbacks, you need to drive the signature method
2022-07-02 12:46:00 【As the deer 】
windbg Change code directly
Before the change
nt!ObRegisterCallbacks+0x11d:
fffff800`052a1d3d e83e82faff call nt!MmVerifyCallbackFunction (fffff800`05249f80)
fffff800`052a1d42 3bc3 cmp eax,ebx
fffff800`052a1d44 747b je nt!ObRegisterCallbacks+0x1a1 (fffff800`052a1dc1) Branch
After modification
nt!ObRegisterCallbacks+0x11d:
fffff800`052a1d3d b801000000 mov eax,1
perhaps
eb nt!ObRegisterCallbacks+0x11d b8 01 00 00 00
Won't STATUS_ACCESS_DENIED
The callback routines do not reside in a signed kernel binary image.
边栏推荐
- JDBC 预防sql注入问题与解决方法[PreparedStatement]
- JSON serialization and parsing
- 获取文件版权信息
- Win10 system OmniPeek wireless packet capturing network card driver failed to install due to digital signature problem solution
- About wechat enterprise payment to change x509certificate2 read certificate information, publish to the server can not access the solution
- [ybtoj advanced training guide] similar string [string] [simulation]
- 架构师必须了解的 5 种最佳软件架构模式
- Deep Copy Event bus
- Redis sentinel mechanism and configuration
- 腾讯三面:进程写文件过程中,进程崩溃了,文件数据会丢吗?
猜你喜欢
spfa AcWing 852. SPFA judgement negative ring
深拷贝 事件总线
The coloring method determines the bipartite graph acwing 860 Chromatic judgement bipartite graph
Floyd AcWing 854. Floyd求最短路
Linear DP acwing 898 Number triangle
移动式布局(流式布局)
Package management tools
Why do programmers have the idea that code can run without moving? Is it poisonous? Or what?
C#运算符
Js7day (event object, event flow, event capture and bubble, prevent event flow, event delegation, student information table cases)
随机推荐
[ybtoj advanced training guide] similar string [string] [simulation]
C#运算符
染色法判定二分图 AcWing 860. 染色法判定二分图
spfa AcWing 851. SPFA finding the shortest path
About the loading of layer web spring layer components, the position of the layer is centered
Docker compose configuration mysql, redis, mongodb
JS iterator generator asynchronous code processing promise+ generator - > await/async
Async/await asynchronous function
bellman-ford AcWing 853. 有边数限制的最短路
基于STM32的OLED 屏幕驱动
Js5day (event monitoring, function assignment to variables, callback function, environment object this, select all, invert selection cases, tab column cases)
深拷貝 事件總線
C#修饰符
Mongodb redis differences
Js3day (array operation, JS bubble sort, function, debug window, scope and scope chain, anonymous function, object, Math object)
Heap acwing 839 Simulated reactor
Dijkstra AcWing 850. Dijkstra求最短路 II
Lekao: 22 year first-class fire engineer "technical practice" knowledge points
Redis bloom filter
Redis sentinel mechanism and configuration