thank you EP_XOFF
to EP_XOFF: nothing,thank you, you say " I can give you only direction" this is the best, but still thanks you, I try again, if not understand...
thank you EP_X0FF : You say "You can try to implement somehow hook on swapcontext", I has try hook swapcontext it is success ,i get some system...
to EP_XOFF thank you very much ,I think if use PsLoadedModulesList (flink/blink redirection) and DriverObjects hide as your RKdemo12 I can't...
to EP_XOFF I know DS ,IS and RKU, i very much like DS and your RKU ,I is think know how in r0 detection hide driver,use PsLoadedModuleList and ?...
Who can answer my problem? thank
thank gilg ,fluderast to n0name: you say is right , about you say "second - the driver can create system thread, and continue execution in this...
n0name thank you ,i think is not detection hidden processes,i think is how detection hidden drivers .sys file,thank you.
help,about find and detection hide driver ,if has a driver file it is in ZwQuerySystemInformation and PsLoadedModuleList is hide ,i use...
Имена участников (разделяйте запятой).
