Windows Kernel
Windows Ring0 call Ring3 & NepCTF2024 Qriver4.0 WP
· ☕ 7 min read
A Github repository named DoubleCallBack caught my attention. Lots of programs espically game cheats use this library so as to execute Ring3 functions from kernel. I have learned this code, to be frank with you, it is so difficult to understand that I’m surprised it works at all. Therefore, in this blog post, I will talk about DoubleCallBack and how to execute Ring3 functions from kernel gracefully. Background Generally, if

Windows Hide Process
· ☕ 2 min read
Sometimes, we may need hide our process from various programs in order to achieve specific objectives. For instance, we may want to hide our virus from antivirus software, or conceal our cheat from anti-cheat programs. There are lots of different approaches introduced by blogs in internet. In this article, I will introduce a few methods that I believe are both effective and relatively straightforward. Unlink EPROCESS First and foremost, I

Windows KVAS
· ☕ 5 min read
因为一些任务需要,接触了Windows KVAS机制,并做了一些逆向分析,可以说是挺复杂的,这里非常感谢 @gmh5225 @kanren3 的帮助 什么是KVAS 内核虚拟地址影

· ☕ 3 min read
属于是没想到,我会因为一个API写一篇博客。没办法,它的坑实在是太大了,让我惊叹于微软文档工程师的“牛逼”。 起因是,我想跨进程的对一个程序的

· ☕ 6 min read

· ☕ 4 min read