tl;dr: Just finished an article about detecting a kernel-mode debugger in Windows from userland by using a single instruction.
Portable across all latest Windows versions, both x86/x64 builds.
Read more here.
This entry was posted on Thursday, May 19th, 2016 at 12:51 am and is filed under Research.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.
Comments are closed.
Copyright © 2010-2017. All rights reserved.
The A.R.F Project © - All Rights R3v3rs3d