This is stars and forks stats for /KiFilterFiberContext/warbird-hook repository. As of 29 Apr, 2024 this repository has 198 stars and 27 forks.
Warbird Hook On Windows 10 21H2, ntoskrnl.exe contains a table of pointers named g_kernelCallbacks used for licensing checks (called from nt!SPCall2ServerInternal). The callback table contains pointers to functions in an image named ClipSp.sys, which is a signed driver protected by Microsoft Warbird . The interesting thing about it is that PatchGuard does not verify the integrity of several image sections, including PAGEwx, which the driver contains in order to decrypt and re-encrypt its own code...
Warbird Hook On Windows 10 21H2, ntoskrnl.exe contains a table of pointers named g_kernelCallbacks used for licensing checks (called from nt!SPCall2ServerInternal). The callback table contains pointers to functions in an image named ClipSp.sys, which is a signed driver protected by Microsoft Warbird . The interesting thing about it is that PatchGuard does not verify the integrity of several image sections, including PAGEwx, which the driver contains in order to decrypt and re-encrypt its own code...
repo | techs | stars | weekly | forks | weekly |
---|---|---|---|---|---|
Limingrui0/Luogu_answers | C++Other | 134 | 0 | 29 | 0 |
bit-mips/bitmips_experiments | CoqAssemblyVerilog | 30 | 0 | 9 | 0 |
D-Programming-Deimos/Nanopb | DC++C | 2 | 0 | 3 | 0 |
brash99/Cpsc256 | MakefileC++C | 6 | 0 | 44 | 0 |
0vercl0k/paracosme | PythonC++C | 82 | 0 | 21 | 0 |
THU-DSP-LAB/ventus-gpgpu | ScalaTclVerilog | 311 | 0 | 41 | 0 |
thesourcerer8/hddsuperclone | CHTMLC++ | 348 | 0 | 31 | 0 |
eladshamir/RPC-Backdoor | CC++C# | 189 | 0 | 43 | 0 |
vmware/open-vm-tools | CC++Makefile | 2.1k | 0 | 414 | 0 |
daem0nc0re/TangledWinExec | C#C++C | 769 | 0 | 128 | 0 |