win10 20H2 bluescreen

Question

win10 20H2 bluescreen

zjkanjie opened this issue 2 years ago · comments

king commented 2 years ago

Process hide bluescreen

win10 20H2 19042.1466
Whether the program triggered PatchGuard?

bluescreen within about 30 minutes after loading

Can you help me? Thank you

cloudmisst · Answer 1 · Wed Jan 18 2023 17:13:17 GMT+0800 (China Standard Time)

怎么使用的？

xshiraori · Answer 2 · Sun Jun 11 2023 11:06:37 GMT+0800 (China Standard Time)

yeah the rootkit unlinks the process from the ActiveProcessLinks, patchguard detects all those DKOM process hiding stuff so the repo is kinda outdated and for learning purposes I guess

XaFF · Answer 3 · Sun Jun 11 2023 21:36:06 GMT+0800 (China Standard Time)

@xshiraori @zjkanjie Repo is discontinued and new features will be added to BlackAngel. Unfortunately, PatchGuard runs checks every 30 minutes and detects link changes. This problem probably also appears in BlackAngel. Once I have time, I'll try to solve this issue.