Skip to content
forked from MiroKaku/ConMon

Windows Console Monitor

License

LGPL-3.0, Unknown licenses found

Licenses found

LGPL-3.0
LICENSE
Unknown
LICENSE.Anti996
Notifications You must be signed in to change notification settings

juanmolle/ConMon

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ConMon (Undone)

LICENSE LICENSE

This is a demonstration version of how to monitoring Windows console (starting from Windows 8). The concept was based on the 2-part articles of fireeye blog but source code wasn't revealed, so i decide to write a POC for my own. Let me know if you want some more features.

The 2-part articles of fireeye blog can be viewed here:

https://www.fireeye.com/blog/threat-research/2017/08/monitoring-windows-console-activity-part-one.html https://www.fireeye.com/blog/threat-research/2017/08/monitoring-windows-console-activity-part-two.html

Requirement

  • VS2019
  • WDK10.0.18362

TODO

  • Process and Message Association
  • Handling IOCTL_CONDRV_READ_IO Function

Bug

  • \Device\ConMon Can't be deleted.

Reference

https://github.com/EyeOfRa/WinConMon

Screenshot

Screenshot

About

Windows Console Monitor

Resources

License

LGPL-3.0, Unknown licenses found

Licenses found

LGPL-3.0
LICENSE
Unknown
LICENSE.Anti996

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 74.9%
  • C++ 25.1%