新版本无法获取到内核地址,是否现在有了新的替代 #3
Comments
|
Sorry there's no alternative at the moment to get the object address. This feature is a new change in 24H2 where kernel addresses are not returned unless the caller is running with SeDebugPrivilege. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
新版本获取句柄对象的时候会先通过
ExIsRestrictedCaller判断是否存在SeDebugPrivilege权限,在ObpCaptureHandleInformation函数的时候只有满足权限才会赋值给handle_table的Object,在线版本中是否已经有了新的替代方案?The text was updated successfully, but these errors were encountered: