Skip to content

KANKOSHEV/Detect-HiddenThread-via-KPRCB

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
kernel
kernel
 
 
README.md
README.md
 
 
kernel.sln
kernel.sln
 
 

Repository files navigation

Detect-HiddenThread-via-KPRCB

Detect removed thread from PspCidTable.

Going through the system threads through the KPRCB structures, we can easily determine which of these threads is missing in the cid table, checking whether the thread is in the cid table or not is carried out using the "PsLookupThreadByThreadId" function.

This system does not check the main sheet with threads, you can also iterate through the main table and compare it with the KPRCB table.

About

Detect removed thread from PspCidTable.

Resources

Readme
Activity

Stars

68 stars

Watchers

5 watching

Forks

20 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages