'Process Carving'에 해당되는 글 1건
- 2013.10.31 Prefetch / Process Carving : 종료된 프로세스 탐지
hswang
카테고리
|
태그목록
- TokenElevationType
- g_CiOptions
- HandleTableListHead
- CI.dll
- CheckTokenMembership
- _KTRAP_FRAME
- StartService 1053
- _HANDLE_TABLE_ENTRY
- IsUserAdmin
- ObTypeIndexTable
- SepInitializeCodeIntegrity
- NO_MORE_SYSTEM_PTES
- PspCidTable
- 정보보안기사
- PspCreateProcessNotifyRoutine
- TESTSIGNING
- registers are not yet known
- SpinLock
- Wow64EnableWow64FsRedirection
- g_CiEnabled
- PsActiveProcessHead
- SystemStartOptions
- IsUserAnAdmin
- RtlCaptureContext
- DISABLE_INTEGRITY_CHECKS
- DRIVER_IRQL_NOT_LESS_OR_EQUAL
- PsGetContextThread
- KdVersionBlock
- GetTokenInformation
- InterlockedCompareExchange