'Process Carving'에 해당되는 글 1건
- 2013.10.31 Prefetch / Process Carving : 종료된 프로세스 탐지
hswang
카테고리
|
태그목록
- IsUserAnAdmin
- SystemStartOptions
- RtlCaptureContext
- CheckTokenMembership
- 정보보안기사
- _KTRAP_FRAME
- SpinLock
- CI.dll
- SepInitializeCodeIntegrity
- g_CiEnabled
- StartService 1053
- TokenElevationType
- InterlockedCompareExchange
- PsGetContextThread
- PspCidTable
- _HANDLE_TABLE_ENTRY
- PspCreateProcessNotifyRoutine
- registers are not yet known
- HandleTableListHead
- g_CiOptions
- DISABLE_INTEGRITY_CHECKS
- NO_MORE_SYSTEM_PTES
- DRIVER_IRQL_NOT_LESS_OR_EQUAL
- IsUserAdmin
- TESTSIGNING
- Wow64EnableWow64FsRedirection
- ObTypeIndexTable
- KdVersionBlock
- GetTokenInformation
- PsActiveProcessHead