mirror
Changelog:
- add support of windows10 build 10074
- add -gahti option to dump win32k!gahti
- add -sockets option to dump from tcpip.sys sockets and established connections. xp/w2k3 only
- add -sockets6 option to dump from tcpip6.sys sockets and established connections. xp/w2k3 only
- add checking win32k!gDxgkWin32kEngInterface
- add Period in timers dump
- lots of bugs were fixed
sorry, now full:
ОтветитьУдалитьx32;
...............
PID 9804 Parent PID 2912 kind {Firefox browser} C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PID 8616 Parent PID 9804 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PID 10444 Parent PID 8616 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
PID 8120 Parent PID 10444 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
PID 10052 Parent PID 9168 C:\Windows\SysWOW64\cmd.exe
PID 11072 Parent PID 488 kind {Console Window Host} C:\Windows\System32\conhost.exe
PID 10744 Parent PID 6748 E:\231312\32\wincheck.exe
load_driver(RPHook) returned C000036B
Error loading kernel driver: RPHook - 0x000004fb
x64:
.........
PID 8616 Parent PID 9804 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PID 10444 Parent PID 8616 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
PID 8120 Parent PID 10444 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
PID 10052 Parent PID 9168 kind {Cmd.exe 32 bit} C:\Windows\SysWOW64\cmd.exe
PID 11072 Parent PID 488 kind {Console Window Host} C:\Windows\System32\conhost.exe
PID 8240 Parent PID 10052 E:\231312\64\wincheck.exe
load_driver(RPHook) returned C0000428
Error loading kernel driver: RPHook - 0x00000241
what's the reason?
wincheck using unsigned driver
ОтветитьУдалитьC0000428 - STATUS_INVALID_IMAGE_HASH
try boot with "Disable Driver Signature Enforcement"