Home

Awesome

AntiKernelDebug-poc

What's this?

A POC about how to detect windows kernel debug by pool tag.

How does this poc actually work?

Query system pool tag information matches TagUlong == 'oIdK'.

Tested in Win10 1809

image

Compile