Interested in developing hypervisors for research? Check out my training course!
tandasat / memorymon Goto Github PK
View Code? Open in Web Editor NEWDetecting execution of kernel memory where is not backed by any image file
License: MIT License
Detecting execution of kernel memory where is not backed by any image file
License: MIT License
Interested in developing hypervisors for research? Check out my training course!
Add VPID support to retain cache and gain performance benefit. Only downside of it would be that older processors might not support it and HyperPlatform could drop their support, but seems that the VPID feature is old enough to ignore this impact.
Also, Intel SDM describes that some cache invalidation should|can be done. Review the description and implement them. At this time, HyperPlatform would need those two invalidation.
Guidelines for Use of the INVVPID Instruction
Software can use the INVVPID instruction with the “all-context” INVVPID type immediately after execution of the VMXON instruction or immediately prior to execution of the VMXOFF instruction. Either prevents potentially undesired retention of information cached from paging structures between separate uses of VMX operation.
Guidelines for Use of the INVEPT Instruction
Software can use the INVEPT instruction with the “all-context” INVEPT type immediately after execution of the VMXON instruction or immediately prior to execution of the VMXOFF instruction. Either prevents potentially undesired retention of information cached from EPT paging structures between separate uses of VMX operation.
Do not forget test code with real hardware since VMware is unlikely to implement cache behaviour perfectly.
Windows preview 1903 18885.1001 - Intel i7 - VTx enabled.
Having BSOD error at launch. I can't sort out the source tree, the HyperPlatform compiles and run.
FAULTING_SOURCE_FILE: C:\Users\bruker1\Documents\GitHub\MemoryMon-master\HyperPlatform\HyperPlatform\vmm.cpp
FAULTING_SOURCE_LINE_NUMBER: 328
FAULTING_SOURCE_CODE:
324: _Use_decl_annotations_ static void VmmpHandleUnexpectedExit(
325: GuestContext *guest_context) {
326: VmmpDumpGuestState();
327: const auto qualification = UtilVmRead(VmcsField::kExitQualification);
> 328: HYPERPLATFORM_COMMON_BUG_CHECK(HyperPlatformBugCheck::kUnexpectedVmExit,
329: reinterpret_cast<ULONG_PTR>(guest_context),
330: guest_context->ip, qualification);
331: }
332:
333: // MTF VM-exit
Minidump 800kb - https://1drv.ms/u/s!Au4WOPg47f1-gmRtoOolGxVYrAKd
MemoryMon.log - https://1drv.ms/u/s!Au4WOPg47f1-gmW5NuL62nm0Nhvm
MemoryMon.pdb - https://1drv.ms/u/s!Au4WOPg47f1-gmbXp2U9sAMdnKlA
MemoryMon.sys - https://1drv.ms/u/s!Au4WOPg47f1-gmfvyl_OtEvjTuXQ
FULL-DUMP-ANALYSIS:
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 0000000000000001
Arg2: ffff9b8931ffff10
Arg3: fffff8025bf16164
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.Elapsed.Sec
Value: 6
Key : Analysis.Memory.CommitPeak.Mb
Value: 66
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 18885.1001.amd64fre.rs_prerelease.190419-1606
SYSTEM_MANUFACTURER: System manufacturer
SYSTEM_PRODUCT_NAME: System Product Name
SYSTEM_SKU: SKU
SYSTEM_VERSION: System Version
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 3805
BIOS_DATE: 05/16/2018
BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
BASEBOARD_PRODUCT: Z170-P
BASEBOARD_VERSION: Rev X.0x
DUMP_TYPE: 1
BUGCHECK_P1: 1
BUGCHECK_P2: ffff9b8931ffff10
BUGCHECK_P3: fffff8025bf16164
BUGCHECK_P4: 0
CPU_COUNT: 2
CPU_MHZ: fa8
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 5e
CPU_STEPPING: 3
CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: C6'00000000 (cache) C6'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xE2
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-LG854SK
ANALYSIS_SESSION_TIME: 05-02-2019 05:11:56.0216
ANALYSIS_VERSION: 10.0.18869.1002 amd64fre
BAD_STACK_POINTER: ffff9b8931fffe58
LAST_CONTROL_TRANSFER: from fffff802673d4025 to fffff8025b9c56c0
STACK_TEXT:
ffff9b89`31fffe58 fffff802`673d4025 : 00000000`000000e2 00000000`00000001 ffff9b89`31ffff10 fffff802`5bf16164 : nt!KeBugCheckEx
ffff9b89`31fffe60 fffff802`673d4610 : 00000000`fffffff7 00000000`00000000 00000000`00000002 ffff9b89`31ffff10 : MemoryMon!VmmpHandleUnexpectedExit+0x41 [C:\Users\bruker1\Documents\GitHub\MemoryMon-master\HyperPlatform\HyperPlatform\vmm.cpp @ 328]
ffff9b89`31fffea0 fffff802`673d2b9e : 00000000`00000000 00000000`fffffff7 ffff9b89`31ffff40 00000000`00000000 : MemoryMon!VmmpHandleVmExit+0x4d0 [C:\Users\bruker1\Documents\GitHub\MemoryMon-master\HyperPlatform\HyperPlatform\vmm.cpp @ 309]
ffff9b89`31fffef0 fffff802`673d1448 : 00000000`80050033 00000181`d0b3ea00 00000181`cee69660 00000181`d0b78a90 : MemoryMon!VmmVmExitHandler+0xae [C:\Users\bruker1\Documents\GitHub\MemoryMon-master\HyperPlatform\HyperPlatform\vmm.cpp @ 200]
ffff9b89`31ffff50 00000000`80050033 : 00000181`d0b3ea00 00000181`cee69660 00000181`d0b78a90 00007ffc`6a9c2d78 : MemoryMon!AsmVmmEntryPoint+0x25 [C:\Users\bruker1\Documents\GitHub\MemoryMon-master\HyperPlatform\HyperPlatform\Arch\x64\x64.asm @ 144]
ffff9b89`31ffff58 00000181`d0b3ea00 : 00000181`cee69660 00000181`d0b78a90 00007ffc`6a9c2d78 00000000`00000000 : 0x80050033
ffff9b89`31ffff60 00000181`cee69660 : 00000181`d0b78a90 00007ffc`6a9c2d78 00000000`00000000 346dc5d6`3886594b : 0x00000181`d0b3ea00
ffff9b89`31ffff68 00000181`d0b78a90 : 00007ffc`6a9c2d78 00000000`00000000 346dc5d6`3886594b 00000181`d0b11a40 : 0x00000181`cee69660
ffff9b89`31ffff70 00007ffc`6a9c2d78 : 00000000`00000000 346dc5d6`3886594b 00000181`d0b11a40 00000000`00000246 : 0x00000181`d0b78a90
ffff9b89`31ffff78 00000000`00000000 : 346dc5d6`3886594b 00000181`d0b11a40 00000000`00000246 00000000`000002b8 : 0x00007ffc`6a9c2d78
THREAD_SHA1_HASH_MOD_FUNC: 6f499a26c682f490d3cb3e65fb7f3a5f553d7faa
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c8702d70cc40123ea6955a2ae319dc6196f125d1
THREAD_SHA1_HASH_MOD: 6a1f99879137405b70e720581f4e7dc933530485
FOLLOWUP_IP:
MemoryMon!VmmpHandleUnexpectedExit+41 [C:\Users\bruker1\Documents\GitHub\MemoryMon-master\HyperPlatform\HyperPlatform\vmm.cpp @ 328]
fffff802`673d4025 cc int 3
FAULT_INSTR_CODE: 48cccccc
FAULTING_SOURCE_LINE: C:\Users\bruker1\Documents\GitHub\MemoryMon-master\HyperPlatform\HyperPlatform\vmm.cpp
FAULTING_SOURCE_FILE: C:\Users\bruker1\Documents\GitHub\MemoryMon-master\HyperPlatform\HyperPlatform\vmm.cpp
FAULTING_SOURCE_LINE_NUMBER: 328
FAULTING_SOURCE_CODE:
324: _Use_decl_annotations_ static void VmmpHandleUnexpectedExit(
325: GuestContext *guest_context) {
326: VmmpDumpGuestState();
327: const auto qualification = UtilVmRead(VmcsField::kExitQualification);
> 328: HYPERPLATFORM_COMMON_BUG_CHECK(HyperPlatformBugCheck::kUnexpectedVmExit,
329: reinterpret_cast<ULONG_PTR>(guest_context),
330: guest_context->ip, qualification);
331: }
332:
333: // MTF VM-exit
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: MemoryMon!VmmpHandleUnexpectedExit+41
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: MemoryMon
IMAGE_NAME: MemoryMon.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5cca5eb0
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 41
FAILURE_BUCKET_ID: 0xE2_STACKPTR_ERROR_MemoryMon!VmmpHandleUnexpectedExit
BUCKET_ID: 0xE2_STACKPTR_ERROR_MemoryMon!VmmpHandleUnexpectedExit
PRIMARY_PROBLEM_CLASS: 0xE2_STACKPTR_ERROR_MemoryMon!VmmpHandleUnexpectedExit
TARGET_TIME: 2019-05-02T03:08:58.000Z
OSBUILD: 18885
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1978-11-25 11:03:45
BUILDDATESTAMP_STR: 190419-1606
BUILDLAB_STR: rs_prerelease
BUILDOSVER_STR: 10.0.18885.1001.amd64fre.rs_prerelease.190419-1606
ANALYSIS_SESSION_ELAPSED_TIME: 19e6
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xe2_stackptr_error_memorymon!vmmphandleunexpectedexit
FAILURE_ID_HASH: {781a428c-6946-179e-f621-27e3af144d53}
Followup: MachineOwner
---------
1>------ Build started: Project: MemoryMon, Configuration: Debug x64 ------
1> Building 'MemoryMon' with toolset 'WindowsKernelModeDriver10.0' and the 'Desktop' target platform.
1> Stamping x64\Debug\MemoryMon.inf [Version] section with DriverVer=06/29/2017,14.34.28.16
1>D:\_src\MemoryMon\MemoryMon\MemoryMon.inf(13-13): error 1209: Section [destinationdirs] is defined multiple times.
1>D:\_src\MemoryMon\MemoryMon\MemoryMon.inf(28-28): error 1209: Section [sourcedisksfiles] is defined multiple times.
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
Porting changes made in HyperPlatofm would be easier if submodules are used instead of copying files. Do so if appropriate.
thanks for your excellent work, I learned a lot from it. And I try to use this project to monitor windows kernel memory access.
And I set corresponding ept entry's r/w to false. Every time windows kernel access memory, I set corresponding ept entry's r/w to ture ,and mtf flag. However, the windows always get stuck somewhere. Can you give some suggestion.
Hello! I want to run this tree of MemoryMon: https://github.com/tandasat/MemoryMon/tree/rwe_cdfs. But I have BSOD every time with PAGE_FAULT_IN_NONPAGED_AREA after running hypervisor. I also tried to fix it with tandasat/HyperPlatform#34 and tandasat/HyperPlatform#32
My dump:
Machine Name:
Kernel base = 0xfffff8053aac0000 PsLoadedModuleList = 0xfffff805`3af061b0
System Uptime: 0 days 0:00:00.000
KDTARGET: Refreshing KD connection
Break instruction exception - code 80000003 (first chance)
MemoryMon+0x12109b:
fffff8053a04109b cc int 3
*** WARNING: Unable to verify timestamp for ntdll.dll
0: kd> g
16:45:17.537 DBG #1 4 2060 System Log thread started (TID= 000000000000080C).
16:45:17.761 INF #0 4 272 System Log has been initialized.
16:45:17.761 DBG #1 4 272 System Info= FFFFF80539FF28A0, Buffer= FFFFE604EC010000 FFFFE604EC090000, File= \SystemRoot\MemoryMonRWE.log
16:45:17.761 DBG #1 4 272 System Found a hard coded PTE_BASE at FFFFF8053AD81592
16:45:17.761 DBG #1 4 272 System PXE at FFFFFAFD7EBF5000, PPE at FFFFFAFD7EA00000, PDE at FFFFFAFD40000000, PTE at FFFFFA8000000000
16:45:17.776 DBG #1 4 272 System Physical Memory Range: 0000000000001000 - 00000000000a0000
16:45:17.776 DBG #1 4 272 System Physical Memory Range: 0000000000100000 - 000000000eef1000
16:45:17.791 DBG #1 4 272 System Physical Memory Range: 000000000eefa000 - 000000000ef0d000
16:45:17.791 DBG #1 4 272 System Physical Memory Range: 000000000ef12000 - 000000000ef2c000
16:45:17.791 DBG #1 4 272 System Physical Memory Range: 000000000ef31000 - 000000000fee7000
16:45:17.791 DBG #1 4 272 System Physical Memory Range: 000000000ff77000 - 0000000080000000
16:45:17.803 DBG #1 4 272 System Physical Memory Total: 2096112 KB
16:45:17.803 DBG #1 4 272 System shared_data = FFFFE604E45053B0
16:45:17.817 INF #0 4 272 System Initializing VMX for the processor 0.
16:45:17.896 DBG #0 4 272 System vmm_stack_limit = FFFFE604EA0B9000
16:45:17.896 DBG #0 4 272 System vmm_stack_region_base = FFFFE604EA0BF000
16:45:17.911 DBG #0 4 272 System vmm_stack_data = FFFFE604EA0BEFF8
16:45:17.911 DBG #0 4 272 System vmm_stack_base = FFFFE604EA0BEFF0
16:45:17.919 DBG #0 4 272 System processor_data = FFFFE604E45053F0 stored at FFFFE604EA0BEFF8
16:45:17.927 DBG #0 4 272 System guest_stack_pointer = FFFFD90525D95750
16:45:17.931 DBG #0 4 272 System guest_inst_pointer = FFFFF80539F21427
16:45:17.935 DBG #0 4 272 System Context at FFFFF80539F21478: rax= 0000000000000000 rbx= 0000000000000000 rcx= FFFFF8053A03DDF0 rdx= FFFFE604E45053B0 rsi= FFFFE604E9D5B000 rdi= FFFFD90525D95888 rsp= FFFFD90525D957D0 rbp= 0000000000000000 r8= 0000000000000065 r9= 0000000000000000 r10= 0000000000000007 r11= FFFFD90525D95170 r12= FFFFFFFF800027CC r13= 0000000000000002 r14= FFFFC50F1876A9A0 r15= FFFFE604E9D5B000 efl= 00040282
16:45:17.935 INF #0 4 272 System Initialized successfully.
16:45:17.969 INF #1 4 272 System Initializing VMX for the processor 1.
Access violation - code c0000005 (!!! second chance !!!)
MemoryMon+0x11b000:
fffff8053a03b000 cc int 3
0: kd> g
KDTARGET: Refreshing KD connection
*** Fatal System Error: 0x00000050
(0xFFFFFA8000000000,0x0000000000000002,0xFFFFF8053A03B001,0x000000000000000B)
Driver at fault:
*** MemoryMon.sys - Address FFFFF8053A03B001 base at FFFFF80539F20000, DateStamp 609a7d77
.
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
For analysis of this file, run !analyze -v
nt!DbgBreakPointWithStatus:
fffff8053ac8b970 cc int 3
0: kd> !analyze -v
Connected to Windows 10 18362 x64 target at (Tue May 11 16:45:23.522 2021 (UTC + 3:00)), ptr64 TRUE
Loading Kernel Symbols
.................................
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................
................................................................
................................................................
..............................
Loading User Symbols
PEB address is NULL !
Loading unloaded module list
.......
Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffffa8000000000, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: fffff8053a03b001, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 000000000000000b, (reserved)
Debugging Details:
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 1
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-I56MG4S
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 3
Key : Analysis.Memory.CommitPeak.Mb
Value: 63
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: 50
BUGCHECK_P1: fffffa8000000000
BUGCHECK_P2: 2
BUGCHECK_P3: fffff8053a03b001
BUGCHECK_P4: b
READ_ADDRESS: fffffa8000000000
MM_INTERNAL_CODE: b
IMAGE_NAME: MemoryMon.sys
MODULE_NAME: MemoryMon
FAULTING_MODULE: fffff80539f20000 MemoryMon
PROCESS_NAME: svchost.exe
TRAP_FRAME: ffffd90526d37810 -- (.trap 0xffffd90526d37810)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8000000000 rbx=0000000000000000 rcx=ffffe604e9a90580
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8053a03b001 rsp=ffffd90526d379a0 rbp=ffffd90526d37b20
r8=fffffafd7eb0a110 r9=0000000021422008 r10=0000000000000001
r11=fffffafd40000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
MemoryMon+0x11b001:
fffff8053a03b001 0000 add byte ptr [rax],al ds:fffffa8000000000=??
Resetting default scope
STACK_TEXT:
ffffd90526d36e88 fffff8053ad68dc2 : fffffa8000000000 0000000000000003 ffffd90526d36ff0 fffff8053abe64d0 : nt!DbgBreakPointWithStatus
ffffd90526d36e90 fffff8053ad684b7 : fffff80500000003 ffffd90526d36ff0 fffff8053ac981f0 ffffd90526d37530 : nt!KiBugCheckDebugBreak+0x12
ffffd90526d36ef0 fffff8053ac83c27 : 0000000000000000 0000000000000005 0000000000000002 0000000000000000 : nt!KeBugCheck2+0x947
ffffd90526d375f0 fffff8053ad10c54 : 0000000000000050 fffffa8000000000 0000000000000002 ffffd90526d37810 : nt!KeBugCheckEx+0x107
ffffd90526d37630 fffff8053ab8ac3a : 0000000000000000 0000000000000002 ffffd90526d37770 0000000000000000 : nt!MiRaisedIrqlFault+0x127c14
ffffd90526d37670 fffff8053ac91b5e : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!MmAccessFault+0x48a
ffffd90526d37810 fffff8053a03b001 : 0000000000000aa0 ffffe604e8413030 ffffd90526d37d4a fffff8053b0e7f8a : nt!KiPageFault+0x35e
ffffd90526d379a0 0000000000000aa0 : ffffe604e8413030 ffffd90526d37d4a fffff8053b0e7f8a 0000000000000000 : MemoryMon+0x11b001
ffffd90526d379a8 ffffe604e8413030 : ffffd90526d37d4a fffff8053b0e7f8a 0000000000000000 fffff80500000027 : 0xaa0
ffffd90526d379b0 ffffd90526d37d4a : fffff8053b0e7f8a 0000000000000000 fffff80500000027 ffffffffffffffff : 0xffffe604e8413030
ffffd90526d379b8 fffff8053b0e7f8a : 0000000000000000 fffff80500000027 ffffffffffffffff ffffe604e4a40000 : 0xffffd90526d37d4a
ffffd90526d379c0 fffffafd61422008 : ffffe60400000000 ffffffffffffffff ffffd90500000000 0000000000000000 : nt!IopGetFileInformation+0x106
ffffd90526d37a40 ffffe60400000000 : ffffffffffffffff ffffd90500000000 0000000000000000 0000000000001001 : 0xfffffafd61422008
ffffd90526d37a48 ffffffffffffffff : ffffd90500000000 0000000000000000 0000000000001001 ffff8508803ad000 : 0xffffe60400000000
ffffd90526d37a50 ffffd90500000000 : 0000000000000000 0000000000001001 ffff8508803ad000 0000000000000000 : 0xffffffffffffffff
ffffd90526d37a58 0000000000000000 : 0000000000001001 ffff8508803ad000 0000000000000000 0000000000000000 : 0xffffd90500000000
SYMBOL_NAME: MemoryMon+11b001
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 11b001
FAILURE_BUCKET_ID: AV_INVALID_MemoryMon!unknown_function
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {26be4fc7-3792-4cc6-76ba-e1db17101433}
Followup: MachineOwner
(different debugging + i checked address with IDA)
Access violation - code c0000005 (!!! second chance !!!)
MemoryMon+0x11b000:
fffff8047c7eb000 cc int 3
when i compile the project, I always get the LNK ERROR,can you help me look at the error.
Severity Code Description Project File Line Suppression State
Warning 1324 [Version] section should specify PnpLockdown=1. MemoryMon C:\Users\Frankenstein\Desktop\tt\MemoryMon\MemoryMon\MemoryMon.inf 5
Severity Code Description Project File Line Suppression State
Error LNK2019 unresolved external symbol _invoke_watson referenced in function "protected: virtual void __cdecl stdext::bad_alloc::_Doraise(void)const " (?_Doraise@bad_alloc@stdext@@MEBAXXZ) MemoryMon C:\Users\Frankenstein\Desktop\tt\MemoryMon\MemoryMon\AddressRanges.obj 1
Severity Code Description Project File Line Suppression State
Error LNK2001 unresolved external symbol _invoke_watson MemoryMon C:\Users\Frankenstein\Desktop\tt\MemoryMon\MemoryMon\PageFaultRecord.obj 1
Severity Code Description Project File Line Suppression State
Error LNK2001 unresolved external symbol _invoke_watson MemoryMon C:\Users\Frankenstein\Desktop\tt\MemoryMon\MemoryMon\V2PMap.obj 1
Severity Code Description Project File Line Suppression State
Error LNK2001 unresolved external symbol "void (__cdecl* std::_Raise_handler)(class stdext::exception const &)" (?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA) MemoryMon C:\Users\Frankenstein\Desktop\tt\MemoryMon\MemoryMon\AddressRanges.obj 1
Severity Code Description Project File Line Suppression State
Error LNK2001 unresolved external symbol "void (__cdecl* std::_Raise_handler)(class stdext::exception const &)" (?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA) MemoryMon C:\Users\Frankenstein\Desktop\tt\MemoryMon\MemoryMon\PageFaultRecord.obj 1
Severity Code Description Project File Line Suppression State
Error LNK2001 unresolved external symbol "void (__cdecl* std::_Raise_handler)(class stdext::exception const &)" (?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA) MemoryMon C:\Users\Frankenstein\Desktop\tt\MemoryMon\MemoryMon\V2PMap.obj 1
Severity Code Description Project File Line Suppression State
Error LNK1120 2 unresolved externals MemoryMon C:\Users\Frankenstein\Desktop\tt\MemoryMon\x64\Debug\MemoryMon.sys 1
Hello!
Where can I find the files of the rootkit that is used in demo video https://www.youtube.com/watch?v=O5_ocsplrfA?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.