搜索

[13868] 2019-03-15_Fibratus:Windows内核漏洞跟踪和测试工具

文档创建者:s7ckTeam
浏览次数:35
最后更新:2025-01-18
2019-03-15_Fibratus:Windows内核漏洞跟踪和测试工具 F i b r a t u s W i n d o w s A l p h a _ h 4 c k   F r e e B u f   2 0 1 9 - 0 3 - 1 5 F i b r a t u s 广 使 广 使 W i n d o w s F i b r a t u s W i n d o w s - / 线 I / O D L L / A M Q P E l a s t i c s e a r c h 使 f i l a m e n t s P y t h o n F i b r a t u s P y t h o n 便 h t t p s : / / g i t h u b . c o m / r a b b i t s t a c k / f i b r a t u s / r e l e a s e s / d o w n l o a d / v 0 . 7 . 2 / f i b r a t u s - 0 . 7 . 2 . e x e F i b r a t u s W i n d o w s h t t p s : / / g i t h u b . c o m / r a b b i t s t a c k / f i b r a t u s / r e l e a s e s 1   P y t h o n   3 . 4 h t t p s : / / w w w . p y t h o n . o r g / f t p / p y t h o n / 3 . 4 . 0 / p y t h o n - 3 . 4 . 0 . a m d 6 4 . m s i 2   V i s u a l   S t u d i o   2 0 1 5 V i s u a l   C k s t r e a m c V S 1 0 0 C O M N T O O L S % V S 1 4 0 C O M N T O O L S % 3   C y t h o n p i p f i b r a t u s f i b r a t u s   h e l p 使 p i p   i n s t a l l   C y t h o n   > = 0 . 2 3 . 4 p i p   i n s t a l l   f i b r a t u s
f i b r a t u s   r u n C t r l + C F i b r a t u s F i b r a t u s G i t H u b h t t p s : / / g i t h u b . c o m / r a b b i t s t a c k / f i b r a t u s W i k i h t t p s : / / g i t h u b . c o m / r a b b i t s t a c k / f i b r a t u s / w i k i / R u n n i n g *   f i b r a t u s F B A l p h a _ h 4 c k F r e e B u f . C O M U s a g e :         f i b r a t u s   r u n   ( [ - - f i l a m e n t = < f i l a m e n t > ] |   [ - - f i l t e r s   < k e v e n t s > . . . ] )   [ - - n o - e n u m - h a n d l e s ]   [ - - c s w i t c h ]         f i b r a t u s   l i s t - k e v e n t s         f i b r a t u s   l i s t - f i l a m e n t s         f i b r a t u s   - h   |   - - h e l p         f i b r a t u s   - - v e r s i o n O p t i o n s :         - h   - - h e l p                                   S h o w   t h i s   s c r e e n .         - - f i l a m e n t = < f i l a m e n t >           S p e c i f y   t h e   f i l a m e n t   t o   e x e c u t e .         - - n o - e n u m - h a n d l e s                   A v o i d s   e n u m e r a t i n g   t h e   s y s t e m   h a n d l e s .         - - c s w i t c h                                   E n a b l e s   c o n t e x t   s w i t c h   k e r n e l e v e n t s . - - v e r s i o n                                   S h o w   v e r s i o n . 5 5 5 0 2 0 : 2 8 : 1 4 . 8 8 2 0 0 0   3   c m d . e x e   ( 4 3 9 6 )   -   U n l o a d I m a g e   ( b a s e = 0 x 7 7 9 5 0 0 0 0 , c h e c k s u m = 1 3 1 3 1 5 4 ,   i m a g e = n t d l l . d l l , p a t h = D e v i c e H a r d d i s k V o l u m e 2 W i n d o w s S y s W O W 6 4 n t d l l . d l l ,   p i d = 4 3 9 6 ,   s i z e = 1 5 3 6 . 0 ) 5 5 5 1 2 0 : 2 8 : 1 4 . 8 8 2 0 0 0   3   e r l . e x e   ( 2 7 5 6 )   -   T e r m i n a t e P r o c e s s ( c o m m = C : W i n d o w s s y s t e m 3 2 c m d . e x e   / c d i r   / - C   / W c : / U s e r s / N e d o / A p p D a t a / R o a m i n g / R a b b i t M Q / d b / r a b b i t @ N E D O P C - m n e s i a , e x e = C : W i n d o w s s y s t e m 3 2 c m d . e x e ,   n a m e = c m d . e x e ,   p i d = 4 3 9 6 ,   p p i d = 2 7 5 6 ) 5 5 5 2 2 0 : 2 8 : 1 4 . 8 8 2 0 0 0   3   e r l . e x e   ( 2 7 5 6 )   -   C l o s e F i l e ( f i l e = D e v i c e H a r d d i s k V o l u m e 2 W i n d o w s ,   t i d = 1 6 7 2 ) 5 6 3 1 2 0 : 2 8 : 1 7 . 2 8 6 0 0 0   2   t a s k m g r . e x e   ( 3 5 3 2 )   -   R e g Q u e r y K e y ( h i v e = R E G I S T R Y M A C H I N E S Y S T E M ,   k e y = C o n t r o l S e t 0 0 1 C o n t r o l N l s L o c a l e ,   p i d = 3 5 3 2 , s t a t u s = 0 ,   t i d = 4 3 2 4 ) 5 6 3 2 2 0 : 2 8 : 1 7 . 2 8 6 0 0 0   2   t a s k m g r . e x e   ( 3 5 3 2 )   -   R e g O p e n K e y ( h i v e = R E G I S T R Y M A C H I N E S Y S T E M , k e y = C o n t r o l S e t 0 0 1 C o n t r o l N l s L o c a l e S o f t w a r e M i c r o s o f t D i r e c t U I ,   p i d = 3 5 3 2 , s t a t u s = 3 2 2 1 2 2 5 5 2 4 ,   t i d = 4 3 2 4 ) 5 6 3 3 2 0 : 2 8 : 1 7 . 2 8 8 0 0 0   2   t a s k m g r . e x e   ( 3 5 3 2 )   -   C r e a t e F i l e ( f i l e = D e v i c e H a r d d i s k V o l u m e 2 W i n d o w s s y s t e m 3 2 x m l l i t e . d l l , f i l e _ t y p e = R E P A R S E _ P O I N T ,   o p e r a t i o n = O P E N ,   s h a r e _ m a s k = r w d ,   t i d = 4 3 2 4 ) 5 6 3 4 2 0 : 2 8 : 1 7 . 2 8 8 0 0 0   2   t a s k m g r . e x e   ( 3 5 3 2 )   -   C l o s e F i l e ( f i l e = D e v i c e H a r d d i s k V o l u m e 2 W i n d o w s s y s t e m 3 2 x m l l i t e . d l l ,   t i d = 4 3 2 4 ) 5 6 3 5 2 0 : 2 8 : 1 7 . 2 8 8 0 0 0   2   t a s k m g r . e x e   ( 3 5 3 2 )   -   C r e a t e F i l e ( f i l e = D e v i c e H a r d d i s k V o l u m e 2 W i n d o w s s y s t e m 3 2 x m l l i t e . d l l ,   f i l e _ t y p e = F I L E , o p e r a t i o n = O P E N ,   s h a r e _ m a s k = r - d ,   t i d = 4 3 2 4 ) 5 6 3 6 2 0 : 2 8 : 1 7 . 2 8 8 0 0 0   2   t a s k m g r . e x e   ( 3 5 3 1 )   -   L o a d I m a g e   ( b a s e = 0 x 7 f e f a b 9 0 0 0 0 , c h e c k s u m = 2 0 4 4 9 8 ,   i m a g e = x m l l i t e . d l l ,   p a t h = W i n d o w s S y s t e m 3 2 x m l l i t e . d l l , p i d = 3 5 3 2 ,   s i z e = 2 1 7 0 8 8 ) 5 6 3 7 2 0 : 2 8 : 1 7 . 2 8 8 0 0 0   2   t a s k m g r . e x e   ( 3 5 3 2 )   -   C l o s e F i l e ( f i l e = D e v i c e H a r d d i s k V o l u m e 2 W i n d o w s s y s t e m 3 2 x m l l i t e . d l l ,   t i d = 4 3 2 4 ) 5 6 3 8 2 0 : 2 8 : 1 7 . 3 0 0 0 0 0   2   t a s k m g r . e x e   ( 3 5 3 2 )   -   R e g Q u e r y K e y   ( h i v e = R E G I S T R Y M A C H I N E S Y S T E M , k e y = C o n t r o l S e t 0 0 1 C o n t r o l N l s L o c a l e ,   p i d = 3 5 3 2 ,   s t a t u s = 0 ,   t i d = 4 3 2 4 ) 5 6 3 9 2 0 : 2 8 : 1 7 . 3 0 0 0 0 0   2   t a s k m g r . e x e   ( 3 5 3 2 )   -   R e g O p e n K e y ( h i v e = R E G I S T R Y M A C H I N E S Y S T E M , k e y = C o n t r o l S e t 0 0 1 C o n t r o l N l s L o c a l e S O F T W A R E M i c r o s o f t C T F K n o w n C l a s s e s , p i d = 3 5 3 2 ,   s t a t u s = 3 2 2 1 2 2 5 5 2 4 ,   t i d = 4 3 2 4 ) 5 6 4 0 2 0 : 2 8 : 1 7 . 3 0 0 0 0 0   3   t a s k m g r . e x e   ( 3 5 3 2 )   -   R e g Q u e r y K e y ( h i v e = R E G I S T R Y M A C H I N E S Y S T E M ,   k e y = C o n t r o l S e t 0 0 1 C o n t r o l N l s L o c a l e ,   p i d = 3 5 3 2 , s t a t u s = 0 ,   t i d = 4 3 2 4 ) 5 6 4 1 2 0 : 2 8 : 1 7 . 3 0 0 0 0 0   3   t a s k m g r . e x e   ( 3 5 3 2 )   -   R e g O p e n K e y   ( h i v e = R E G I S T R Y M A C H I N E S Y S T E M , k e y = C o n t r o l S e t 0 0 1 C o n t r o l N l s L o c a l e S O F T W A R E M i c r o s o f t C T F K n o w n C l a s s e s , p i d = 3 5 3 2 ,   s t a t u s = 3 2 2 1 2 2 5 5 2 4 ,   t i d = 4 3 2 4 ) 5 6 4 2 2 0 : 2 8 : 1 7 . 3 0 2 0 0 0   2   t a s k m g r . e x e   ( 3 5 3 2 )   -   U n l o a d I m a g e   ( b a s e = 0 x 7 f e f a b 9 0 0 0 0 , c h e c k s u m = 2 0 4 4 9 8 ,   i m a g e = x m l l i t e . d l l ,   p a t h = W i n d o w s S y s t e m 3 2 x m l l i t e . d l l , p i d = 3 5 3 2 ,   s i z e = 2 1 2 . 0 )

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理