Skip to content

GameSec/ErisDbg

BranchesTags
 
 

Repository files navigation

ErisDbg

介绍

ErisDbg是一个基于vt的重建Windows10调试体系的项目。

基于VT的EPT HOOK,重构了Windows10的十余个关键的调试函数,已在Windows10 22H2实机测试。

VT部分参考: HyperPlatform

重构的调试函数

  • NtCreateDebugObject

  • GetDbgkInitialize

  • NtWaitForDebugEvent

  • NtDebugActiveProcess

  • ProbeForReadSmallStructure

  • NtDebugContinue

  • DbgkpConvertKernelToUserStateChange

  • DbgkpOpenHandles

  • GePsGetProcessDebugPort

  • PsSetProcessDebugPort

  • IsThreadSkipCreationMsg

  • DbgkpSuspendProcess

  • DbgkpFreeDebugEvent

  • DbgkpWakeTarget

  • DbgkpQueueMessage

  • DbgkpSendApiMessage

  • DbgkpProcessToFileHandle

  • PsGetThreadToAPCProcess

  • DbgkSendSystemDllMessages

  • DbgkpPostFakeThreadMessages

  • DbgkpPostModuleMessages

  • DbgkpPostFakeProcessCreateMessages

  • DbgkpSetProcessDebugObject

  • PsCaptureExceptionPort

  • DbgkForwardException

alt text

alt text

alt text

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 52.0%
  • C 46.9%
  • Assembly 1.1%