Mirrors/za233-neaccontroller
1
0
Fork 0
mirror of https://github.com/za233/NeacController.git synced 2026-06-08 18:17:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
za233
2025-04-02 22:41:08 +08:00
parent 14b822845d
commit 32d18fecbc
3 changed files with 8 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+7
View File
@@ -42,3 +42,10 @@ The demonstration payload currently uses a single `ret` instruction as shellcode
2. Execution will then trigger either:
- Debugger break-in via `STATUS_BREAKPOINT` exception
- System crash (BSOD) if unhandled in kernel context
### Whats more in <controller.h>
- Cross-Process Memory Reading/Writing
- Obtain Process Module Base Address
- Modify Memory Page Attributes of Other Process
- Terminate Other Process
x64/Debug/NeacSafe64.inf
-86
View File
@@ -1,86 +0,0 @@
[Version]
Signature = "$Windows NT$"
Class = "ActivityMonitor" ;This is determined by the work this filter driver does
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determined by the Class
Provider = %ProviderString%
DriverVer = 12/17/2021,17.41.6.64
[DestinationDirs]
DefaultDestDir = 12
NeacSafe64.DriverFiles = 12 ;%windir%\system32\drivers
;;
;; Default install sections
;;
[DefaultInstall]
OptionDesc = %ServiceDescription%
CopyFiles = NeacSafe64.DriverFiles
[DefaultInstall.Services]
AddService = %ServiceName%,,NeacSafe64.Service
;;
;; Default uninstall sections
;;
[DefaultUninstall]
DelFiles = NeacSafe64.DriverFiles
[DefaultUninstall.Services]
DelService = %ServiceName%,0x200 ;Ensure service is stopped before deleting
;
; Services Section
;
[NeacSafe64.Service]
DisplayName = %ServiceName%
Description = %ServiceDescription%
ServiceBinary = %12%\%DriverName%.sys ;%windir%\system32\drivers\
Dependencies = "FltMgr"
ServiceType = 2 ;SERVICE_FILE_SYSTEM_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
LoadOrderGroup = "FSFilter Activity Monitor"
AddReg = NeacSafe64.AddRegistry
;
; Registry Modifications
;
[NeacSafe64.AddRegistry]
HKR,,"SupportedFeatures",0x00010001,0x3
HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
;
; Copy Files
;
[NeacSafe64.DriverFiles]
%DriverName%.sys
[SourceDisksFiles]
NeacSafe64.sys = 1,,
[SourceDisksNames]
1 = %DiskId1%,,,
;;
;; String Section
;;
[Strings]
ProviderString = "TODO-Set-Provider"
ServiceDescription = "NeacSafe64 mini-filter driver"
ServiceName = "NeacSafe64"
DriverName = "NeacSafe64"
DiskId1 = "NeacSafe64 Device Installation Disk"
;Instances specific information.
DefaultInstance = "NeacSafe64 Instance"
Instance1.Name = "NeacSafe64 Instance"
Instance1.Altitude = "370020"
Instance1.Flags = 0x0 ; Suppress automatic attachments
x64/Debug/NeacSafe64.sys
BIN
View File
Binary file not shown.