Matthijs Lavrijsen
Matthijs Lavrijsen
Personal opinion: I don't care what the specific address is, the disassembly view only shows the symbolic name and I'm fine with that too. If I really need the address...
Note that freezing a thread != suspending it. I'm very curious how `.bpsync` works because there is no public API (user or kernel) to freeze a thread.
It does, and I've created a PR to add this flag to the linker options in your stead :wink:
Hi, VS 2019 (non-preview) has been released for a while and is in fact already at version 16.1, could this be the cause of the problem? The project is set...
@zoand I haven't tested this combination, but it should work. I advise using VS2019 with the current (18063) WDK.
If you are trying to debug Windows Defender, there is another issue you will need to deal with, namely protection of `MsMpEng.exe` by the WD driver via `ObRegisterCallbacks`. See [this...
Hello 5 year old issue... I thought I'd add this feature since it's pretty simple, but then after looking at the ScyllaHide source I came to the conclusion that the...
Not in x64dbg, no. Some other debuggers I tried (VS2017 and WinDbg) do let the process inherit debug privileges. So there is a point to be made for just calling...
Yeah. You don't actually need to be in the process address space to do it from kernel mode, so it could be applied without having to `KeStackAttachProcess` or wait for...
That's true. I figured this might be of interest since TitanHide users are probably more likely to have a kernel debugger attached than most. It **is** possible to debug user...