Spycio.Kon

 cai windebug attacker vo kernel thi chu y  chu y secure boot tat chua, neu chua vo thi de disable bcdedit /debug on bcdedit /dbgsettings serial debugport:1 baudrate:115200 msconfig nen nho, chi attach khi boot -> nen chay windbg truoc khi khoi dong vmware

 #include <windows.h> #include <stdio.h> #include <tlhelp32.h> int main() {     PROCESSENTRY32W pe;     pe.dwSize = sizeof(PROCESSENTRY32W);     HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);     if (hSnapshot == INVALID_HANDLE_VALUE)     {         printf("Cant get snapshot\n");         return 1;     }     if (!Process32FirstW(hSnapshot, &pe))     {         printf("Process32First failed: %lu\n", GetLastError());         CloseHandle(hSnapshot);         return 1;     }     do     {         wprintf(L"%ls\n", pe.szExeFile);     } while (Process32NextW(hSnapshot, &pe));     CloseHandle(hSnapshot);     return 0; }

 Bảng nhanh (hay dùng trong WinAPI) WinAPI type C type printf DWORD unsigned long %lu WORD unsigned short %hu BYTE unsigned char %u BOOL int %d HANDLE pointer %p LPVOID pointer %p