blackint3 / openark Goto Github PK
View Code? Open in Web Editor NEWThe Next Generation of Anti-Rookit(ARK) tool for Windows.
Home Page: https://openark.blackint3.com
License: GNU Lesser General Public License v2.1
The Next Generation of Anti-Rookit(ARK) tool for Windows.
Home Page: https://openark.blackint3.com
License: GNU Lesser General Public License v2.1
进入内核模式一直点没用,下了最新的也没用,没装那些软件,我都退掉了也进不去,没有任何异常,只是时间会被清零,但系统自己又获取回来了,以前都能用的,不知道咋回事
什么时候加上查看内核钩子的功能呀,也许是我在OpenArk里没找到这个功能
系统版本是20H2
很喜欢系统热键功能,也帮我解决了很多次热键冲突。
但有一次 ctrl+shift+k冲突了,在 OpenArk 中查询不出来。
无意间才发现是由于【可可五笔】导致的,但在 OpenArk 中没有显示出来。
逆向工具的工具目录,能实现自己定义么
How to open hosts use other editor? VSCode or sublime..
scoop 是一款 Windows 下流行的包管理器, 现在, OpenArk 已经可以使用 scoop 安装了:
scoop install openark
更新成win10专业版 20H2 19042.1110后无法进入内核模式
[UNONE::FsReadFileDataW] [WARN] C:\Users\doit\AppData\Roaming\OpenArk\console\history.txt is empty file
[OpenArk::onActionCheckUpdate] [INFO] requset server:http://upt.blackint3.com/openark/version.txt
[OpenArk::onActionCheckUpdate::::operator ()] [ERR] request http.err:0, net.err:1
[OpenArk::onActionCheckUpdate] [INFO] requset server:http://upt.blackint3.com/openark/version.txt
[OpenArk::onActionCheckUpdate::::operator ()] [ERR] request http.err:0, net.err:1
无法解析upt.blackint3.com,导致工具无法安装
我的系统是 Win10 21H2 / 19044.1320 ,在OpenArk中错误识别为 Windows 11。
这个只是显示的操作系统名称错误,似乎不影响其他功能使用。
作者您好,我也是相当喜欢用这个小工具,麻雀虽小,五脏俱全。
作为开发人员我很需要这个软件,但是奈何自己的技术能力不过关,不懂C++。
所以恳请作者抽空适配一下21H1,谢谢。
逆向工具下载工具报下载失败 cod301
希望可以添加对代理的支持, 方便下载额外工具
作者你好,能不能把内核-系统热键功能单独编译一个exe,打开自动尝试进入内核模式,其他功能不要,你带上作者信息和自己的GitHub链接,我发布到一个论坛里,有部分用户只需要查看热键的功能的,非常感谢!
在4k显示器下,显示文字过小。
(即时使用win10系统自带的 系统->显示->缩放与布局 仍然不起作用)
导出到CSV后,自己设置快捷键的时候 可以避开这些热键。
添加Nuget包仓库
http://nuget.blackint3.com:20001/api/odata
这个 地址 我这边 不论是否翻墙 都无法连接。
想确认下找个nuget源 是否还生效。
signtool.exe remove /s OpenArkDrv64.sys
signtool.exe可以从Windows SDK中获取。signtool.exe can be obtained from Windows SDK.
OpenArkDrv64.sys在%temp%下可以找到。OpenArkDrv64.sys can be found at %temp%.
有多种方法。There're multiple ways to achieve this.
方法之一是使用EfiGuard,需要禁用SecureBoot。One of the methods is using EfiGuard, with SecureBoot disabled.
https://github.com/Mattiwatti/EfiGuard
大致步骤: Brief instructions:
(1) 挂载ESP(EFI系统分区)到S盘 Mount the ESP (EFI System Partition) to driveletter S
mountvol S: /s
(2) 把EfiGuardDxe.efi、Loader.config.efi、Loader.efi三个文件复制到S:\EFI\Boot\
copy EfiGuard-v1.2.1\EFI\Boot\*.efi S:\EFI\Boot\
(3) 用BOOTICE给Loader.config.efi添加UEFI启动项 Add Loader.config.efi to the UEFI boot sequence list using BOOTICE
可以勾选下次启动时使用该项,也可以在BIOS设置(也就是所谓的“UEFI固件设置”)的(硬盘)启动顺序里选择新加入的UEFI启动项。You can either check the "Boot this entry next time" checkbox in BOOTICE or adjust UEFI (harddrive) boot sequence in the BIOS settings (so-called "UEFI firmware settings") .
(4) 别忘了禁用安全启动。Don't forget to disable SecureBoot.
在F8启动菜单里选择禁用驱动强制签名应该也可以,但我没试过。而且桌面版Windows的F8从Win8开始就被微软干掉了,想重新开启F8菜单需要bcdedit /set {default} bootmenupolicy legacy
(bootmenupolicy默认是standard)Choosing "Disable driver signature enforcement" in the F8 boot menu should work as well, but I haven't tested this method. Also, F8 boot menu of desktop versions of Windows has been crippled by Microsoft since Win8, you can re-enable it by bcdedit /set {default} bootmenupolicy legacy
(if you want to revert to the default, change bootmenupolicy value from "legacy" to "standard")
先把已被去除数字签名的OpenArkDrv64.sys复制到%windir%\system32\drivers\
First, copy OpenArkDrv64.sys (which already has its signature removed) to %windir%\system32\drivers\
然后删除服务(如果存在) Then delete the service (if exists)
sc delete OpenArkDrv64
然后创建服务 Then create the service
sc create OpenArkDrv64 binpath= \Windows\system32\drivers\OpenArkDrv64.sys type= kernel start= demand
最后启动服务 Then start the service
sc start OpenArkDrv64
你好!
我希望这个工具能够能够在未来有这个功能,因为这个功能可以帮助到受到恶意程序感染的人能够把系统内的状态生成一个报告给到能够帮助它清除恶意程序的人那边来分析并制定出一个清除方案。
此致
敬礼。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.