这可以在虚拟机的Windows 11 24h2 上用吗?我试了build这个驱动,然后在 24h2 上加载了,但是我为什么还是可以访问test.txt文件呀
[KHook::Initialize] ssdt call back ptr is 0xFFFFF8037D7042AC
[KHook::Initialize] build number is 26100
[KHook::Initialize] ntoskrnl address is 0xFFFFF803E4E00000
[KHook::Initialize] etwp debugger data is 0xFFFFF803E5C0E768
[KHook::Initialize] etwp debugger data silo is 0xFFFFBE8614851500
[KHook::Initialize] ckcl wmi logger context is 0xFFFFBE8614792040
[KHook::Initialize] get cpu clock is 0x0000000000000003
[KHook::Initialize] syscall table is 0xFFFFF803E548C000
[KHook::Initialize] HvlpReferenceTscPage is 0xFFFFF803E5DC4D88
[KHook::Initialize] HvlpReferenceTscPage Value Is 0x0
[KHook::Initialize] HvlGetQpcBias Is 0xFFFFF803E5DC0270
[KHook::Initialize] HvlGetQpcBias Value Is 0x0
[KHook::Initialize] HvlGetReferenceTimeUsingTscPage Is 0xFFFFF803E5DC0108
[KHook::Initialize] HvlGetReferenceTimeUsingTscPage Value Is 0x0
[KHook::Initialize] HalpPerformanceCounter Is 0xFFFFF803E5DC2170
[KHook::Initialize] HalpPerformanceCounter Value is 0xFFFFF7E4800091B0
[KHook::Initialize] HalpOriginalPerformanceCounter Is 0xFFFFF803E5DC2168
[KHook::Initialize] HalpOriginalPerformanceCounter Value Is 0xFFFFF7E480000110
[KHook::Start] Update GetCpuClock Is 0000000000000002
[KHook::Start] Update HvlpGetReferenceTimeUsingTscPage Value : FFFFF8037D7022A4
[KHook::Start] Original HalpPerformanceCounterType Value : 1
[KHook::Start] Update HvlGetQpcBias Value is FFFFF8037D703C90
[KHook::Start] Detect Routine Thread ID Is 1700
[KHook::Start] Detect Routine Thread Object Is FFFFBE86198EC500
没有 “Deny Access File” 日志
这可以在虚拟机的Windows 11 24h2 上用吗?我试了build这个驱动,然后在 24h2 上加载了,但是我为什么还是可以访问test.txt文件呀
没有 “Deny Access File” 日志