Who are the dead? nProtect VS HackShield

Author: zhuwg

Wish everyone a happy New Year: rose: rich red packets

Even fewer people read articles and fewer people reply to them. I don't know if the RP has a problem or the article is too bad.
In this case, I switched to the martial arts novel model to write exactly one novel.
I don't know if I will be interested more than one point.

Jianghu has always been in the same state since the end of the last war.
As a result, the altar owner selected a auspicious day to hold a Wulin conference and recruited Wulin heroes. Various sects sent out their brothers in succession.

The venue is chosen in an open space in the suburbs, and each department is separated. Of course, there are still many martial arts people who come to challenge.
A moment of excitement
The altar announced the official start of the Wulin conference. The first item was self-reported identities of various sects.
The first disciple from the INCA Internet came to the stage, and GameGuard is now under the INCA Internet portal.
Zhengjin, many merchants have invited INCA Internet disciples to serve as security consultants.
Those who help INCA Internet students are very admired.

GameGuard, a self-called GameGuard under the INCA Internet portal, is not as old as KeyCrypt
In comparison, however, his martial arts skill was not under the old brother, And he won a praise when he played the game.
My school is the most prestigious one in the world. To ensure your security, our security work is meticulous.
Let's take the restaurant as an example. Since ancient times, the restaurant is a land of no battles and how can we deal with it?
First, before the customer enters the door, we use a real air search.
[440] EXPLORER. EXE --> advapi32.dll --> CreateProcessWithLogonW, Type: Inline-RelativeJump at address 0x77DE5C9D hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> gdi32.dll --> GetPixel, Type: Inline-RelativeJump at address 0x77EFB471 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> CreateProcessInternalW, Type: Inline-RelativeJump at address 0x7C8191EB hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> DebugActiveProcess, Type: Inline-RelativeJump at address 0x7C859F0B hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> GetProcAddress, Type: Inline-RelativeJump at address 0x7C80AC28 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> LoadLibraryExW, Type: Inline-RelativeJump at address 0x7C801AF1 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> MapViewOfFile, Type: Inline-RelativeJump at address 0x7C80B78D hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> MapViewOfFileEx, Type: Inline-RelativeJump at address 0x7C80B71E hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> MoveFileW, Type: Inline-RelativeJump at address 0x7C839659 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> OpenProcess, Type: Inline-RelativeJump at address 0x7C81E079 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> ReadProcessMemory, Type: Inline-RelativeJump at address 0x7C8021CC hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> VirtualProtect, Type: Inline-RelativeJump at address 0x7C801AD0 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> VirtualProtectEx, Type: Inline-RelativeJump at address 0x7C801A5D hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> kernel32.dll --> WriteProcessMemory, Type: Inline-RelativeJump at address 0x7C80220F hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> ntdll. dll --> NtDeviceIoControlFile, Type: Inline-RelativeJump at address 0x7C92D8E3 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> ntdll. dll --> NtLoadDriver, Type: Inline-RelativeJump at address 0x7C92DB6E hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> ntdll. dll --> NtOpenProcess, Type: Inline-RelativeJump at address 0x7C92DD7B hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> ntdll. dll --> NtProtectVirtualMemory, Type: Inline-RelativeJump at address 0x7C92DEB6 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> ntdll. dll --> NtQuerySystemInformation, Type: Inline-RelativeJump at address 0x7C92E1AA hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> ntdll. dll --> NtReadVirtualMemory, Type: Inline-RelativeJump at address 0x7C92E2BB hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> ntdll. dll --> NtSuspendProcess, Type: Inline-RelativeJump at address 0x7C92E83A hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> ntdll. dll --> NtSuspendThread, Type: Inline-RelativeJump at address 0x7C92E84F hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> ntdll. dll --> NtTerminateProcess, Type: Inline-RelativeJump at address 0x7C92E88E hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> ntdll. dll --> NtTerminateThread, Type: Inline-RelativeJump at address 0x7C92E8A3 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> ntdll. dll --> NtWriteVirtualMemory, Type: Inline-RelativeJump at address 0x7C92EA32 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll + 0x00008B80, Type: Inline-RelativeJump at address 0x77D18B80 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> GetWindowThreadProcessId, Type: Inline-RelativeJump at address 0x77D18A80 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> keybd_event, Type: Inline-RelativeJump at address 0x77D66341 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> mouse_event, Type: Inline-RelativeJump at address 0x77D662FD hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> ostMessageA, Type: Inline-RelativeJump at address 0x77D1CB85 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> ostMessageW, Type: Inline-RelativeJump at address 0x77D18CCB hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> SendInput, Type: Inline-RelativeJump at address 0x77D2F118 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> SendInput, Type: Inline-RelativeJump at address 0x77D2F122 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> SendMessageA, Type: Inline-RelativeJump at address 0x77D2F39A hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> SendMessageW, Type: Inline-RelativeJump at address 0x77D1B8BA hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> SetCursorPos, Type: Inline-RelativeJump at address 0x77D55E4B hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> SetWindowsHookExA, Type: Inline-RelativeJump at address 0x77D311E9 hook handler located in [npggNT. des]
[440] EXPLORER. EXE --> user32.dll --> SetWindowsHookExW, Type: Inline-RelativeJump at address 0x77D2E4AF hook handler located in [npggNT. des]
Let's take a look. Rigorous detection by Alibaba Cloud
Of course, the searches will continue to be carried out to prevent the guests from carrying weapons or taking out the weapons. I can send them out of the door immediately.
Of course, this is not enough. Some assassin will use a dark device and it is very hidden. It is difficult for me to send regular searches.
I still have a hard time. If the guests want to enter the core zone, we still have a test. Please refer
> Hooks
Ntoskrnl.exe + 0x00004AA2, Type: Inline-RelativeJump at address 0x804DCAA2 hook handler located in between ntoskrnl.exe]
Ntoskrnl.exe + 0x000147DA, Type: Inline-RelativeJump at address 0x804EC7DA hook handler located in [dump_wmimmc.sys]
Ntoskrnl.exe --> KeAttachProcess, Type: Inline-RelativeJump at address 0x804EC938 hook handler located in [dump_wmimmc.sys]
Ntoskrnl.exe --> KeStackAttachProcess, Type: Inline-RelativeJump at address 0x804F2743 hook handler located in [dump_wmimmc.sys]
Ntoskrnl.exe --> NtDeviceIoControlFile, Type: Inline-RelativeJump at address 0x8057CF7B hook handler located in [dump_wmimmc.sys]
Ntoskrnl.exe --> NtOpenProcess, Type: Inline-RelativeJump at address 0x80574C96 hook handler located in [dump_wmimmc.sys]
Ntoskrnl.exe --> NtProtectVirtualMemory, Type: Inline-RelativeJump at address 0x80575045 hook handler located in [dump_wmimmc.sys]
Ntoskrnl.exe --> NtReadVirtualMemory, Type: Inline-RelativeJump at address 0x8057F48E hook handler located in [dump_wmimmc.sys]
Ntoskrnl