Windows 8 introduced 'IsNativeVhdBoot', to determine if the ma | vx-underground

Windows 8 introduced "IsNativeVhdBoot", to determine if the machine was booted from a Virtual Hard Disk.

The function, located in Kernel32.dll, forwards to NTDLL!NtQuerySystemInformation with the flags SystemPrefetchPathInformation and SystemHandleInformation.

vx-underground

🙋 35.14K
Технологии

The largest collection of malware source, samples, and papers on the internet. Discussion: t.me/vxugchat. Password: infected. https://vx-underground.org/...

Join
▲ Vote (1)

Windows 8 introduced 'IsNativeVhdBoot', to determine if the ma | vx-underground

Login