POC-AntiKernelDebug

What's this?

A POC about how to detect windows kernel debug by pool tag.

How does this poc actually work?

Query system pool tag information matches TagUlong == 'oIdK'.

Tested in Win10 1809

Compile

Visual Studio 2022
llvm-msvc [link]