7d6ce198fd361f58bd1ebdeee7772f76b4e58966 52204 |
|
26-Jul-2014 |
vboxsync |
SUP,LDR: Changed RTLdrGetBits to allow not resolving imports. Combined the memory and image purification code with the process validation code, adding a validation kind/mode parameter. The process verfication code now checks that code sections are unmodified. Had to add a self purification run before hooking NtCreateSection to undo a weird kernel32 change that avast made (making GetBinaryTypeW specify write thru when opening a file). So, VM startup is now even slower thanks to avast. |