Win10 has more surprises to offer:
https://ntquery.wordpress.com/2015/09/07/windows-10-new-anti-debug-outputdebugstringw/
I also see some weird behavior of NtQueryInformationProcess. You can query ProcessBasicInformation with different buffer sizes.
size = 24 -> normal behavior, expected size like in all windows editions
size = 32 -> extended information? You can get more information...
__________________
My blog: https://ntquery.wordpress.com
|