{"provider_name":"Hatena Blog","type":"rich","blog_title":"Scarlet Tactics","blog_url":"https://www.scarlet-tactics.red/","categories":["AntiEDR","by AI"],"image_url":null,"html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fwww.scarlet-tactics.red%2Fentry%2F2026%2F02%2F15%2F002003\" title=\"EDR-GhostLocker \u8a73\u7d30\u6280\u8853\u89e3\u6790 - Scarlet Tactics\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","version":"1.0","description":"github.com 1. \u30c4\u30fc\u30eb\u5168\u4f53\u306e\u76ee\u7684\u3068\u653b\u6483\u30d5\u30ed\u30fc 2. \u30d5\u30a1\u30a4\u30eb\u69cb\u6210\u3068\u5f79\u5272 3. ntdefs.h \u2014 \u672a\u516c\u958bAPI\u5b9a\u7fa9\u306e\u610f\u56f3 UNICODE_STRING\u69cb\u9020\u4f53\uff08ntdefs.h 4-9\u884c\u76ee\uff09 SYSTEM_PROCESS_ID_INFORMATION\u69cb\u9020\u4f53\uff08ntdefs.h 11-15\u884c\u76ee\uff09 SYSTEM_INFORMATION_CLASS\u5217\u6319\u578b\uff08ntdefs.h 24-281\u884c\u76ee\uff09 4. main.cpp \u2014 \u52d5\u7684\u5217\u6319\u7248\u306e\u8a73\u7d30\u89e3\u6790 4.1 \u30bf\u30fc\u30b2\u30c3\u30c8\u5b9a\u7fa9\u3068\u30d7\u30ed\u30bb\u30b9\u30de\u30c3\u30c1\u30f3\u30b0 \u30bf\u30fc\u30b2\u30c3\u30c8\u914d\u5217\uff08main.cpp 22-28\u884c\u76ee\uff09 \u30bf\u30fc\u30b2\u30c3\u30c8\u6570\u306e\u7b97\u51fa\uff08main.cpp 30\u884c\u76ee\uff09 \u30de\u30c3\u2026","width":"100%","height":"190","provider_url":"https://hatena.blog","author_name":"skybreaker","title":"EDR-GhostLocker \u8a73\u7d30\u6280\u8853\u89e3\u6790","published":"2026-02-15 00:20:03","author_url":"https://blog.hatena.ne.jp/skybreaker/","url":"https://www.scarlet-tactics.red/entry/2026/02/15/002003"}