Blackbone icon indicating copy to clipboard operation
Blackbone copied to clipboard

Published 20 hours ago verified publisher icon DarthTon

Win10 ver. 19042

Open aCoDenz opened this issue 3 years ago • 4 comments

Driver update for the said win10 version?

aCoDenz avatar May 17 '21 03:05 aCoDenz

else if (verInfo.dwBuildNumber == 19041) { pData->ver = WINVER_10_20H1; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; } else if (verInfo.dwBuildNumber == 19042) { pData->ver = WINVER_10_20H2; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; } else if (verInfo.dwBuildNumber == 19043) { pData->ver = WINVER_10_21H1; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; }

SunMJin avatar Jun 26 '21 05:06 SunMJin

else if (verInfo.dwBuildNumber == 19041) { pData->ver = WINVER_10_20H1; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; } else if (verInfo.dwBuildNumber == 19042) { pData->ver = WINVER_10_20H2; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; } else if (verInfo.dwBuildNumber == 19043) { pData->ver = WINVER_10_21H1; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; }

WINVER_10_21H1 = ? thanks!

xxTree avatar Sep 25 '21 14:09 xxTree

@SunMJin could you explain how do i get these values ​​please? I was told I have to use WinDbg, but what do I do after I open WinDbg? I'm using Windows 10.0.22000.194...

gabriel-maxx avatar Nov 17 '21 12:11 gabriel-maxx

else if (verInfo.dwBuildNumber == 19041) { pData->ver = WINVER_10_20H1; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; } else if (verInfo.dwBuildNumber == 19042) { pData->ver = WINVER_10_20H2; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; } else if (verInfo.dwBuildNumber == 19043) { pData->ver = WINVER_10_21H1; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; }

Are you kidding me? Don't post silly clips!

Fplyth0ner-Combie avatar Nov 17 '21 14:11 Fplyth0ner-Combie