Carsten Maartmann-Moe
Carsten Maartmann-Moe
Thanks for a detailed issue! Looks like you've already reverse engineered two new signature offsets. So thanks! I will test them myself but if you replace line 147 in: ```...
Sure! In your x64 sample, you posted: ``` 000007FF73505E5A BE 10 00 00 00 mov esi, 10h 000007FF73505E5F 48 8D 55 50 lea rdx, [rbp+50h] ; Source2 000007FF73505E63 48 8B...
OK, so I updated my Win7 x64 RTM box to the latest patch, and lo and behold, the tool still worked. This had me puzzled. After some research, it turns...
Just a quick check: You're sure you're getting DMA, right? If you run the tool with the `-v` switch, do you get a output similar to this: ``` [*] Selected...
I'm 90 % sure the root cause of inception failing is that you're on the LDR branch. Still looking into why the new offset doesn't work. It may be a...
That's weird. Can you paste the full output of the tool with verbose switched on?
Have a similar issue now.
Haven't seen that myself, but it _may_ be the HIDS. Assuming it's Win 7 x64 your're trying to attack?
Hey @vladmolch - I don't have a copy of McAfee HIDS available so not able to test. If the tool is not able to verify the patch, it means that...
Hi Tod, thanks for the PR! Understand the heartache, but not sure I will BSD license this right off the bat. IANAL, so let me read up on the finer...