Donghyun Lee
Donghyun Lee
I applied the [above diff](https://github.com/0vercl0k/wtf/issues/106#issuecomment-1181354992) and hooked `nt!NtReadFile` instead of `ntdll!NtReadFile`. (The dump I used is same as I used in https://github.com/0vercl0k/wtf/issues/106#issuecomment-1172164605.) Fuzz Result ```bash >..\..\src\build\wtf.exe run --name wps --state...
Thanks to you, I can better understand handling the file system in 32-bit and 64-bit😊 But,, any idea about incomplete dump that still exist? (https://github.com/0vercl0k/wtf/issues/106#issuecomment-1181516878) (Several problems seem to be...
> Okay, based on what you are seeing it looks like some of the code isn't included in your dump. I wrote [lockmem](https://github.com/0vercl0k/lockmem) to address that class of issue; you...
I'm grabbing the dump from `XXX.exe`. And the `YYY.dll` gets loaded after running `lockmem`. Details ``` !gflag +ksl sxe ld xlsxrw.dll g ``` Run `wps.exe` and create empty file(`et.exe` invoked)...
Oh, I'll try it, thanks! And so after `YYY.dll` is loaded, I don't have to run `lockmem` for `XXX.exe` and `ABC.exe`, I just have to run for `XXX.exe`, right?
SNUVOICE: Collects SNU Students' Voice
## Team 8 SNUVOICE https://www.snuvoice.site/ * TELL ME: 위키 * HEAR US: 청원