Ulf Frisk
Ulf Frisk
No. You will have to account for things like relocations, import/export tables, dependencies (that may have to be loaded) and so on. It's a quite complex process unfortunately.
Yes, I would, it would be super nice :) but depending on implementation. I currently have the analysis functionality / parsing in the MemProcFS project - it's just mostly a...
@arannothc yes, user mode injects will be quite easy to implement when integrating with the memory analysis capabilities of the MemProcFS library. It's mostly a matter of coding. Unfortunately it...
I never got around implementing it fully. I couldn't find a generic way of always gain code injection in all kinds of processes this way. Customizations always had to be...
I'm closing this issue due to old age.
The kernel exports certain symbols (functions) to other kernel modules. Sometimes the exported symbols (functions) change and if PCILeech is relying on one of them and it's no longer exported...
There is quite a lot of work involved in this. I've been mostly focused on Windows as of late since that seems to be more popular amongst the users (and...
I'm closing this issue due to old age.
The signatures are unfortunately very out of date and are more for historical reasons now. You may try the built in `-kmd WIN10_X64` or `-kmd WIN10_X64_2` built-in signatures if you...
> > > Hi, I would like to add some sigs for windows, add unlock supports for x86 versions. Windows 10 verifies auth in ntlmshare.dll, and others using msv1_0.dll. I...