Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ByePG on Win10x64 19041 #21

Open
Alidonn opened this issue Feb 28, 2022 · 1 comment
Open

ByePG on Win10x64 19041 #21

Alidonn opened this issue Feb 28, 2022 · 1 comment

Comments

@Alidonn
Copy link

Alidonn commented Feb 28, 2022
edited
Loading

I'm currently running ByePG (ExHook) on a VMWare machine with Win10 and WinDBG attached through serial port.

First issue was on finding ntoskrnl base address in Internals::Resolve() but fixed adding a check on valid address in the "if" statement when checking the e_magic fields.

Now I get stuck on ExceptionHandler::Initialize when executing the KeIpiGenericCall. WinDBG froze and I didn't know how to proceed to resolve this.

Edit: It looks like this cope with WinDBG. In fact, running without debugger attached I can see the logs message that let me understand It exits from ByePgInitialise. But at the If statement in ExHook main, it returns. So probably ByePgInitialize returns the wrong value, in fact it return STATUS_DEVICE_NOT_CONNECTED.

Any suggestions?
@RealMove
Copy link

RealMove commented Aug 1, 2024

how exactly could you fix ntoskrnl base address problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Alidonn @RealMove