ghost
commented
4 years ago Not related to 1809, but it works fine on 1903. (https://github.com/alxbrn/wmi-static-spoofer-1903)
Should work fine for 1809 as well, just update the offset & structure.
Edit: Structure for whatever winver you are on can be found easily using windbg
dt storport!_RAID_UNIT_EXTENSION -bTo get the offset, I personally just rebase the memory inside of IDA to 0x000... And then just grab the offset of RaidUnitRegisterInterfaces.
As seen here:
For windows 10 1809 it seems the function RaidUnitRegisterInterfaces takes multiple arguments. I assume this might kill this whole approach, is it something you are familiar with?