win 11 , win 10

[hastalamuerte]

Get those results while trying to reproduce POC . On win 11, win 10 ( was try to rewrite to - Windows 10 Version 21H2 (Build 19044) RVA: 0xD53A10 Windows 10 Version 20H2 (Build 19042) RVA: 0xD53A18) Compiled with vs/cl (maybe i compile wrong) . Was run just Parent.exe and "Parent.exe Client.exe" - same

cl /EHsc /DUNICODE /D_UNICODE /D_WIN32_WINNT=0x0A00 Child.cpp winhelpers.cpp /Fe:Child.exe /link ntdll.lib ksuser.lib ksproxy.lib was build like that , and with VS gui (project).

[Dor00tkit]

Windows 10 Version 20H2 is not vulnerable. For Windows 10 Version 21H2, please provide the complete build number. (You can check it using winver).

[hastalamuerte]

Windows 10 Version 20H2 is not vulnerable. For Windows 10 Version 21H2, please provide the complete build number. (You can check it using winver).

thx for answer, research and poc.

i was try on win 11 too. win 10 - 21H2 (build 19044.4780) win 10 2 - 21H2 (build 19045.5011)

win 11 - 23H2 (build 22631.4317) I just rebuild again binaries 64 for Parent, 32/86 for Child

[Dor00tkit]

Patches have been applied to all those versions. You'll need to test on versions from before June 11, 2024.

My PoC tested on Windows 11 23H2 build 10.0.22621.3672 (KB5037853)

[yinsel]

Patches have been applied to all those versions. You'll need to test on versions from before June 11, 2024.

My PoC tested on Windows 11 23H2 build 10.0.22621.3672 (KB5037853)

I would like to ask how to obtain this value

[Dor00tkit]

Patches have been applied to all those versions. You'll need to test on versions from before June 11, 2024. My PoC tested on Windows 11 23H2 build 10.0.22621.3672 (KB5037853)

I would like to ask how to obtain this value

You need to calculate the RVA of the global variable SeDebugPrivilege within ntoskrnl using IDA\Ghidra\WinDbg.