Driver does not load - Githubissues

EquiFox / KsDumper

Dumping processes using the power of kernel space !

MIT License

969 stars 215 forks source link

Driver does not load #19

Open greenozon opened 2 years ago

greenozon commented 2 years ago

Does it suppose to work on win7sp1 x64?

I"m getting this:

c:\Tmp\Driver>"c:\Tmp\Driver\\drvmap.exe" "c:\Tmp\Driver\\KsDumperDriver.sys"
[+] loaded capcom driver: 0
[+] allocated 0x7000 bytes at 0xFFFFFA8015F06000
processing module: ntoskrnl.exe [0xFFFFF8000300A000]
Assertion failed: RtlFindExportedRoutineByName != nullptr, file c:\users\foxy\desktop\tools\drvmap-master\capcom\capcom.cpp, line 196

quanmanss11 commented 1 year ago

lmao xd

quanmanss11 commented 1 year ago

try https://github.com/hfiref0x/TDL/blob/master/Compiled/Furutaka.exe (Furutake.exe drivername.sys)

quanmanss11 commented 1 year ago

x64 only (x64 Windows 7/8/8.1/10.)

greenozon commented 1 year ago

my OS is x64

LMAO

greenozon commented 1 year ago

My hypothesis is that RtlFindExportedRoutineByName API is only available on win10/11 thus lower OS are out of bound... but need proofs

eg: https://github.com/Chuyu-Team/MINT/blob/69b28783df6522b8a8516a0711268424e876b493/MINT.h#L22334