SpikySabra
commented
1 year ago Hi, could you please share the build of windows that you are working on? Please also share your offsets file. Do other techniques work? Which permissions do you have ?
Open gabriel-maxx opened 1 year ago
SpikySabra
commented
1 year ago Hi, could you please share the build of windows that you are working on? Please also share your offsets file. Do other techniques work? Which permissions do you have ?
gabriel-maxx
commented
1 year ago Hi, could you please share the build of windows that you are working on? Please also share your offsets file. Do other techniques work? Which permissions do you have ?
windows 11 x64 enterprise 22621.1344
offsets: SMark,ActiveProcessLinks,UniqueProcessId,ThreadListHead,Protection,Token,ObjectTable,TrapFrame,Rip,ThreadListEntry,Cid,EtwThreatIntProvRegHandle,GuidEntry,ProviderEnableInfo,Guid SOF,448,440,5e0,87a,4b8,570,90,168,538,4c8,c31f98,20,60,28
all other functions work perfectly just RemoteThreadInjection and ThreadHijacking which don't work in the specific processes I specified but something must have changed from windows 7 to 11 as I already used RemoteThreadInjection to inject shellcodes into processes in windows 7 and csrss.exe, services.exe worked except smss.exe which never worked, some extra layer of security must be preventing this in newer versions of windows but I have no idea what it is...
edit: even disabling critical process and ppl the process dies..
Hello, could you tell me why "tinject" and "thijack" do not work in csrss.exe, services.exe and smss.exe processes? I get a blue screen.