[-] Failed to get ntoskrnl.exe (24h2)

TheCruZ / kdmapper

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

MIT License

1.97k stars 502 forks source link

[-] Failed to get ntoskrnl.exe (24h2) #156

Closed Disshi300 closed 6 days ago

Disshi300 commented 6 days ago

[<] Loading vulnerable driver, Name: HogzoYgZgMTlFzLHRCdQk [+] NtLoadDriver Status 0x0 [-] Failed to get ntoskrnl.exe [<] Unloading vulnerable driver [+] NtUnloadDriver Status 0x0 [+] Vul driver data destroyed before unlink

fix?

TheCruZ commented 6 days ago

Probably you are not using latest kdmapper version Fixed at: https://github.com/TheCruZ/kdmapper/commit/5c83427142f0b6f6d72302d1e6c618bc875c3489

Disshi300 commented 6 days ago

Yes I am

Disshi300 commented 6 days ago

Still doesnt work

TheCruZ commented 6 days ago

Can you debug this function https://github.com/TheCruZ/kdmapper/blob/74e33e29255e6884dc6bdc0c037ede4da68aeeed/kdmapper/utils.cpp#L40 and show if modules can be retrieved or what is going on?

i tested on a VM with 24H2 and it works fine