carmaa
commented
9 years ago Haven't seen that myself, but it may be the HIDS. Assuming it's Win 7 x64 your're trying to attack?
Open vladmolch opened 9 years ago
carmaa
commented
9 years ago Haven't seen that myself, but it may be the HIDS. Assuming it's Win 7 x64 your're trying to attack?
vladmolch
commented
9 years ago Yes its Win 7 x64. I can see SBP-2 being mounted in the device manager and Inception reading memory with the -v but then i get [-] Error: Unable to verify patch Checked the HIPS logs bit it's all generic messages Thx for the quick reply
vladmolch
commented
9 years ago Hey Carsten Any updates on this?
V
carmaa
commented
9 years ago Hey @vladmolch - I don't have a copy of McAfee HIDS available so not able to test. If the tool is not able to verify the patch, it means that it somehow were not able to write to memory. This may be due to the HIDS, but there may also be other causes.
Leaving this issue open in case someone is able to test with the McAfee software.
vladmolch
commented
9 years ago Thx Carsten. I was able to dump memory
Vlad
On Sun, Feb 15, 2015 at 3:46 AM, Carsten Maartmann-Moe < notifications@github.com> wrote:
Hey @vladmolch https://github.com/vladmolch - I don't have a copy of McAfee HIDS available so not able to test. If the tool is not able to verify the patch, it means that it somehow were not able to write to memory. This may be due to the HIDS, but there may also be other causes.
Leaving this issue open in case someone is able to test with the McAfee software.
— Reply to this email directly or view it on GitHub https://github.com/carmaa/inception/issues/110#issuecomment-74409160.
Vlad
I can see that memory is read and the signature is found but in the end I get: [*] Signature found at 0x3908ce59 in page no. 233612 [-] Error: Unable to verify patch Anybody else has had this issue? Is there a solution? Also, there's McAfee HIDS on the victim. I am suspecting that's what killing Inception. Any help is appriciated.
Vlad