ebalo55
commented
1 day ago have you been able to test this? Do you want to provide the fix via a PullReq such that I can merge it? @Petya360
Open Petya360 opened 3 weeks ago
ebalo55
commented
1 day ago have you been able to test this? Do you want to provide the fix via a PullReq such that I can merge it? @Petya360
I encountered the following issue while running on Windows 11 23h2, even when parsing the local file 'lsass. dmp'. mimikatz # sekurlsa::minidump c:\lsass.dmp Switch to MINIDUMP : 'c:\lsass.dmp'
mimikatz # sekurlsa::logonpasswords ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list
I tried to change the source code, added the internal version number of the system, and then decompiled 'lsasrv.dll' to add a new offset address. Due to my limited technical skills, I am not quite able to understand the meaning of "-4" in the old version of the offset size. Therefore, I wrote the new code as {27,4} according to the meaning of the previous code and modified it to look like the one shown in the picture. Interestingly, it can now work normally. Can someone help explain why changing it to this way can work normally? thank you.