hfiref0x
commented
12 months ago How does it related to this repository?
Closed lastime1650 closed 12 months ago
hfiref0x
commented
12 months ago How does it related to this repository?
lastime1650
commented
12 months ago This function does not work. I made ioctl by implementing it as a missing iocreatedriver() function in DriverObject, but not work PsSetCreateNotifyRoutine() What's the problem? also RouteEX() not used, the integrity option was excluded.
In other words, is there a way to write that routine function? The reason why I can't is because I thought it was KDU MAPPER.
hfiref0x
commented
12 months ago How does "function does not work" related to this repository? What does not work and where. What is the status code? Where it doesn't work? And more importantly why do you think it is an issue of this utility?
hfiref0x
commented
12 months ago If your blaberry is about this API not working in a mapped driver, then why it should work at first place?
These API PsCreateProcessNotifyRoutine/PsCreateProcessNotifyRoutineEx dumb empty routines which just passes control to PspSetCreateProcessNotifyRoutine which inside validates callback address to be inside loaded modules list.
Solution: find a codecave inside some legit loaded driver, write a jump to your callback inside it and pass this jump address as callback address to API.
Prior creating such "issues" without any kind of useful input do something on your own to not look like an idiot.
i want to use that, but do not work anything..