Open hanetzer opened 1 year ago
And nvm. I'm dumb, the issue was on my end, but for the sake of future googlers:
I specified -os windows-32-7sp1
to get the bad reading on the latter hash; using
-os windows-32-7sp0
does work, but I'm not sure where the difference arises,
as the wintrospection plugin uses 0x185000
for the system_asid_lookup
for
both settings. Leaving open because something's probably wrong here even if
that wrongness can be fixed by a user flag.
pulling up an old project, and it seems that asidstory (and others, but I've not yet documented them) is busted on windows targets (win7x32 vm).
Working hash:
8cc9363146bba49dbb70dc14d430f8f92c1ab768
Broken hash:
97c0ed956b999958a333f960d85fae7e65f81c04
The latter never shows the process names, and I suspect this is the reason why my attempt to use the trace module in single-executable mode failed (produced no output), as it cannot figure out the name of my target.exe