skelsec
commented
3 years ago Hello! Can you please send some more info so I can try to track down this issue? Windows version/pypykatz version/is there Av running/other stuff you feel relevant
Closed VakarisZ closed 2 years ago
skelsec
commented
3 years ago Hello! Can you please send some more info so I can try to track down this issue? Windows version/pypykatz version/is there Av running/other stuff you feel relevant
VakarisZ
commented
3 years ago I'm using windows 10, tried versions 0.3.12 and the latest (0.5.2). AV is running. But none of this is relevant, because the error is thrown from the lower level function windll.kernel32.QueryFullProcessImageNameW. The issue of your package is that this error is not handled even though the lsass process was already found. Simply moving the pid_to_name[pid] = QueryFullProcessImageNameW(process_handle) into the try block solved this issue for me (the error gets caught and the code continues).
The line in
live_reader_ctypes.py:68:fails to me with an error
(WinError 31) A device attached to the system is not functioning. This fails the whole mimikatz collection, even though the lsass process was already found and is inpid_to_namedict.I've seen the stale #69 PR that also addresses this. @skelsec @ebfe90 let me know if you intend to fix it. If not, I'll open up my own PR.