logonui script gives a blank(black screen) and does not spawn cmd.exe

[tango-j]

winversion is 1709 win 10. will the exploit work?

[niemand-sec]

The offset of msctf!CTipProxy::Reconvert inside MSCTF!CStubIEnumTfInputProcessorProfiles::_StubTbl may be wrong. That worked for me.

[taviso]

I don't know if I tested 1709, but @niemand-sec is correct - it is probably just a case of finding the right offset.

What is the version of MSCTF.DLL?

[tango-j]

Hi @taviso , @niemand-sec how do we find the right offset?