Added stickykeys->cmd.exe and the missing Windows 7 unlock signatures

ufrisk / pcileech

Direct Memory Access (DMA) Attack Software

GNU Affero General Public License v3.0

4.87k stars 718 forks source link

Added stickykeys->cmd.exe and the missing Windows 7 unlock signatures #19

Closed signal-5 closed 5 years ago

signal-5 commented 7 years ago

Added a signature for, in memory, replacing sethc.exe (stickykeys) with cmd.exe. Pressing SHIFT five times will spawn cmd.exe with system access at the login screen. Works with all x64 Windows versions. Also added the missing Windows 7 unlock signatures. The simple tool search_offset.pl can be used to find signatures and the offsets in memory dumps.

fox8091 commented 7 years ago

Maybe squash the commits some?

signal-5 commented 7 years ago

Yes, but I'm new to github. Can you do this in web interface?

signal-5 commented 5 years ago

Time to merge?

ufrisk commented 5 years ago

it is indeed time for that :)

stickykeys_cmd_win.sig and unlock_win7x64.sig should be merged ASAP. I'd rather not add the perl script though.

before I merge are you able to ensure it's working on latest windows 7 version and also the destination directory is changed from pcileech_files to just files

if you're able to drop a new pull request, or a changed one I'll merge immediately 👍