search

ufrisk / pcileech

Direct Memory Access (DMA) Attack Software
GNU Affero General Public License v3.0
4.58k stars 695 forks source link

wx64_unlock signatures out of date #267

Closed serkonda7 closed 7 months ago

serkonda7 commented 8 months ago

I have the problem of wx64_unlock not working (I haven't tried patch yet). A system shell using wx64_pscmd works just fine.

Reading #150 I think the signatures in PCILeech are out of date again. It's not urgent in any case but just to let you know.

My target has the following specs:

Win10 update 22H2
Build 19045.3570
NtlmShared.dll 10.0.19041.3570
ufrisk commented 8 months ago

Thanks. I'll try to look into updating this. Sometimes (but not super often) the signatures change and I often miss to update them.

as you mentioned there are many alternative ways so things should still work somewhat, but I'll update the signatures as well! Thanks for letting me know.

ufrisk commented 7 months ago

I have now updated the signatures. I also put in the time to automate it a bit (previously it's been done 100% manually). It should now be much easier for me to keep them up-to-date.

Hopefully your signature should be in there now. I don't have the 3570 signature in there, but many of them are very similar so it may still work.

Please let me know how it goes. If there is still a failure could you please send me the ntlmshared.dll you're targeting and I'll see to it that it's quickly added.

serkonda7 commented 7 months ago

Thank you for the effort.

The device I tested was however repurposed, so I won't be able to verify the update.