Error 24h2.3323 #5
Description
Error how to add offset or update SRC
[<] Loading vulnerable driver, Name: PTWVFrbXnrBvF
[+] NtLoadDriver Status 0x0
[-] Failed to get ntoskrnl.exe
[<] Unloading vulnerable driver
[+] NtUnloadDriver Status 0x0
[+] Vul driver data destroyed before unlink
[+] Pausing to allow for debugging
[+] Press enter to close
amd i use kdmapper for debug this work
[ntoskrnl.exe]
MmAllocateIndependentPagesEx=10934604
MmFreeIndependentPages=3343344
PiDDBLock=16295008
PiDDBCacheTable=16614544
MmSetPageProtection=4928624
[ci.dll]
g_KernelHashBucketList=893064
g_HashCacheLock=266144
i user kdmapper Df Debug
cmd log
[+] Loading Symbols From Try\Symbols\ntkrnlmp.pdb\5F5FBEEF5EF14631D29F30AE73B74AF71\ntkrnlmp.pdb
[+] Symbol MmAllocateIndependentPagesEx Offset: 10934604
[+] Symbol MmFreeIndependentPages Offset: 3343344
[+] Symbol PiDDBLock Offset: 16295008
[+] Symbol PiDDBCacheTable Offset: 16614544
[+] Symbol MmSetPageProtection Offset: 4928624
[+] Loading Symbols From Try\Symbols\ci.pdb\F0A425A638D400C6EFA25A210A73DF591\ci.pdb
[+] Symbol g_KernelHashBucketList Offset: 893064
[+] Symbol g_HashCacheLock Offset: 266144
[+] Loaded ntoskrnl.exe - MmAllocateIndependentPagesEx - 0xa6d94c
[+] Loaded ntoskrnl.exe - MmFreeIndependentPages - 0x3303f0
[+] Loaded ntoskrnl.exe - PiDDBLock - 0xf8a460
[+] Loaded ntoskrnl.exe - PiDDBCacheTable - 0xfd8490
[+] Loaded ntoskrnl.exe - MmSetPageProtection - 0x4b3470
[+] Loaded ci.dll - g_KernelHashBucketList - 0xda088
[+] Loaded ci.dll - g_HashCacheLock - 0x40fa0
[+] 7 Symbols Loaded
[+] Ptr_Entry 0xFFFF88827DFD1830
[+] Table Cleaned
[+] BucketList 0xFFFFF8026526A088
[+] CacheLock
[+] BucketList Cleaned
[+] Unloaded Cleaned
[+] WdFilterList Cleaned
[+] Callback example called
[OutChack] Unloading vulnerable
[Unlink] Vul
[+] success