Code Monkey home page Code Monkey logo

Comments (6)

seeker25 avatar seeker25 commented on July 24, 2024

1809,

The processes are showing

xxx:~/Code/vmread/build$ sudo ./example
Using Mode: MODE_EXTERNAL
PML4: 1aa000 | KernelEntry: fffff806348915b0
Kernel Base: fffff80633e0a000 (1e0a000)
PsInitialSystemProcess: fffff8063434d2e0 (234d2e0)
System (PID 4): ffffb9059ea6d040 (17b46d040)
NT Version: 1000
Process List:
0004 System
0138 smss.exe
0194 csrss.exe
01dc wininit.exe
01ec csrss.exe
023c winlogon.exe
0250 services.exe
026c lsass.exe
02d4 svchost.exe
02dc fontdrvhost.ex
02e4 fontdrvhost.ex
0328 svchost.exe
0354 svchost.exe
0384 svchost.exe
03dc LogonUI.exe
03e4 dwm.exe
0168 svchost.exe
0164 svchost.exe
01a8 svchost.exe
0198 svchost.exe
0404 svchost.exe
046c svchost.exe
0478 svchost.exe
04a0 svchost.exe
04d4 svchost.exe
0500 svchost.exe
0508 svchost.exe
0514 svchost.exe
0598 svchost.exe
05b8 svchost.exe
0608 svchost.exe
063c svchost.exe
0658 svchost.exe
0660 svchost.exe
0670 svchost.exe
06e8 svchost.exe
070c svchost.exe
0718 svchost.exe
0768 svchost.exe
07b8 svchost.exe
07c0 svchost.exe
07cc svchost.exe
0678 svchost.exe
0780 svchost.exe
0824 spoolsv.exe
0858 svchost.exe
0878 svchost.exe
0968 svchost.exe
0970 svchost.exe
097c svchost.exe
0994 svchost.exe
09e4 svchost.exe
09f0 svchost.exe
0a04 svchost.exe
0a14 MsMpEng.exe
0a24 svchost.exe
0a54 svchost.exe
0ab0 svchost.exe
0af4 svchost.exe

But inject still just crashes the VM.

from vmread.

seeker25 avatar seeker25 commented on July 24, 2024

Tried upgrading CEMU to a higher version. Inject still crashes.

from vmread.

h33p avatar h33p commented on July 24, 2024

This is a valid issue and should not have been closed. Version 1903 must have had its internal structures updated, thus an offset update is required. It has to be backwards compatible with the previous versions, thus version checking has to be implemented. That is available through ntBuild variable in WinCtx. However, it appears that this variable is never assigned a value. So, a function has to be implemented for that as well.

from vmread.

CplNathan avatar CplNathan commented on July 24, 2024

I have proposed a change in my pull request here #6

I have updated the offsets for Windows 10 1903 and added manual version selection via user input from the terminal.

from vmread.

seeker25 avatar seeker25 commented on July 24, 2024

Thanks I appreciate it. As a workaround I'm just using 1809 for now.

from vmread.

h33p avatar h33p commented on July 24, 2024

Should be fixed in 2cb22df

from vmread.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.