Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does win7 not support it? #1

Open
ghost opened this issue Jan 21, 2024 · 5 comments
Open

Does win7 not support it? #1

ghost opened this issue Jan 21, 2024 · 5 comments

Comments

@ghost
Copy link

ghost commented Jan 21, 2024

win10 runs normally
Win7 card loops
@senzee1984
Copy link
Owner

Hello @win-wava , thanks for letting me know. Is the win7 OS 32bit or 64bit? Could you provide the output of the program?

@ghost
Copy link
Author

ghost commented Jan 22, 2024

Before updating: RAX = 0x16

After updating: RAX = 0x16

Before updating: RAX = 0x16

After updating: RAX = 0x16

Before updating: RAX = 0x16

After updating: RAX = 0x16

......

Keep looping this

@ghost
Copy link
Author

ghost commented Jan 22, 2024

win7 64-bit

@senzee1984
Copy link
Owner

0x16 is NtQueryInformationProcess' SSN, it means the RAX was already replaced, but the hbp is not removed. Interesting, I will look into this.

@ghost
Copy link
Author

ghost commented Jan 22, 2024

OK. Thanks for your hard work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@senzee1984