-
Notifications
You must be signed in to change notification settings - Fork 174
/
Copy pathconfig.ini
50 lines (50 loc) · 1.05 KB
/
config.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
[States]
bDelayExecution=0
[Addresses]
RPMAddressHigh=0x1
RPMAddressLow=0x58A60000
RPMAddress=0x0
WPMAddressHigh=0x00000000
WPMAddressLow=0x58A60000
WPMAddress=0x0
ntRVMAddressHigh=0x00000000
ntRVMAddressLow=0x58A60000
ntRVMAddress=0x0
ntWVMAddressHigh=0x00000000
ntWVMAddressLow=0x58A60000
ntWVMAddress=0x0
ZwRVMAddressHigh=0x00000000
ZwRVMAddressLow=0x58A60000
ZwRVMAddress=0x0
ZwWVMAddressHigh=0x00000000
ZwWVMAddressLow=0x58A60000
ZwWVMAddress=0x0
startAddressPhyHigh=0x00000000
startAddressPhyLow=0x58A60000
startAddressPhy=0x0
[Handles]
requestHandleNP=0x15FC
requestHandleFM=0x15FC
requestHandleDrv=0x15FC
[Buffers]
#SIZE MUST BE SIZE+1
RPMBuffer=TTTT1
RPMBufferSize=0x6
WPMBuffer=TTTT2
WPMBufferSize=0x6
ntRVMBuffer=TTTT4
ntRVMBufferSize=0x6
ntWVMBuffer=TTTT5
ntWVMBufferSize=0x6
ZwRVMBuffer=TTTT6
ZwRVMBufferSize=0x6
ZwWVMBuffer=TTTT7
ZwWVMBufferSize=0x6
[Strings]
targetProc=BD64.exe
privotProc=lsass.exe
#Edit in DLL if you changed it here
namedPipeName=\\.\\pipe\\driverbypass
#Edit in DLL if you changed it here
fileMapName=Global\StealthHijacking
driverName=\\.\GIO