Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get LSASS PID fails #15

Closed
S3cur3Th1sSh1t opened this issue Feb 19, 2022 · 3 comments
Closed

Get LSASS PID fails #15

S3cur3Th1sSh1t opened this issue Feb 19, 2022 · 3 comments

Comments

@S3cur3Th1sSh1t
Copy link

Hi,

I was trying out on multiple systems now, with an elevated prompt and/or a SYSTEM shell. The find_lsass function always returns
The LSASS process was not found. Try providing the PID with -p or --pid

Dumping with manually specifying the ID works fine for me.

I wonder what the problem is here, actually.

Some ideas?

Greetings
@S3cur3Th1sSh1t
Copy link
Author

Additional info: I was using the standalone binary and not the BOF via CS.

@S3cur3Th1sSh1t
Copy link
Author

S3cur3Th1sSh1t commented Feb 19, 2022
edited

Ok I fixed it now by myself by modifying

if (wcsstr(image->Buffer, L"\\windows\\system32\\lsass.exe"))

in util.c in the is_lsass function to

if (wcsstr(image->Buffer, L"lsass.exe"))

If that's a general bug you can solve it like that.

Greetings

@S4ntiagoP
Copy link
Collaborator

Hey there!
Thanks for reporting the issue.
Well very interesting, I imagined that would be the path for all Windows systems.
I will change the path to L"lsass.exe" so that it works everywhere.
Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@S3cur3Th1sSh1t @S4ntiagoP