new kmd: [win10x64_ntfs_20160803_10240]

ufrisk · Sep 14, 2016 · 7969492 · 7969492
1 parent 1fa5b38
commit 7969492
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/pcileech_files/pcileech_gensig.exe b/pcileech_files/pcileech_gensig.exe
diff --git a/pcileech_gensig/pcileech_gensig.c b/pcileech_gensig/pcileech_gensig.c
@@ -26,7 +26,7 @@ typedef struct tdSIGNATURE{
 	LPSTR szSignatureData;
 } SIGNATURE, *PSIGNATURE;
 
-#define NUMBER_OF_SIGNATURES	11
+#define NUMBER_OF_SIGNATURES	12
 
 const SIGNATURE SIGNATURES[NUMBER_OF_SIGNATURES] = {
 	{
@@ -119,6 +119,16 @@ const SIGNATURE SIGNATURES[NUMBER_OF_SIGNATURES] = {
 		.szHash2 = "04d501dae7a097b649edc0bb68dc02036e31ece8c30ee48ab24ac8fb3095fe46",
 		.szSignatureData = ",f6b70,DEFAULT_WINX64_STAGE1,53e38,DEFAULT_WINX64_STAGE2,0,DEFAULT_WINX64_STAGE3,0,0100038053000100240001800800038014000180760101000500000022000180"
 	},
+	{
+		.szSignatureInfoDisplay = "ntfs.sys signed on 2016-08-03 (Windows 10 x64) [10.0.10240.17071]",
+		.szFileName = "win10x64_ntfs_20160803_10240.kmd",
+		.szSignatureInfo = "# ntfs.sys signed on 2016-08-03 (MJ_CREATE) [10.0.10240.17071]",
+		.dwOffset1 = 0xc5000,
+		.dwOffset2 = 0x4d000,
+		.szHash1 = "c80d2ff8c58669a539ecc636103a73eb8c65a4568c81d6627a9b14f428d0207f",
+		.szHash2 = "bafe68ca0561d5137504c53360cdec01b8d522eade7e558b90231fdaf53a66a5",
+		.szSignatureData = ",c51e0,DEFAULT_WINX64_STAGE1,4de38,DEFAULT_WINX64_STAGE2,0,DEFAULT_WINX64_STAGE3,0,010003804d00010022000180080003801400018061010100050000001d00018001000000"
+	},
 	{
 		.szSignatureInfoDisplay = "ntfs.sys signed on 2016-08-20 (Windows 10 x64) [10.0.14393.103]",
 		.szFileName = "win10x64_ntfs_20160820_14393.kmd",