ERROR: UMD EXEC: Could not get IAT Info #8
Description
Hi.
After building everything in need. I try to insert rootkit to windows 10.But i get this error ERROR: UMD EXEC: Could not get IAT Info
After tring to figure out what's wrong using serial.It seems that the while loop in the 1243 line of function ProcessGetThunkInfoIAT in WinTools.c all goes to the continue and return False.How can i figure out what's wrong.Is there any way to debug this except printing infomation to serial.
== Initializing windows context struct ==
Cleaning up old Windows struct ...
Dynamic memory allocated before WinCtx init: 24
PML4: 0x1ad000 Kernel entrypoint: 0x7fbb1889bd0
Trying to find Ntos kernel ...
Kernel found!
NT kernel: 0x7fbb1800000
Parsing Windows kernel exports ...
Parsing export table for 64-bit module ...
Finished Export Table.. NameAmount 2916
Dynamically allocating table ...
Filling the export list ...
Export list successfully filled!
PsInitialSystemProcess: 0x7fbb128bc60
SystemProcess: 0x7ef144d6cfc0
NtVer: 1000
NtBuild 18363
== Windows offsets set! ==
== Finding target process ... ==
== Found and dumped process! Starting IAT Hooking ==
Getting process IAT Thunk ...
Allocating 196608 bytes of memory for the PE image ...
ERROR: UMD EXEC: Could not get IAT Info!
By the way. I didn't find the code of switching to the LONG mode like Longkit you mentioned in your blog. Just found some defination of asm code deal with CR3 and CR4 without call them. Could you give me some indication about that.