Win10 ver. 19042

Question

Win10 ver. 19042

aCoDenz opened this issue 4 years ago · 4 comments

Driver update for the said win10 version?

Answer 1 · 2021-06-26T05:42:11.000Z

else if (verInfo.dwBuildNumber == 19041)
{
pData->ver = WINVER_10_20H1;
// KP
pData->KExecOpt = 0x283;
// EP
pData->Protection = 0x87A;
pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset
pData->ObjTable = 0x570;
pData->VadRoot = 0x7D8;
// KT
pData->PrevMode = 0x232;
// ET
pData->ExitStatus = 0x548;
// SSDT
pData->NtCreateThdExIndex = 0xC1;
pData->NtTermThdIndex = 0x53;
pData->MiAllocPage = 0;
if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable)))
pData->ExRemoveTable -= 0x34;
break;
}
else if (verInfo.dwBuildNumber == 19042)
{
pData->ver = WINVER_10_20H2;
// KP
pData->KExecOpt = 0x283;
// EP
pData->Protection = 0x87A;
pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset
pData->ObjTable = 0x570;
pData->VadRoot = 0x7D8;
// KT
pData->PrevMode = 0x232;
// ET
pData->ExitStatus = 0x548;
// SSDT
pData->NtCreateThdExIndex = 0xC1;
pData->NtTermThdIndex = 0x53;
pData->MiAllocPage = 0;
if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable)))
pData->ExRemoveTable -= 0x34;
break;
}
else if (verInfo.dwBuildNumber == 19043)
{
pData->ver = WINVER_10_21H1;
// KP
pData->KExecOpt = 0x283;
// EP
pData->Protection = 0x87A;
pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset
pData->ObjTable = 0x570;
pData->VadRoot = 0x7D8;
// KT
pData->PrevMode = 0x232;
// ET
pData->ExitStatus = 0x548;
// SSDT
pData->NtCreateThdExIndex = 0xC1;
pData->NtTermThdIndex = 0x53;
pData->MiAllocPage = 0;
if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable)))
pData->ExRemoveTable -= 0x34;
break;
}

Answer 2 · 2021-09-25T14:11:09.000Z

else if (verInfo.dwBuildNumber == 19041)
{
pData->ver = WINVER_10_20H1;
// KP
pData->KExecOpt = 0x283;
// EP
pData->Protection = 0x87A;
pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset
pData->ObjTable = 0x570;
pData->VadRoot = 0x7D8;
// KT
pData->PrevMode = 0x232;
// ET
pData->ExitStatus = 0x548;
// SSDT
pData->NtCreateThdExIndex = 0xC1;
pData->NtTermThdIndex = 0x53;
pData->MiAllocPage = 0;
if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable)))
pData->ExRemoveTable -= 0x34;
break;
}
else if (verInfo.dwBuildNumber == 19042)
{
pData->ver = WINVER_10_20H2;
// KP
pData->KExecOpt = 0x283;
// EP
pData->Protection = 0x87A;
pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset
pData->ObjTable = 0x570;
pData->VadRoot = 0x7D8;
// KT
pData->PrevMode = 0x232;
// ET
pData->ExitStatus = 0x548;
// SSDT
pData->NtCreateThdExIndex = 0xC1;
pData->NtTermThdIndex = 0x53;
pData->MiAllocPage = 0;
if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable)))
pData->ExRemoveTable -= 0x34;
break;
}
else if (verInfo.dwBuildNumber == 19043)
{
pData->ver = WINVER_10_21H1;
// KP
pData->KExecOpt = 0x283;
// EP
pData->Protection = 0x87A;
pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset
pData->ObjTable = 0x570;
pData->VadRoot = 0x7D8;
// KT
pData->PrevMode = 0x232;
// ET
pData->ExitStatus = 0x548;
// SSDT
pData->NtCreateThdExIndex = 0xC1;
pData->NtTermThdIndex = 0x53;
pData->MiAllocPage = 0;
if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable)))
pData->ExRemoveTable -= 0x34;
break;
}

WINVER_10_21H1 = ？ thanks！

Answer 3 · 2021-11-17T12:40:15.000Z

@SunMJin could you explain how do i get these values please? I was told I have to use WinDbg, but what do I do after I open WinDbg? I'm using Windows 10.0.22000.194...

Answer 4 · 2021-11-17T14:03:02.000Z

else if (verInfo.dwBuildNumber == 19041) { pData->ver = WINVER_10_20H1; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; } else if (verInfo.dwBuildNumber == 19042) { pData->ver = WINVER_10_20H2; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; } else if (verInfo.dwBuildNumber == 19043) { pData->ver = WINVER_10_21H1; // KP pData->KExecOpt = 0x283; // EP pData->Protection = 0x87A; pData->EProcessFlags2 = 0x9D4; // MitigationFlags offset pData->ObjTable = 0x570; pData->VadRoot = 0x7D8; // KT pData->PrevMode = 0x232; // ET pData->ExitStatus = 0x548; // SSDT pData->NtCreateThdExIndex = 0xC1; pData->NtTermThdIndex = 0x53; pData->MiAllocPage = 0; if (NT_SUCCESS(BBScanSection("PAGE", (PCUCHAR)"\x48\x83\xC7\x18\x48\x8B\x17", 0xCC, 7, (PVOID)&pData->ExRemoveTable))) pData->ExRemoveTable -= 0x34; break; }

Are you kidding me? Don't post silly clips!