ufrisk/MemProcFS

VmmWinInit_TryInitialize_SystemUniqueTag possible bug?

Closed this issue · 1 comments

H->vmm.dwSystemUniqueId = *(PDWORD)pbSHA256;

Is this meant to be a PDWORD? It's an array of 32 bytes with the address of it being casted to a DWORD?

First 4 bytes of the SHA256 hash is assigned to the DWORD. It's only mean to be some quick check of an unique id to the system, it's mostly useful when using eleasticsearch to import multiple memory dumps. It's correct as-is.