Ratin Gao
Ratin Gao
Check call stack, I guess you hook `kernel32.dll!CreateProcessAsUserWStub` (addressing by something like `LoadLibrary("kernel32.dll")`+`GetProcAddress(..., "CreateProcessAsUserW")`) but program ran into another stub like `advapi32.dll!CreateProcessAsUserWStub`, for example: Program ran into `advapi32.dll!CreateProcessAsUserWStub`:  And...
> @jdu2600 This was on the latest version of Windows 7 x64 (SP1 with all updates), I think the ranges are different on Windows 7, and changed in Windows 8...
In Vista and Win7 (NT6.0 and NT6.1), ASLR can be turned off by registry: > HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, MoveImages (REG_DWORD) I think there's a chance this could be causing this...
> > In Win7, ASLR can be turned off by registry: > > > HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, MoveImages (REG_DWORD) > > > > > > I think there's a chance...
Seems you are attaching a remote debugger to VSCode, system will trigger such break point to let remote debugger break in.
Seems similar to #292 .
Thanks for your watching, I'm refactoring this library (base on phnt), WIP:  This is my current plan: 1. Split each big header to more (like ReactOS NDK) 2. Any...
> This may have been fixed with the recent ARM64EC related changes. Sadly, it seems not work. Here is my test result (using the latest main branch, commit 9764cebcb1a75940e68fa83d6730ffaf0f669401, VS2022):...