PTEditor
PTEditor copied to clipboard
misc0110
could not open PTEditor device: \\.\PTEditorLink
I'm calling: ptedit_init(),and return non zero value
fragment golang code: // #include <pteedit_header.h> import "C" func main() { if C.ptedit_init() != 0 { panic("[-] Cannot init PTEdit.sys") } ... }
Did you load the driver? And did you start your application as administrator?
yes ,I'm running windows target under kernel debug
My actions:
target machine (debug):
<run powershell as admin>
>./PTEditorLoader.exe
[+] Found driver: path/to/driver/PTEdit.sys
[+] Load PTEditor driver
>
debugger machine:
ctrl+break in windbg
kd> lm m PTEdit.sys
3: kd> lm m PTEdit
Browse full module list
start end module name
Unable to enumerate user-mode unloaded modules, Win32 error 0n30
3: kd> lm m PTEdit.sys
Browse full module list
start end module name
Unloaded modules:
fffff800`0264e000 fffff800`02656000 PTEdit.sys
but my app:
./app.exe
[-]Error: Could not open PTEditor device: \\.\PTEditorLink
panic: [-] Cannot init PTEdit.sys
goroutine 1 [running]:
...
or this error:
PS C:\PTEditor-master\PTEditor-master\driver> .\PTEditorLoader.exe
[+] Found driver: C:\PTEditor-master\PTEditor-master\driver\PTEdit.sys
[+] Load PTEditor driver
[+] Creating service
[+] Service not running, try to open service
[+] Starting service
I'm trying cmd on powershell:
> Get-Service -Name "PTEditor"
Status Name DisplayName
------ ---- -----------
Stopped PTEditor PTEditor Driver
> Start-Service -Name "PTEditor"
Start-Service : Service 'PTEditor Driver (PTEditor)' cannot be started due to the following error: Cannot start
service PTEditor on computer '.'.
At line:1 char:1
+ Start-Service -Name "PTEditor"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand