Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-10 17:31:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix lsass pid retrieval

Browse Source 
use MAXIMUM_ALLOWED instead of PROCESS_QUERY_INFORMATION
This commit is contained in:
nikaiw
2023-11-02 22:04:24 -05:00
committed by Maxime Meignan
parent 2cf0c0a54f
commit fa8f55ad83
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast/Utils/SyscallProcessUtils.c
+1 -1
View File
@@ -87,7 +87,7 @@ DWORD SandFindProcessPidByName(TCHAR* targetProcessName, DWORD* pPid) {
*pPid = 0; *pPid = 0;
while (*pPid == 0) { while (*pPid == 0) {
status = NtGetNextProcess(hProcess, PROCESS_QUERY_INFORMATION, 0, 0, &hProcess); status = NtGetNextProcess(hProcess, MAXIMUM_ALLOWED, 0, 0, &hProcess);
if (status == STATUS_NO_MORE_ENTRIES) { if (status == STATUS_NO_MORE_ENTRIES) {
_tprintf_or_not(TEXT("[-] The process '%s' was not found\n"), targetProcessName); _tprintf_or_not(TEXT("[-] The process '%s' was not found\n"), targetProcessName);