From f34fe20ca8150f5b3ad5a0a69999f96b7260a84c Mon Sep 17 00:00:00 2001 From: wqqz Date: Tue, 16 Dec 2025 00:08:02 -0300 Subject: [PATCH 1/2] fix: Windows 11 25H2 26200.7462 ntokrnl.exe offsets --- driver/src/offsets.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/driver/src/offsets.rs b/driver/src/offsets.rs index c94e66c..9b27035 100644 --- a/driver/src/offsets.rs +++ b/driver/src/offsets.rs @@ -108,6 +108,14 @@ pub fn initialize_nt_offsets() -> anyhow::Result<()> { 0x01, 0x05, ), + + /* Win 11 25H2 26200.7462 */ + Signature::offset( + obfstr!("_EPROCESS.ThreadListHead (26200.7462)"), + obfstr!("4C 8D B1 ? ? ? ? 48 8B F2"), + 0x03, + ), + /* Windows 10 19045.4046 */ Signature::relative_address( obfstr!("PsGetNextProcess (19045.4046)"), From 6eed328b855ae0c89c7ef7c6ec8875f92e4424f1 Mon Sep 17 00:00:00 2001 From: wqqz Date: Tue, 16 Dec 2025 00:10:03 -0300 Subject: [PATCH 2/2] fix: Completed incompleted instructions --- README.MD | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.MD b/README.MD index 48e7c33..5229da1 100644 --- a/README.MD +++ b/README.MD @@ -8,6 +8,7 @@ This is the implementation for the Valthrun driver protocol as a kernel driver. - Visual Studio 2022 - Windows Kernel Development Kit +- LLVM Compiler Infrastructure - Cargo Make (`cargo install --force cargo-make`) ### Build the driver @@ -17,7 +18,8 @@ This is the implementation for the Valthrun driver protocol as a kernel driver. cd driver-standalone # Create a release build. -# The result will be located at "../target/x86_64-pc-windows-msvc/release/valthrun-driver.sys" +# The result will be located at "../target/x86_64-pc-windows-msvc/release/valthrun-driver.dll" cargo b -r +# Now we Strip the driver to get valthrun-driver.sys via Strip-Driver.ps1 linking input to espected realese build "../target/x86_64-pc-windows-msvc/release/valthrun-driver.dll". ```