Pattern update for Chrome

Chrome pattern update for version 129.0.6668.59
Meckazin · Sep 18, 2024 · 9152004 · 9152004
1 parent 004d53d
commit 9152004
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 26 deletions.
diff --git a/CookieKatz-BOF/CookieKatzBOF.cpp b/CookieKatz-BOF/CookieKatzBOF.cpp
@@ -82,8 +82,8 @@ extern "C" {
             0x48, 0x31, 0xE0, 0x48, 0x89, 0x44, 0x24, 0x30, 0x48, 0x8D, 0x79, 0xAA, 0xAA, 0xAA, 0xAA, 0x28,
             0xE8, 0xAA, 0xAA, 0xAA, 0xF8, 0x48, 0x8B, 0x46, 0x20, 0x48, 0x8B, 0x4E, 0x28, 0x48, 0x8B, 0x96,
             0x50, 0x01, 0x00, 0x00, 0x4C, 0x8D, 0x44, 0x24, 0x28, 0x49, 0x89, 0x10, 0x48, 0xC7, 0x86, 0x50,
-            0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x89, 0xFA, 0xFF, 0x15, 0xAA, 0xAA, 0xAA, 0x05,
-            0x48, 0x8B, 0x4C, 0x24, 0x30, 0x48, 0x31, 0xE1, 0xE8, 0xAA, 0xAA, 0xAA, 0xFC, 0x90, 0x48, 0x83
+            0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x89, 0xFA, 0xFF, 0x15, 0xAA, 0xAA, 0xAA, 0xAA,
+            0x48, 0x8B, 0x4C, 0x24, 0x30, 0x48, 0x31, 0xE1, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
         };
 
         BYTE edgePattern[] = {

diff --git a/CookieKatz/Main.cpp b/CookieKatz/Main.cpp
@@ -120,15 +120,15 @@ int main(int argc, char* argv[]) {
         processName = L"chrome.exe";
         dllName = L"chrome.dll";
         pattern = new BYTE[144]{
-            0x56, 0x57, 0x48, 0x83, 0xEC, 0x28, 0x89, 0xD7, 0x48, 0x89, 0xCE, 0xE8, 0xAA, 0xAA, 0xFF, 0xFF,
+            0x56, 0x57, 0x48, 0x83, 0xEC, 0x28, 0x89, 0xD7, 0x48, 0x89, 0xCE, 0xE8, 0xAA, 0xAA, 0xFF, 0xFF, 
             0x85, 0xFF, 0x74, 0x08, 0x48, 0x89, 0xF1, 0xE8, 0xAA, 0xAA, 0xAA, 0xAA, 0x48, 0x89, 0xF0, 0x48, 
             0x83, 0xC4, 0x28, 0x5F, 0x5E, 0xC3, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 
             0x56, 0x57, 0x48, 0x83, 0xEC, 0xAA, 0x48, 0x89, 0xAA, 0x48, 0x8B, 0x05, 0xAA, 0xAA, 0xAA, 0xAA, 
             0x48, 0x31, 0xE0, 0x48, 0x89, 0x44, 0x24, 0x30, 0x48, 0x8D, 0x79, 0xAA, 0xAA, 0xAA, 0xAA, 0x28, 
             0xE8, 0xAA, 0xAA, 0xAA, 0xF8, 0x48, 0x8B, 0x46, 0x20, 0x48, 0x8B, 0x4E, 0x28, 0x48, 0x8B, 0x96, 
             0x50, 0x01, 0x00, 0x00, 0x4C, 0x8D, 0x44, 0x24, 0x28, 0x49, 0x89, 0x10, 0x48, 0xC7, 0x86, 0x50, 
-            0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x89, 0xFA, 0xFF, 0x15, 0xAA, 0xAA, 0xAA, 0x05, 
-            0x48, 0x8B, 0x4C, 0x24, 0x30, 0x48, 0x31, 0xE1, 0xE8, 0xAA, 0xAA, 0xAA, 0xFC, 0x90, 0x48, 0x83
+            0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x89, 0xFA, 0xFF, 0x15, 0xAA, 0xAA, 0xAA, 0xAA, 
+            0x48, 0x8B, 0x4C, 0x24, 0x30, 0x48, 0x31, 0xE1, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
         };
         break;
     case Msedge:

diff --git a/CookieKatzMinidump/Main.cpp b/CookieKatzMinidump/Main.cpp
@@ -74,8 +74,8 @@ int main(int argc, char* argv[]) {
 				0x48, 0x31, 0xE0, 0x48, 0x89, 0x44, 0x24, 0x30, 0x48, 0x8D, 0x79, 0xAA, 0xAA, 0xAA, 0xAA, 0x28,
 				0xE8, 0xAA, 0xAA, 0xAA, 0xF8, 0x48, 0x8B, 0x46, 0x20, 0x48, 0x8B, 0x4E, 0x28, 0x48, 0x8B, 0x96,
 				0x50, 0x01, 0x00, 0x00, 0x4C, 0x8D, 0x44, 0x24, 0x28, 0x49, 0x89, 0x10, 0x48, 0xC7, 0x86, 0x50,
-				0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x89, 0xFA, 0xFF, 0x15, 0xAA, 0xAA, 0xAA, 0x05,
-				0x48, 0x8B, 0x4C, 0x24, 0x30, 0x48, 0x31, 0xE1, 0xE8, 0xAA, 0xAA, 0xAA, 0xFC, 0x90, 0x48, 0x83
+				0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x89, 0xFA, 0xFF, 0x15, 0xAA, 0xAA, 0xAA, 0xAA,
+				0x48, 0x8B, 0x4C, 0x24, 0x30, 0x48, 0x31, 0xE1, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
 			};
 			found = true;
 			break;

diff --git a/CredentialKatz-BOF/CredentialKatzBOF.cpp b/CredentialKatz-BOF/CredentialKatzBOF.cpp
@@ -76,15 +76,15 @@ extern "C" {
         chromePid = (DWORD)BeaconDataInt(&parser);
 
         BYTE chromePattern[] = {
-            0x56, 0x57, 0x48, 0x83, 0xEC, 0x28, 0x89, 0xD7, 0x48, 0x89, 0xCE, 0xE8, 0xAA, 0xAA, 0xAA, 0xAA, 
-            0x85, 0xFF, 0x74, 0x08, 0x48, 0x89, 0xF1, 0xE8, 0xAA, 0xAA, 0xAA, 0xAA, 0x48, 0x89, 0xF0, 0x48, 
-            0x83, 0xC4, 0x28, 0x5F, 0x5E, 0xC3, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 
-            0x56, 0x57, 0x53, 0x48, 0x83, 0xEC, 0x20, 0x48, 0x89, 0xD7, 0x48, 0x89, 0xCE, 0x48, 0xBB, 0x00, 
-            0x00, 0x00, 0x00, 0xFC, 0xFF, 0xFF, 0xFF, 0x48, 0xAA, 0xD0, 0x48, 0x21, 0xD8, 0x48, 0x3B, 0x05, 
-            0xAA, 0xAA, 0xAA, 0x0B, 0x75, 0x08, 0x48, 0x89, 0xAA, 0xE8, 0xAA, 0xAA, 0xAA, 0xFD, 0x48, 0x8B, 
-            0x4E, 0x18, 0x48, 0x21, 0xCB, 0x48, 0x3B, 0x1D, 0xAA, 0xAA, 0xAA, 0x0B, 0x74, 0x20, 0x48, 0x89, 
-            0x7E, 0x18, 0xB9, 0xA0, 0x00, 0x00, 0x00, 0x48, 0x03, 0x4E, 0x10, 0x48, 0x83, 0xC6, 0x08, 0x48, 
-            0x89, 0xF2, 0x48, 0x83, 0xAA, 0x20, 0x5B, 0x5F, 0x5E, 0xE9, 0xAA, 0xAA, 0x4D, 0xFE, 0xE8, 0xAA
+            0x56, 0x57, 0x48, 0x83, 0xEC, 0x28, 0x89, 0xD7, 0x48, 0x89, 0xCE, 0xE8, 0xAA, 0xAA, 0xAA, 0xAA,
+            0x85, 0xFF, 0x74, 0x08, 0x48, 0x89, 0xF1, 0xE8, 0xAA, 0xAA, 0xAA, 0xAA, 0x48, 0x89, 0xF0, 0x48,
+            0x83, 0xC4, 0x28, 0x5F, 0x5E, 0xC3, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
+            0x56, 0x57, 0x53, 0x48, 0x83, 0xEC, 0x20, 0x48, 0x89, 0xD7, 0x48, 0x89, 0xCE, 0x48, 0xBB, 0x00,
+            0x00, 0x00, 0x00, 0xFC, 0xFF, 0xFF, 0xFF, 0x48, 0xAA, 0xD0, 0x48, 0x21, 0xD8, 0x48, 0x3B, 0x05,
+            0xAA, 0xAA, 0xAA, 0x0B, 0x75, 0x08, 0x48, 0x89, 0xAA, 0xE8, 0xAA, 0xAA, 0xAA, 0xFD, 0x48, 0x8B,
+            0x4E, 0x18, 0x48, 0x21, 0xCB, 0x48, 0x3B, 0x1D, 0xAA, 0xAA, 0xAA, 0x0B, 0x74, 0x20, 0x48, 0x89,
+            0x7E, 0x18, 0xB9, 0xA0, 0x00, 0x00, 0x00, 0x48, 0x03, 0x4E, 0x10, 0x48, 0x83, 0xC6, 0x08, 0x48,
+            0x89, 0xF2, 0x48, 0x83, 0xAA, 0x20, 0x5B, 0x5F, 0x5E, 0xE9, 0xAA, 0xAA, 0xAA, 0xFE, 0xE8, 0xAA
         };
 
         BYTE edgePattern[] = {

diff --git a/CredentialKatz/Main.cpp b/CredentialKatz/Main.cpp
@@ -103,7 +103,7 @@ int main(int argc, char* argv[]) {
                 0xAA, 0xAA, 0xAA, 0x0B, 0x75, 0x08, 0x48, 0x89, 0xAA, 0xE8, 0xAA, 0xAA, 0xAA, 0xFD, 0x48, 0x8B, 
                 0x4E, 0x18, 0x48, 0x21, 0xCB, 0x48, 0x3B, 0x1D, 0xAA, 0xAA, 0xAA, 0x0B, 0x74, 0x20, 0x48, 0x89, 
                 0x7E, 0x18, 0xB9, 0xA0, 0x00, 0x00, 0x00, 0x48, 0x03, 0x4E, 0x10, 0x48, 0x83, 0xC6, 0x08, 0x48, 
-                0x89, 0xF2, 0x48, 0x83, 0xAA, 0x20, 0x5B, 0x5F, 0x5E, 0xE9, 0xAA, 0xAA, 0x4D, 0xFE, 0xE8, 0xAA
+                0x89, 0xF2, 0x48, 0x83, 0xAA, 0x20, 0x5B, 0x5F, 0x5E, 0xE9, 0xAA, 0xAA, 0xAA, 0xFE, 0xE8, 0xAA
             };
             break;
         case Msedge:

diff --git a/CredentialKatzMinidump/Main.cpp b/CredentialKatzMinidump/Main.cpp
@@ -66,15 +66,15 @@ int main(int argc, char* argv[]) {
 			printf("[*] Using Chrome configuration\n\n");
 			dllName = "chrome.dll";
 			pattern = new BYTE[144]{
-				0x56, 0x57, 0x48, 0x83, 0xEC, 0x28, 0x89, 0xD7, 0x48, 0x89, 0xCE, 0xE8, 0xAA, 0xAA, 0xAA, 0xAA, 
-				0x85, 0xFF, 0x74, 0x08, 0x48, 0x89, 0xF1, 0xE8, 0xAA, 0xAA, 0xAA, 0xAA, 0x48, 0x89, 0xF0, 0x48, 
-				0x83, 0xC4, 0x28, 0x5F, 0x5E, 0xC3, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 
-				0x56, 0x57, 0x53, 0x48, 0x83, 0xEC, 0x20, 0x48, 0x89, 0xD7, 0x48, 0x89, 0xCE, 0x48, 0xBB, 0x00, 
-				0x00, 0x00, 0x00, 0xFC, 0xFF, 0xFF, 0xFF, 0x48, 0xAA, 0xD0, 0x48, 0x21, 0xD8, 0x48, 0x3B, 0x05, 
-				0xAA, 0xAA, 0xAA, 0x0B, 0x75, 0x08, 0x48, 0x89, 0xAA, 0xE8, 0xAA, 0xAA, 0xAA, 0xFD, 0x48, 0x8B, 
-				0x4E, 0x18, 0x48, 0x21, 0xCB, 0x48, 0x3B, 0x1D, 0xAA, 0xAA, 0xAA, 0x0B, 0x74, 0x20, 0x48, 0x89, 
-				0x7E, 0x18, 0xB9, 0xA0, 0x00, 0x00, 0x00, 0x48, 0x03, 0x4E, 0x10, 0x48, 0x83, 0xC6, 0x08, 0x48, 
-				0x89, 0xF2, 0x48, 0x83, 0xAA, 0x20, 0x5B, 0x5F, 0x5E, 0xE9, 0xAA, 0xAA, 0x4D, 0xFE, 0xE8, 0xAA
+				0x56, 0x57, 0x48, 0x83, 0xEC, 0x28, 0x89, 0xD7, 0x48, 0x89, 0xCE, 0xE8, 0xAA, 0xAA, 0xAA, 0xAA,
+				0x85, 0xFF, 0x74, 0x08, 0x48, 0x89, 0xF1, 0xE8, 0xAA, 0xAA, 0xAA, 0xAA, 0x48, 0x89, 0xF0, 0x48,
+				0x83, 0xC4, 0x28, 0x5F, 0x5E, 0xC3, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
+				0x56, 0x57, 0x53, 0x48, 0x83, 0xEC, 0x20, 0x48, 0x89, 0xD7, 0x48, 0x89, 0xCE, 0x48, 0xBB, 0x00,
+				0x00, 0x00, 0x00, 0xFC, 0xFF, 0xFF, 0xFF, 0x48, 0xAA, 0xD0, 0x48, 0x21, 0xD8, 0x48, 0x3B, 0x05,
+				0xAA, 0xAA, 0xAA, 0x0B, 0x75, 0x08, 0x48, 0x89, 0xAA, 0xE8, 0xAA, 0xAA, 0xAA, 0xFD, 0x48, 0x8B,
+				0x4E, 0x18, 0x48, 0x21, 0xCB, 0x48, 0x3B, 0x1D, 0xAA, 0xAA, 0xAA, 0x0B, 0x74, 0x20, 0x48, 0x89,
+				0x7E, 0x18, 0xB9, 0xA0, 0x00, 0x00, 0x00, 0x48, 0x03, 0x4E, 0x10, 0x48, 0x83, 0xC6, 0x08, 0x48,
+				0x89, 0xF2, 0x48, 0x83, 0xAA, 0x20, 0x5B, 0x5F, 0x5E, 0xE9, 0xAA, 0xAA, 0xAA, 0xFE, 0xE8, 0xAA
 			};
 			found = true;
 			break;