Extended offset accepted range of _EPROCESS from 0x400 to 0x600.

UniqueProcessIdOffset is currently at 0x448 on the latest Windows update.
can1357 · Apr 24, 2022 · 4091c6b · 4091c6b
1 parent 06a6e45
commit 4091c6b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/MemoryController.h b/MemoryController.h
@@ -433,13 +433,13 @@ static MemoryController Mc_InitContext( CapcomContext** CpCtxReuse = 0, KernelCo
 				uint64_t Pid = k_PsGetProcessId( Controller.CurrentEProcess );
 
 				uint32_t PidOffset = *( uint32_t* ) ( ( PUCHAR ) k_PsGetProcessId + 3 );
-				if ( PidOffset < 0x400 && *( uint64_t* ) ( Controller.CurrentEProcess + PidOffset ) == Pid )
+				if ( PidOffset < 0x600 && *( uint64_t* ) ( Controller.CurrentEProcess + PidOffset ) == Pid )
 				{
 					Controller.UniqueProcessIdOffset = PidOffset;
 					Controller.ActiveProcessLinksOffset = Controller.UniqueProcessIdOffset + 0x8;
 				}
 
-				for ( int i = 0; i < 0x400; i += 0x8 )
+				for ( int i = 0; i < 0x600; i += 0x8 )
 				{
 					uint64_t* Ptr = (uint64_t*)(Controller.CurrentEProcess + i);
 					if ( !Controller.UniqueProcessIdOffset && Ptr[ 0 ] & 0xFFFFFFFF == Pid && ( Ptr[ 1 ] > 0xffff800000000000 ) && ( Ptr[ 2 ] > 0xffff800000000000 ) && ( ( Ptr[ 1 ] & 0xF ) == ( Ptr[ 2 ] & 0xF ) ) )