Does not work with the current Windows 10 version of "mshtml.dll"

Question

Does not work with the current Windows 10 version of "mshtml.dll"

ccooper21 opened this issue 7 years ago · comments

Christopher Cooper commented 7 years ago

Current Windows 10 installations use mshtml.dll version 11.0.14393.953. The ROP gadget offset for this version is not the same as the default value (i.e. 0x006D55DD) used by Gargoyle. The correct offset for this version of mshtml.dll is 0x003CBD4D. Due to this discrepancy, the Gargoyle process just crashes when attempting to leverage the ROP gadget.

Josh Lospinoso · Answer 1 · Tue Mar 21 2017 06:57:49 GMT+0800 (China Standard Time)

Thanks @ccooper21.