Hi,

I was trying out on multiple systems now, with an elevated prompt and/or a SYSTEM shell. The find_lsass function always returns
The LSASS process was not found. Try providing the PID with -p or --pid

Dumping with manually specifying the ID works fine for me.

I wonder what the problem is here, actually.

Some ideas?

Greetings

Additional info: I was using the standalone binary and not the BOF via CS.

Ok I fixed it now by myself by modifying

if (wcsstr(image->Buffer, L"\\windows\\system32\\lsass.exe"))

in util.c in the is_lsass function to

if (wcsstr(image->Buffer, L"lsass.exe"))

If that's a general bug you can solve it like that.

Greetings

Hey there!
Thanks for reporting the issue.
Well very interesting, I imagined that would be the path for all Windows systems.
I will change the path to L"lsass.exe" so that it works everywhere.
Thanks again!