Support for Win11_23H2 and Win11_24H2

[puRe1337]

Patterns are from 10th October 2024.
Tested on both versions 23H2 (22631.4249) and 24H2 (26000.2033).

Kind regards
Dominik

[wh0se-max]

Doesn't seems to be working on TLS/VEH .dlls, it does map but the entry is not init.
You can reproduce that by using VMProtect

[puRe1337]

Doesn't seems to be working on TLS/VEH .dlls, it does map but the entry is not init. You can reproduce that by using VMProtect

Works fine for me using a VMProtected dll. Maybe you can compile Blackbone without BLACKBONE_NO_TRACE and attach a debugger to your process to watch the Debug Messages.

[wh0se-max]

Doesn't seems to be working on TLS/VEH .dlls, it does map but the entry is not init. You can reproduce that by using VMProtect

Works fine for me using a VMProtected dll. Maybe you can compile Blackbone without BLACKBONE_NO_TRACE and attach a debugger to your process to watch the Debug Messages.

According to your screenshot you are mapping with 0x5044, that would result in NoExceptions, NoTLS, WipeHeader, RebaseProcess, does that work with VMProtect memory & import protection? From what I am aware, these along with the VM would use TLS and VEH

[puRe1337]

Still works fine using blackbone::eLoadFlags::NoFlags for me.

What exactly are you doing? x86 or x64? Runnings the Samples works fine for me using x86. When I have time, I'll look up the problem with x64. There might be a problem.
I think _RTL_INVERTED_FUNCTION_TABLE might have changed.
Patterns should be correct. It would be nice if someone could confirm this.

[Heitzz]

I confirm the issue with x64.
Windows 11 24H2, build 26100.1

PatternData: LdrpInvertedFunctionTable64 not found
Both patterns for this function are not found on Win 23H2 and 24H2