About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Exploiting a "Simple" Vulnerability – Part 1.5 – The Info Leak- 397

Yarden ShafirPosted 5 Years Ago
  • In a previous blog post, the author found an vulnerability that led for the ability to compromise the kernel. While doing this research, they also found a bonus bug!
  • The bug stems from the usage of a union in older code between for the values ReplyHandle and RegIndex. When the ReplyHandle is used as an 8 byte kernel pointer, then the RegIndex is only uses the first half of the value.
  • This is because ReplayHandle is a kernel pointer and the RegIndex is a 4 byte ULONG. When the code was originally created on a 32-bit system, the pointer also would have been 4 bytes. When the move was made to 64-bit, the bug was created!
  • This article has a bunch of background information on WET on Windows too. But, I just wrote up the vulnerability above.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed