CHALLENGE: What's the shortest Windows command-line you know that causes an unhandled exception in a Windows process? The command should start and crash a new process or crash an existing process. The exception can by anything that's obviously unintended (AV, OOM, breakpoint).
-
Show this thread
-
"rundll32 adsldpc intcmp" => 23 bytes to a type confusion that causes an access violation. Scanner is still going through the list of dlls and exports to find a shorter one.
1 reply 1 retweet 8 likesShow this thread -
Batch script to enumerate dlls on a folder, `dumpbin` to enumerate exports in each dll, `BugId` to start "rundll32 <dll> <export>" => a plethora of different types of crashes.
2 replies 2 retweets 8 likesShow this thread -
rundll32 advapi32 ReportEventW => NULL pointer rundll32 apphelp SdbQueryName AAAAAAA... => buffer overflow rundll32 advapi32 CopySid AAAAAA... => out-of-bounds read rundll32 AppVIntegration Initialize => read after free rundll32 advapi32 RegCloseKey => invalid handle ...
2 replies 3 retweets 8 likesShow this thread -
Replying to @berendjanwever
so what would be the acceptable error handling behavior for you in that layer?
1 reply 0 retweets 0 likes
Error handling would be a fool's errand. rundll32's design is missing sanity checks that make sure both the DLL and the function were designed to work in Rundll32. e.g. a special marker in the DLL could be checked before loading it to prevent these crashes.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.