Firstly, I've come to notice the use of W32UserProbeAddress in w32k. Is this the 'new' MmUserProbeAddress and if so, I'm assuming the same methods apply for bypassing checks with this global ptr ?
-
-
See the beginning of the http://j00ru.vexillium.org/?p=3101 post and slide 137 of http://j00ru.vexillium.org/slides/2015/recon.pdf … for some past mentions of this behavior.
-
Ahh okay so it 'safely' handles the exception. From your knowledge are there any published exploits that use W32/mmUserProbeAdress overwrite
-
I don't know any from the top of my head but a quick Google search indicates there are a few, e.g. https://github.com/offensive-security/exploit-database/blob/master/platforms/windows/local/28764.c ….
-
Yeah I had a look through that actually! Unfortunately the situation I'm in requires a slightly different approach :/
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.