Firstly, I've come to notice the use of W32UserProbeAddress in w32k. Is this the 'new' MmUserProbeAddress and if so, I'm assuming the same methods apply for bypassing checks with this global ptr ?
Depends on the bug, but many double fetches are exploitable. For some examples, see sections 5.1 and 5.2 in http://vexillium.org/dl.php?bochspwn.pdf ….
-
-
Wow I didn't even come across this. Awesome stuff. Thanks :)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.