搜索

[10071] 2016-05-06_Windows内核漏洞CVE-2016-0143分析

文档创建者:s7ckTeam
浏览次数:41
最后更新:2025-01-18
2016-05-06_Windows内核漏洞CVE-2016-0143分析 W i n d o w s C V E - 2 0 1 6 - 0 1 4 3   F r e e B u f   2 0 1 6 - 0 5 - 0 6 0 x 0 0   4 2 0 N i l s   S o m m e r e x p l o i t d b W i n d o w s P o C W i n d o w s 4   0 x 0 1   N i l s S o m m e r N U L L   P o i n t e r d e r e f e r e n c e U A F N U L L   P o i n t e r d e r e f e r e n c e I n   x x x R e a l D r a w M e n u I t e m w i n 3 2 k ! x x x R e a l D r a w M e n u I t e m w i n d b g   I D A A :   c r a s h e a x [ e b p + a r g _ 8 ] e b x c r a s h e a x P o C r . b o t t o m r . t o p w i n 3 2 k ! x x x D r a w M e n u B a r T e m p e a x =   r . b o t t o m - r . t o p - 1 ; [ e b p + a r g _ 8 ] P o C i n f o . b m i H e a d e r . b i S i z e ; P o C i m u l   e a x , [ e b p + a r g _ 8 ] c r a s h e c x [ e b p + v a r _ 2 8 ] 1 [ e b p + v a r _ 2 8 ] D I B O b j e c t w i n 3 2 k ! S U R F M E M : : b C r e a t e D I B D I B O b j e c t I n   S U R F M E M : : b C r e a t e D I B
S U R F M E M : : b C r e a t e D I B x x x D r a w M e n u B a r T e m p à   G r e C r e a t e D I B i t m a p R e a l à S U R F M E M : : b C r e a t e D I B   S U R F M E M : : b C r e a t e D I B B : e a x x x x R e a l D r a w M e n u I t e m e d i [ e b p + a r g _ 0 ] P o C i n f o . b m i H e a d e r . b i S i z e * 4 P o C 0 x 7 f f f f f 6 9 0 x 2 7 4 e d x ! = 0 U L o n g L o n g A d d [ e b p + A l l o c a t i o n S i z e + 4 ] = e d x = 1 3 9 h ! = 0 便 D I B O b j e c t G r e C r e a t e D I B i t m a p R e a l 0   ( + 0 x 1 5 4 ) 7 F F F F F F F h ,   S U R F M E M : : b C r e a t e D I B ( + 0 x 1 5 4 ) D I B O b j e c t I D A A l l o c a t e O b j e c t G r e C r e a t e D I B i t m a p R e a l x x x R e a l D r a w M e n u I t e m   [ e b p + v a r _ 2 8 ] 0 x 0 2   x x x R e a l D r a w M e n u I t e m I D A
x x x R e a l D r a w M e n u I t e m G r e C r e a t e D I B i t m a p R e a l : 0 D I B O b j e c t D I B O b j e c t A 0 x 0 3   c r a s h e c x i m u l   e a x , [ e b p + a r g _ 8 ] D I B O b j e c t I D A e d x e c x e c x e d x w i n 8 m o v [ H a l D i s p a t c h T a b l e + 4 ] , s h e l l c o d e A d d r e s s 0 x 0 4  
r . b o t t o m r . t o p i n f o . b m i H e a d e r . b i W i d t h P o C r . b o t t o m r . t o p i n f o . b m i H e a d e r . b i W i d t h c r a s h 1 . B D I B O b j e c t 2 . A c r a s h B A B 1 .   B   <   0 x 7 F F F F F F F A l l o c a t e O b j e c t 2 . B   >   0 x 7 F F F F F F F A l l o c a t e O b j e c t 3 . B A l l o c a t e O b j e c t A 1 . 2 . s f 1 A B c r a s h P o C c r a s h 1 B 1 + A 1 c r a s h 2 B 3 + A 2 : *   F r e e B u f F r e e B u f . C O M

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理