Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Run Ring0 code in Vista 64bits (https://forum.exetools.com/showthread.php?t=11186)

elephant 10-02-2007 08:03

Run Ring0 code in Vista 64bits
2 Attachment(s)
Yes, it is possible. Ruben Santamarta from ReverseMode.com has released an exploit (in form of a kartoffel plugin) to run code through a vulnerable signed driver in Speedfan (www.almico.com/speedfan.php).

Spanish readers can check this funny blog entry for further information: http://blog.48bits.com/?p=169

Attached to this post is Kartoffel and the exploit.


Vulnerable code in speedfan.sys


Code (asm)
                cmp    dword ptr [rdx+8], 8 ; Ouputbuffer size
                jb      short loc_11171
                cmp    dword ptr [rdx+10h],0Ch ;InputBuffer size
                jb      short loc_11171
                mov    r8d, [rsi+4]    ; inputBuffer[1]
                mov    r9d, [rsi+8]    ; InputBuffer[2]
                mov    rax, r8
                shl    rax, 20h
                or      rax, r9
                mov    rdx, rax
                shr    rdx, 20h
                mov    ecx, [rsi]      ; inputBuffer[0]
                wrmsr                    ; Chungo

All times are GMT +8. The time now is 23:58.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2022, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX