Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-02-2007, 08:03
elephant elephant is offline
Friend
 
Join Date: Feb 2005
Posts: 89
Rept. Given: 2
Rept. Rcvd 26 Times in 13 Posts
Thanks Given: 130
Thanks Rcvd at 107 Times in 37 Posts
elephant Reputation: 26
Talking Run Ring0 code in Vista 64bits

Yes, it is possible. Ruben Santamarta from ReverseMode.com has released an exploit (in form of a kartoffel plugin) to run code through a vulnerable signed driver in Speedfan (www.almico.com/speedfan.php).

Spanish readers can check this funny blog entry for further information: http://blog.48bits.com/?p=169

Attached to this post is Kartoffel and the exploit.

Cheers.


Vulnerable code in speedfan.sys

Code:
Code (asm)
                cmp     dword ptr [rdx+8], 8 ; Ouputbuffer size
                 jb      short loc_11171
                 cmp     dword ptr [rdx+10h],0Ch ;InputBuffer size
                 jb      short loc_11171
                 mov     r8d, [rsi+4]    ; inputBuffer[1]
                 mov     r9d, [rsi+8]    ; InputBuffer[2]
                 mov     rax, r8
                 shl     rax, 20h
                 or      rax, r9
                 mov     rdx, rax
                 shr     rdx, 20h
                 mov     ecx, [rsi]      ; inputBuffer[0]
                 wrmsr                     ; Chungo
Attached Files
File Type: zip speedfan_plugin_x64.zip (179.5 KB, 17 views)
File Type: rar setup64.rar (732.2 KB, 14 views)

Last edited by elephant; 10-03-2007 at 03:19.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I modify windbg is using ring0 on single pc? pfzhao General Discussion 8 03-10-2005 12:05
Debugging 64bits apps peleon General Discussion 5 12-04-2004 01:37


All times are GMT +8. The time now is 19:12.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )