Leaking Windows Kernel Pointers

More documents

Recommendations

Info

CVE-2015-0094 – The vulnerability 22 Copyright 2016 Trend Micro Inc.
CVE-2015-0094 – The plan Create a Window Hijack the WM_NCCALCSIZE handler Replace the pointer in the TIB to our own function table Modify user32!apfnDispatch within our process Hotpatch the WM_NCCALCSIZE handler in user32 Have the handler save the value of input_buffer[0x44] 23 Copyright 2016 Trend Micro Inc.
Page 1 and 2: Leaking Windows Kernel Pointers WAN
Page 3 and 4: What am I talking about? Kernel poi
Page 5 and 6: Userland Callbacks 5 Copyright 2016
Page 7 and 8: Userland Callbacks - How do they wo
Page 9 and 10: Userland Callbacks - How do they wo
Page 11 and 12: Window Objects and Messages 11 Copy
Page 13 and 14: CVE-2015-0094 13 Copyright 2016 Tre
Page 15 and 16: CVE-2015-0094 - The vulnerability W
Page 17 and 18: CVE-2015-0094 - The vulnerability W
Page 19 and 20: CVE-2015-0094 - The vulnerability 1
Page 21: CVE-2015-0094 - The vulnerability 2
Page 25 and 26: CVE-2015-0094 - The PoC 25 Copyrigh
Page 29 and 30: CVE-2015-0094 - The Patch 29 Copyri
Page 31 and 32: CVE-2015-1680 - The vulnerability N
Page 33 and 34: CVE-2015-1680 - The vulnerability N
Page 35 and 36: CVE-2015-1680 - The vulnerability 3
Page 37 and 38: CVE-2015-1680 - The plan Force an e
Page 41: Questions? 41 Copyright 2016 Trend

Leaking Windows Kernel Pointers

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?