LPE vulnerabilities exploitation on Windows 10 Anniversary Update
25.03.2017 Views
Share Embed Flag

LPE vulnerabilities exploitation on Windows 10 Anniversary Update

Win10LPE

Win10LPE

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
blu3gl0w13

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Arbitrary read/write via USER objects<br />

• It is possible to read/write different fields of menu items via WinAPI<br />

functi<strong>on</strong>s (GetMenuItemRect,GetMenuItemInfo/SetMenuItemInfo).<br />

• We can easily place tagWND before tagMENU in memory (because<br />

we can get addresses of both objects).<br />

• If tagWND.cbwndExtra was corrupted because of some vulnerability,<br />

we can read/write tagMENU.rgItems pointer via SetWindowL<strong>on</strong>gPtr.<br />

• When pointer to rgItems was replaced to some arbitrary address, we<br />

can read/write it via menu items API.

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!