ATTACKING WINDOWS BY WINDOWS
eu-16-Liang-Attacking-Windows-By-Windows
eu-16-Liang-Attacking-Windows-By-Windows
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Steal SYSTEM Token<br />
My Window (tagWND)<br />
pti (tagTHREADINFO)<br />
My Thread(_KTHREAD)<br />
My Proc(_EPROCESS)<br />
+0x000 head<br />
+0x000 pEThread<br />
……………………<br />
…………………<br />
+0x010 pti<br />
+0x058 spwndParent<br />
…………………… +0x220 Process<br />
……………………<br />
+0x358 Token<br />
…………………<br />
steal<br />
Desktop Window (tagWND)<br />
pti (tagTHREADINFO)<br />
Csrss.exe Thread<br />
Csrss.exe(SYSTEM)<br />
+0x000 head<br />
+0x000 pEThread<br />
…………………<br />
………………<br />
+0x010 pti<br />
+0x058 spwndParent<br />
…………………… +0x220 Process<br />
…………………<br />
+0x358 Token<br />
………………