Created
May 7, 2015 08:10
-
-
Save hacksysteam/973afea5def4b1d59a21 to your computer and use it in GitHub Desktop.
Code Snippet for Use After Free Vulnerability in HackSys Extreme Vulnerable Driver
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NTSTATUS HackSysHandleIoctlCreateBuffer(IN PIRP pIrp, IN PIO_STACK_LOCATION pIoStackIrp) | |
{ | |
PUSE_AFTER_FREE pUseAfterFree = NULL; | |
SIZE_T inputBufferSize = 0; | |
NTSTATUS status = STATUS_UNSUCCESSFUL; | |
UNREFERENCED_PARAMETER(pIrp); | |
UNREFERENCED_PARAMETER(pIoStackIrp); | |
PAGED_CODE(); | |
status = CreateBuffer(); | |
return status; | |
} | |
NTSTATUS HackSysHandleIoctlUseBuffer(IN PIRP pIrp, IN PIO_STACK_LOCATION pIoStackIrp) | |
{ | |
PVOID pInputBuffer = NULL; | |
SIZE_T inputBufferSize = 0; | |
PUSE_AFTER_FREE pUseAfterFree = NULL; | |
NTSTATUS status = STATUS_UNSUCCESSFUL; | |
UNREFERENCED_PARAMETER(pIrp); | |
PAGED_CODE(); | |
pInputBuffer = pIoStackIrp->Parameters.DeviceIoControl.Type3InputBuffer; | |
inputBufferSize = sizeof(pUseAfterFree->buffer); | |
if (pInputBuffer) | |
status = UseBuffer(pInputBuffer, inputBufferSize); | |
return status; | |
} | |
NTSTATUS HackSysHandleIoctlFreeBuffer(IN PIRP pIrp, IN PIO_STACK_LOCATION pIoStackIrp) | |
{ | |
NTSTATUS status = STATUS_UNSUCCESSFUL; | |
UNREFERENCED_PARAMETER(pIrp); | |
UNREFERENCED_PARAMETER(pIoStackIrp); | |
PAGED_CODE(); | |
status = FreeBuffer(); | |
return status; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment