hfiref0x
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PoRegisterCoalescingCallback | |
| PAGE | |
| 9200 - 15063 | |
| PopCoalescingCallbackRoutine | |
| Count 8 | |
| 48 8D 0D 01 10 DA FF lea rcx, PopCoalescingCallbackRoutine | |
| 9600 | |
| 48 8D 0D 19 B9 DC FF lea rcx, PopCoalescingCallbackRoutine |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| winload!BlArchIsFiveLevelPagingActive | |
| bResult = 0; | |
| cr0value = __readcr0(); | |
| if ( (cr0value & 0x80000000) != 0 && (__readmsr(0xC0000080) & 0x400) != 0 ) | |
| { | |
| cr4value = __readcr4(); | |
| return (cr4value & 0x1000) != 0i64; | |
| } | |
| return bResult; |
hfiref0x
/ NtQueryInformationCpuPartition.c
Created
October 5, 2021 10:33
Denial of Service bug in Windows 11 (22468 build) NtQueryInformationCpuPartition
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <cstdio> | |
| typedef NTSTATUS(NTAPI* pfnNtQueryInformationCpuPartition)( | |
| ULONG_PTR PartitionHandle, | |
| ULONG_PTR Flags, | |
| ULONG_PTR OutputBuffer, | |
| ULONG_PTR Length, | |
| ULONG_PTR ReturnedLength | |
| ); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:schemas-microsoft-com:sipolicy"> | |
| <VersionEx>10.0.25090.0</VersionEx> | |
| <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
| <PolicyID>{D2BDA982-CCF6-4344-AC5B-0B44427B6816}</PolicyID> | |
| <BasePolicyID>{D2BDA982-CCF6-4344-AC5B-0B44427B6816}</BasePolicyID> | |
| <Rules> | |
| <Rule> | |
| <Option>Enabled:Unsigned System Integrity Policy</Option> | |
| </Rule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 16299 | |
| PAGE:00000001C0026144 4C 8B CB mov r9, rbx | |
| PAGE:00000001C0026147 4C 8B C7 mov r8, rdi | |
| PAGE:00000001C002614A 48 8B D6 mov rdx, rsi | |
| PAGE:00000001C002614D 8B CD mov ecx, ebp | |
| PAGE:00000001C002614F E8 A0 07 00 00 call CipInitialize | |
| 17134.1 | |
| PAGE:00000001C0027144 4C 8B CB mov r9, rbx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef struct _MAP_PARAMS { | |
| HANDLE SectionHandle; | |
| PVOID MapBaseAddressIoSpace; | |
| PMDL AllocatedMdl; | |
| DWORD MapSize; | |
| LARGE_INTEGER Offset; | |
| PVOID MapBaseAddress; | |
| BOOLEAN Writeable; | |
| } MAP_PARAMS, *PMAP_PARAMS; //sizeof 45 bytes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "global.h" | |
| #define EPROCESS_UniqueProcessId_1809 0x2E0 | |
| #define EPROCESS_ActiveProcessLinks_1809 EPROCESS_UniqueProcessId_1809 + sizeof(HANDLE) | |
| #define EPROCESS_Token_1809 0x358 | |
| #define EPROCESS_UniqueProcessId_1903 0x02E8 | |
| #define EPROCESS_ActiveProcessLinks_1903 EPROCESS_UniqueProcessId_1903 + sizeof(HANDLE) | |
| #define EPROCESS_Token_1903 0x360 |
hfiref0x
/ NtUserSetWindowsHookEx.cpp
Created
February 19, 2021 09:31
Denial of Service bug in Windows 10 (21313 build) NtUserSetWindowsHookEx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <cstdio> | |
| typedef NTSTATUS(NTAPI* pfnNtUserSetWindowsHookEx)( | |
| ULONG_PTR Param1, | |
| ULONG_PTR Param2, | |
| ULONG_PTR Param3, | |
| ULONG_PTR Param4, | |
| ULONG_PTR Param5, | |
| ULONG_PTR Param6); |
hfiref0x
/ NtCreateIoRing.cpp
Created
February 19, 2021 08:12
Denial of Service bug in Windows 10 (21313 build) NtCreateIoRing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <cstdio> | |
| typedef NTSTATUS(NTAPI* pfnNtCreateIoRing)( | |
| ULONG_PTR Param1, | |
| ULONG_PTR Param2, | |
| ULONG_PTR Param3, | |
| ULONG_PTR Param4 | |
| ); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <fusion.h> | |
| typedef HRESULT(WINAPI* pfnCreateAssemblyEnum)( | |
| _Out_ IAssemblyEnum** pEnum, | |
| _In_opt_ IUnknown* pUnkReserved, | |
| _In_opt_ IAssemblyName* pName, | |
| _In_ DWORD dwFlags, | |
| _Reserved_ LPVOID pvReserved); | |
| typedef HRESULT(WINAPI* pfnCreateAssemblyCache)( |