hfiref0x
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Named pipe Description Service or process Interface identifier | |
| atsvc atsvc interface (Scheduler service) mstask.exe 1ff70682-0a51-30e8-076d-740be8cee98b v1.0 | |
| AudioSrv AudioSrv interface (Windows Audio service) AudioSrv 3faf4738-3a21-4307-b46c-fdda9bb8c0d5 v1.0 | |
| browser (ntsvcs alias) browser interface (Computer Browser service) Browser 6bffd098-a112-3610-9833-012892020162 v0.0 | |
| cert ICertPassage interface (Certificate services) certsrv.exe 91ae6020-9e3c-11cf-8d7c-00aa00c091be v0.0 | |
| Ctx_Winstation_API_Service winstation_rpc interface termsrv.exe 5ca4a760-ebb1-11cf-8611-00a0245420ed v1.0 | |
| DAV RPC SERVICE davclntrpc interface (WebDAV client service) WebClient c8cb7687-e6d3-11d2-a958-00c04f682e16 v1.0 | |
| dnsserver DnsServer interface (DNS Server service) dns.exe 50abc2a4-574d-40b3-9d66-ee4fd5fba076 v5.0 | |
| epmapper epmp interface (RPC endpoint mapper) RpcSs e1af8308-5d1f-11c9-91a4-08002b14a0fa v3.0 | |
| eventlog (ntsvcs alias) eventlog interface (Eventlog service) Eventlog 82273fdc-e32a-18c3-3f78-827929dc23ea v0.0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PoRegisterCoalescingCallback | |
| PAGE | |
| 9200 - 15063 | |
| PopCoalescingCallbackRoutine | |
| Count 8 | |
| 48 8D 0D 01 10 DA FF lea rcx, PopCoalescingCallbackRoutine | |
| 9600 | |
| 48 8D 0D 19 B9 DC FF lea rcx, PopCoalescingCallbackRoutine |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| winload!BlArchIsFiveLevelPagingActive | |
| bResult = 0; | |
| cr0value = __readcr0(); | |
| if ( (cr0value & 0x80000000) != 0 && (__readmsr(0xC0000080) & 0x400) != 0 ) | |
| { | |
| cr4value = __readcr4(); | |
| return (cr4value & 0x1000) != 0i64; | |
| } | |
| return bResult; |
hfiref0x
/ NtQueryInformationCpuPartition.c
Created
October 5, 2021 10:33
Denial of Service bug in Windows 11 (22468 build) NtQueryInformationCpuPartition
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <cstdio> | |
| typedef NTSTATUS(NTAPI* pfnNtQueryInformationCpuPartition)( | |
| ULONG_PTR PartitionHandle, | |
| ULONG_PTR Flags, | |
| ULONG_PTR OutputBuffer, | |
| ULONG_PTR Length, | |
| ULONG_PTR ReturnedLength | |
| ); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:schemas-microsoft-com:sipolicy"> | |
| <VersionEx>10.0.25090.0</VersionEx> | |
| <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
| <PolicyID>{D2BDA982-CCF6-4344-AC5B-0B44427B6816}</PolicyID> | |
| <BasePolicyID>{D2BDA982-CCF6-4344-AC5B-0B44427B6816}</BasePolicyID> | |
| <Rules> | |
| <Rule> | |
| <Option>Enabled:Unsigned System Integrity Policy</Option> | |
| </Rule> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 16299 | |
| PAGE:00000001C0026144 4C 8B CB mov r9, rbx | |
| PAGE:00000001C0026147 4C 8B C7 mov r8, rdi | |
| PAGE:00000001C002614A 48 8B D6 mov rdx, rsi | |
| PAGE:00000001C002614D 8B CD mov ecx, ebp | |
| PAGE:00000001C002614F E8 A0 07 00 00 call CipInitialize | |
| 17134.1 | |
| PAGE:00000001C0027144 4C 8B CB mov r9, rbx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef struct _MAP_PARAMS { | |
| HANDLE SectionHandle; | |
| PVOID MapBaseAddressIoSpace; | |
| PMDL AllocatedMdl; | |
| DWORD MapSize; | |
| LARGE_INTEGER Offset; | |
| PVOID MapBaseAddress; | |
| BOOLEAN Writeable; | |
| } MAP_PARAMS, *PMAP_PARAMS; //sizeof 45 bytes |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "global.h" | |
| #define EPROCESS_UniqueProcessId_1809 0x2E0 | |
| #define EPROCESS_ActiveProcessLinks_1809 EPROCESS_UniqueProcessId_1809 + sizeof(HANDLE) | |
| #define EPROCESS_Token_1809 0x358 | |
| #define EPROCESS_UniqueProcessId_1903 0x02E8 | |
| #define EPROCESS_ActiveProcessLinks_1903 EPROCESS_UniqueProcessId_1903 + sizeof(HANDLE) | |
| #define EPROCESS_Token_1903 0x360 |
hfiref0x
/ NtUserSetWindowsHookEx.cpp
Created
February 19, 2021 09:31
Denial of Service bug in Windows 10 (21313 build) NtUserSetWindowsHookEx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <cstdio> | |
| typedef NTSTATUS(NTAPI* pfnNtUserSetWindowsHookEx)( | |
| ULONG_PTR Param1, | |
| ULONG_PTR Param2, | |
| ULONG_PTR Param3, | |
| ULONG_PTR Param4, | |
| ULONG_PTR Param5, | |
| ULONG_PTR Param6); |
hfiref0x
/ NtCreateIoRing.cpp
Created
February 19, 2021 08:12
Denial of Service bug in Windows 10 (21313 build) NtCreateIoRing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <cstdio> | |
| typedef NTSTATUS(NTAPI* pfnNtCreateIoRing)( | |
| ULONG_PTR Param1, | |
| ULONG_PTR Param2, | |
| ULONG_PTR Param3, | |
| ULONG_PTR Param4 | |
| ); |