hfiref0x
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <cstdio> | |
| typedef struct _RTCORE_WRITE_PORT_UCHAR { | |
| ULONG Port; | |
| ULONG Value; | |
| } RTCORE_WRITE_PORT_UCHAR, * PRTCORE_WRITE_PORT_UCHAR; | |
| #define KBRD_INTRFC 0x64 | |
| #define KBRD_RESET 0xFE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NtAcceptConnectPort 0 | |
| NtAccessCheck 1 | |
| NtAccessCheckAndAuditAlarm 2 | |
| NtAccessCheckByType 3 (STATUS_NOT_IMPLEMENTED) | |
| NtAccessCheckByTypeAndAuditAlarm 4 | |
| NtAccessCheckByTypeResultList 5 (STATUS_NOT_IMPLEMENTED) | |
| NtAccessCheckByTypeResultListAndAuditAlarm 6 | |
| NtAccessCheckByTypeResultListAndAuditAlarmByHandle 7 | |
| NtAddAtom 8 | |
| NtAddBootEntry 9 (STATUS_NOT_IMPLEMENTED) |
hfiref0x
/ gist:6901a8e571946e84d8adb1c6f720fdad
Created
November 15, 2019 16:27
NtGdiDdDDISetHwProtectionTeardownRecovery BSOD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NtGdiDdDDISetHwProtectionTeardownRecovery (0x121B) service implemented in Windows 10 TH2 has no validation of input parameter which is pointer. | |
| .text:00000001C00BA0C0 public NtGdiDdDDISetHwProtectionTeardownRecovery | |
| .text:00000001C00BA0C0 NtGdiDdDDISetHwProtectionTeardownRecovery proc near | |
| .text:00000001C00BA0C0 xor r8d, r8d | |
| .text:00000001C00BA0C3 mov edx, 1 | |
| .text:00000001C00BA0C8 cmp [rcx+4], r8d //<- Have a nice BSOD | |
| .text:00000001C00BA0CC setz r8b | |
| .text:00000001C00BA0D0 xor ecx, ecx | |
| .text:00000001C00BA0D2 jmp DCompositionForceRender |
hfiref0x
/ akagi_58a.c
Created
October 23, 2019 16:27
UAC bypass using EditionUpgradeManager COM interface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef interface IEditionUpgradeManager IEditionUpgradeManager; | |
| typedef struct IEditionUpgradeManagerVtbl { | |
| BEGIN_INTERFACE | |
| HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
| __RPC__in IEditionUpgradeManager * This, | |
| __RPC__in REFIID riid, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Build/cmake/Source/kwsys/ProcessUNIX.c 378 err V595 The 'cp->Commands' pointer was utilized before it was verified against nullptr. Check lines: 378, 381. | |
| /Build/cmake/Source/kwsys/Terminal.c 62 warn V560 A part of conditional expression is always true: !pipeIsConsole. | |
| /Build/cmake/Source/kwsys/System.c 31 err V1028 Possible overflow. Consider casting operands of the '* size * 2' operator to the 'size_t' type, not the result. | |
| /Build/cmake/Source/cmsys/RegularExpression.hxx 409 warn V730 Not all members of a class are initialized inside the constructor. Consider inspecting: regstart, reganch, regmust, regmlen, progsize. | |
| /Build/cmake/Source/kwsys/RegularExpression.cxx 260 err V536 Be advised that the utilized constant value is represented by an octal form. Oct: 0234, Dec: 156. | |
| /Build/cmake/Source/kwsys/SystemTools.cxx 851 warn V769 The 'orig' pointer in the 'searchPos - src + orig' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 851, 849. | |
| /Bu |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mimikatz\mimikatz\mimikatz.c (182): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: '(match + 2 - argv[0])'. | |
| mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi.c (424): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: '(wcslen(convertedSid) + 1)'. | |
| mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi.c (397): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(szPassword)'. | |
| mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi_oe.c (135): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(entry->data.sid)'. | |
| mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi_oe.c (142): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(password)'. | |
| mimikatz\mimikatz\modules\kuhl_m_crypto.c (862): error V220: Suspicious sequence of typ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 143 err V576 Incorrect format. Consider checking the third actual argument of the 'sprintf' function. The memsize type argument is expected. | |
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. A pointer to the signed long type is expected. | |
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the second actual argument of the 'printf' function. The memsize type argument is expected. | |
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the third actual argument of the 'printf' function. The memsize type argument is expected. | |
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 147 err V576 Incorrect format. Consider checking the third actual argument of the 'sprintf' function. The memsize type argument is expected. | |
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Build/ffmpeg/libavdevice/fbdev_common.c 128 warn V547 Expression 'fd >= 0' is always true. | |
| /Build/ffmpeg/libavdevice/sndio.c 106 warn V547 Expression 'hdl' is always true. | |
| /Build/ffmpeg/libavdevice/xcbgrab.c 637 warn V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. It's dangerous to use string specifier without width specification. Buffer overflow is possible. | |
| /Build/ffmpeg/libavfilter/af_acrossover.c 191 warn V614 Potentially uninitialized variable 'q' used. Consider checking the third actual argument of the 'set_lp' function. | |
| /Build/ffmpeg/libavfilter/af_aecho.c 227 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself. | |
| /Build/ffmpeg/libavfilter/af_aecho.c 228 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself. | |
| /Build/ffmpeg/libavfilter/af_aecho.c 229 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself. | |
| /Build/ffmpeg/libavfilter/af_aecho.c 230 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Build/LibVNCServer/test/encodingstest.c 195 warn V522 There might be dereferencing of a potential null pointer 'cd'. Check lines: 195, 189. | |
| /Build/LibVNCServer/test/encodingstest.c 198 warn V575 The potential null pointer is passed into 'sprintf' function. Inspect the first argument. Check lines: 198, 197. | |
| /Build/LibVNCServer/test/encodingstest.c 287 warn V522 There might be dereferencing of a potential null pointer 'server->frameBuffer'. Check lines: 287, 284. | |
| /Build/LibVNCServer/client_examples/vnc2mpg.c 342 warn V1004 The 'video_st' pointer was used unsafely after it was verified against nullptr. Check lines: 336, 342. | |
| /Build/LibVNCServer/client_examples/vnc2mpg.c 360 warn V707 Giving short names to global variables is considered to be bad practice. It is suggested to rename 'oc' variable. | |
| /Build/LibVNCServer/examples/example.c 158 warn V519 The 'cd->oldButton' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 156, 158. | |
| /Build/LibVNCServer/examples/example.c 271 warn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Build/nginx-1.15.8/src/core/ngx_log.c 335 err V547 Expression 'nlen == 0' is always false. | |
| /Build/nginx-1.15.8/src/core/ngx_inet.c 792 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in'. | |
| /Build/nginx-1.15.8/src/core/ngx_inet.c 952 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. | |
| /Build/nginx-1.15.8/src/core/ngx_inet.c 962 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in'. | |
| /Build/nginx-1.15.8/src/core/ngx_inet.c 985 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. | |
| /Build/nginx-1.15.8/src/core/ngx_file.c 477 err V536 Be advised that the utilized constant value is represented by an octal form. Oct: 0600, Dec: 384. | |
| /Build/nginx-1.15.8/src/core/ngx_resolver.c 1673 err V1028 Possible overflow. Consider casting operands of the '2 + qle |