hfiref0x
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <cstdio> | |
| #define DEVICE_WR0_TYPE 40000 | |
| #define WR0_DEVICE_LINK TEXT("\\\\.\\WinRing0_1_2_0") | |
| HANDLE g_handleWR0 = INVALID_HANDLE_VALUE; | |
| #define IOCTL_WR0_READ_MSR CTL_CODE(DEVICE_WR0_TYPE, 0x821, METHOD_BUFFERED, FILE_ANY_ACCESS) | |
| #define IOCTL_WR0_WRITE_MSR CTL_CODE(DEVICE_WR0_TYPE, 0x822, METHOD_BUFFERED, FILE_ANY_ACCESS) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <cstdio> | |
| #define DEVICE_WR0_TYPE 40000 | |
| #define WR0_DEVICE_LINK TEXT("\\\\.\\WinRing0_1_2_0") | |
| HANDLE g_handleWR0 = INVALID_HANDLE_VALUE; | |
| // | |
| // Port mapped I/O access IOCTLS. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <cstdio> | |
| typedef struct _RTCORE_WRITE_PORT_UCHAR { | |
| ULONG Port; | |
| ULONG Value; | |
| } RTCORE_WRITE_PORT_UCHAR, * PRTCORE_WRITE_PORT_UCHAR; | |
| #define KBRD_INTRFC 0x64 | |
| #define KBRD_RESET 0xFE |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NtAcceptConnectPort 0 | |
| NtAccessCheck 1 | |
| NtAccessCheckAndAuditAlarm 2 | |
| NtAccessCheckByType 3 (STATUS_NOT_IMPLEMENTED) | |
| NtAccessCheckByTypeAndAuditAlarm 4 | |
| NtAccessCheckByTypeResultList 5 (STATUS_NOT_IMPLEMENTED) | |
| NtAccessCheckByTypeResultListAndAuditAlarm 6 | |
| NtAccessCheckByTypeResultListAndAuditAlarmByHandle 7 | |
| NtAddAtom 8 | |
| NtAddBootEntry 9 (STATUS_NOT_IMPLEMENTED) |
hfiref0x
/ gist:6901a8e571946e84d8adb1c6f720fdad
Created
November 15, 2019 16:27
NtGdiDdDDISetHwProtectionTeardownRecovery BSOD
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NtGdiDdDDISetHwProtectionTeardownRecovery (0x121B) service implemented in Windows 10 TH2 has no validation of input parameter which is pointer. | |
| .text:00000001C00BA0C0 public NtGdiDdDDISetHwProtectionTeardownRecovery | |
| .text:00000001C00BA0C0 NtGdiDdDDISetHwProtectionTeardownRecovery proc near | |
| .text:00000001C00BA0C0 xor r8d, r8d | |
| .text:00000001C00BA0C3 mov edx, 1 | |
| .text:00000001C00BA0C8 cmp [rcx+4], r8d //<- Have a nice BSOD | |
| .text:00000001C00BA0CC setz r8b | |
| .text:00000001C00BA0D0 xor ecx, ecx | |
| .text:00000001C00BA0D2 jmp DCompositionForceRender |
hfiref0x
/ akagi_58a.c
Created
October 23, 2019 16:27
UAC bypass using EditionUpgradeManager COM interface
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef interface IEditionUpgradeManager IEditionUpgradeManager; | |
| typedef struct IEditionUpgradeManagerVtbl { | |
| BEGIN_INTERFACE | |
| HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
| __RPC__in IEditionUpgradeManager * This, | |
| __RPC__in REFIID riid, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Build/cmake/Source/kwsys/ProcessUNIX.c 378 err V595 The 'cp->Commands' pointer was utilized before it was verified against nullptr. Check lines: 378, 381. | |
| /Build/cmake/Source/kwsys/Terminal.c 62 warn V560 A part of conditional expression is always true: !pipeIsConsole. | |
| /Build/cmake/Source/kwsys/System.c 31 err V1028 Possible overflow. Consider casting operands of the '* size * 2' operator to the 'size_t' type, not the result. | |
| /Build/cmake/Source/cmsys/RegularExpression.hxx 409 warn V730 Not all members of a class are initialized inside the constructor. Consider inspecting: regstart, reganch, regmust, regmlen, progsize. | |
| /Build/cmake/Source/kwsys/RegularExpression.cxx 260 err V536 Be advised that the utilized constant value is represented by an octal form. Oct: 0234, Dec: 156. | |
| /Build/cmake/Source/kwsys/SystemTools.cxx 851 warn V769 The 'orig' pointer in the 'searchPos - src + orig' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 851, 849. | |
| /Bu |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mimikatz\mimikatz\mimikatz.c (182): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: '(match + 2 - argv[0])'. | |
| mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi.c (424): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: '(wcslen(convertedSid) + 1)'. | |
| mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi.c (397): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(szPassword)'. | |
| mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi_oe.c (135): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(entry->data.sid)'. | |
| mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi_oe.c (142): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(password)'. | |
| mimikatz\mimikatz\modules\kuhl_m_crypto.c (862): error V220: Suspicious sequence of typ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 143 err V576 Incorrect format. Consider checking the third actual argument of the 'sprintf' function. The memsize type argument is expected. | |
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. A pointer to the signed long type is expected. | |
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the second actual argument of the 'printf' function. The memsize type argument is expected. | |
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the third actual argument of the 'printf' function. The memsize type argument is expected. | |
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 147 err V576 Incorrect format. Consider checking the third actual argument of the 'sprintf' function. The memsize type argument is expected. | |
| /cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Build/ffmpeg/libavdevice/fbdev_common.c 128 warn V547 Expression 'fd >= 0' is always true. | |
| /Build/ffmpeg/libavdevice/sndio.c 106 warn V547 Expression 'hdl' is always true. | |
| /Build/ffmpeg/libavdevice/xcbgrab.c 637 warn V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. It's dangerous to use string specifier without width specification. Buffer overflow is possible. | |
| /Build/ffmpeg/libavfilter/af_acrossover.c 191 warn V614 Potentially uninitialized variable 'q' used. Consider checking the third actual argument of the 'set_lp' function. | |
| /Build/ffmpeg/libavfilter/af_aecho.c 227 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself. | |
| /Build/ffmpeg/libavfilter/af_aecho.c 228 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself. | |
| /Build/ffmpeg/libavfilter/af_aecho.c 229 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself. | |
| /Build/ffmpeg/libavfilter/af_aecho.c 230 |