hfiref0x
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Build/LibVNCServer/test/encodingstest.c 195 warn V522 There might be dereferencing of a potential null pointer 'cd'. Check lines: 195, 189. | |
| /Build/LibVNCServer/test/encodingstest.c 198 warn V575 The potential null pointer is passed into 'sprintf' function. Inspect the first argument. Check lines: 198, 197. | |
| /Build/LibVNCServer/test/encodingstest.c 287 warn V522 There might be dereferencing of a potential null pointer 'server->frameBuffer'. Check lines: 287, 284. | |
| /Build/LibVNCServer/client_examples/vnc2mpg.c 342 warn V1004 The 'video_st' pointer was used unsafely after it was verified against nullptr. Check lines: 336, 342. | |
| /Build/LibVNCServer/client_examples/vnc2mpg.c 360 warn V707 Giving short names to global variables is considered to be bad practice. It is suggested to rename 'oc' variable. | |
| /Build/LibVNCServer/examples/example.c 158 warn V519 The 'cd->oldButton' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 156, 158. | |
| /Build/LibVNCServer/examples/example.c 271 warn |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Build/nginx-1.15.8/src/core/ngx_log.c 335 err V547 Expression 'nlen == 0' is always false. | |
| /Build/nginx-1.15.8/src/core/ngx_inet.c 792 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in'. | |
| /Build/nginx-1.15.8/src/core/ngx_inet.c 952 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. | |
| /Build/nginx-1.15.8/src/core/ngx_inet.c 962 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in'. | |
| /Build/nginx-1.15.8/src/core/ngx_inet.c 985 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. | |
| /Build/nginx-1.15.8/src/core/ngx_file.c 477 err V536 Be advised that the utilized constant value is represented by an octal form. Oct: 0600, Dec: 384. | |
| /Build/nginx-1.15.8/src/core/ngx_resolver.c 1673 err V1028 Possible overflow. Consider casting operands of the '2 + qle |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Build/openssl-1.1.0f/crypto/asn1/a_gentm.c 116 warn V560 A part of conditional expression is always false: (n < min[i]). | |
| /Build/openssl-1.1.0f/crypto/asn1/a_int.c 547 warn V560 A part of conditional expression is always false: r > 0x7fffffffffffffffL. | |
| /Build/openssl-1.1.0f/crypto/asn1/a_int.c 547 warn V560 A part of conditional expression is always false: r < (- 0x7fffffffffffffffL - 1L). | |
| /Build/openssl-1.1.0f/crypto/asn1/a_int.c 590 warn V560 A part of conditional expression is always false: r > 0x7fffffffffffffffL. | |
| /Build/openssl-1.1.0f/crypto/asn1/a_int.c 590 warn V560 A part of conditional expression is always false: r < (- 0x7fffffffffffffffL - 1L). | |
| /Build/openssl-1.1.0f/crypto/asn1/a_utctm.c 90 warn V560 A part of conditional expression is always false: (n < min[i]). | |
| /Build/openssl-1.1.0f/crypto/asn1/asn1_gen.c 597 warn V560 A part of conditional expression is always true: str. | |
| /Build/openssl-1.1.0f/crypto/asn1/asn1_par.c 236 warn V547 Expression '!nl' is always true. | |
| /Build/openssl-1.1.0f/crypto/asn1/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Build/Transmission/build/third-party/utp/src/utp/utypes.h 10 warn V677 Custom declaration of a standard 'uint' type. The declaration from system header files should be used instead. | |
| /Build/Transmission/build/third-party/utp/src/utp/templates.h 116 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'mem' is lost. Consider assigning realloc() to a temporary pointer. | |
| /Build/Transmission/build/third-party/utp/src/utp/utp.cpp 163 err V512 A call of the 'memset' function will lead to underflow of the buffer 'sin'. | |
| /Build/Transmission/build/third-party/utp/src/utp/utp.cpp 168 warn V641 The size of the '& sa' buffer is not a multiple of the element size of the type 'sockaddr_in6'. | |
| /Build/Transmission/build/third-party/utp/src/utp/utp.cpp 378 warn V522 There might be dereferencing of a potential null pointer 'buf'. Check lines: 378, 372. | |
| /Build/Transmission/build/third-party/utp/src/utp/templates.h 116 warn V701 Instantiation of Array < RST_Info >: realloc() possible leak: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Build/vlc-3.0.6/include/vlc_arrays.h 347 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'pp' is lost. Consider assigning realloc() to a temporary pointer. | |
| /Build/vlc-3.0.6/include/vlc_arrays.h 532 warn V522 There might be dereferencing of a potential null pointer 'p_entry'. Check lines: 532, 531. | |
| /Build/vlc-3.0.6/include/vlc_charset.h 271 warn V769 The 'utf8' pointer in the 'utf8 ++' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 271, 261. | |
| /Build/vlc-3.0.6/include/vlc_vlm.h 238 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'p_dst->ppsz_input' is lost. Consider assigning realloc() to a temporary pointer. | |
| /Build/vlc-3.0.6/include/vlc_vlm.h 240 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'p_dst->ppsz_option' is lost. Consider assigning realloc() to a temporary pointer. | |
| /Build/vlc-3.0.6/src/config/ |
hfiref0x
/ NtUserCreateActivationObject.cpp
Created
November 2, 2018 07:40
Win32k NtUserCreateActivationObject Denial Of Service (19H1)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <conio.h> | |
| #include <Windows.h> | |
| typedef LONG(WINAPI *pNtUserCreateActivationObject)( | |
| HWND hwnd, | |
| ULONG_PTR Irrelevant1, | |
| LUID *Luid); | |
| HCRYPTPROV g_hCryptoProvider = NULL; |
hfiref0x
/ responder_comdata.txt
Created
August 24, 2018 08:42
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {0000031A-0000-0000-C000-000000000046}: CLSID | |
| {0000002F-0000-0000-C000-000000000046}: CLSID CLSID_RecordInfo | |
| {00000100-0000-0010-8000-00AA006D2EA4}: CLSID DAO.DBEngine.36 | |
| {00000101-0000-0010-8000-00AA006D2EA4}: CLSID DAO.PrivateDBEngine.36 | |
| {00000103-0000-0010-8000-00AA006D2EA4}: CLSID DAO.TableDef.36 | |
| {00000104-0000-0010-8000-00AA006D2EA4}: CLSID DAO.Field.36 | |
| {00000105-0000-0010-8000-00AA006D2EA4}: CLSID DAO.Index.36 | |
| {00000106-0000-0010-8000-00AA006D2EA4}: CLSID DAO.Group.36 | |
| {00000107-0000-0010-8000-00AA006D2EA4}: CLSID DAO.User.36 | |
| {00000108-0000-0010-8000-00AA006D2EA4}: CLSID DAO.QueryDef.36 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef struct tagCREATELINKDATA { | |
| ULONG dwFlags; | |
| WCHAR szLinkName[MAX_PATH]; // + 0x20C | |
| WCHAR szExeName[MAX_PATH]; // + 0x414 | |
| WCHAR szParams[MAX_PATH]; // + 0x61C | |
| WCHAR szWorkingDir[MAX_PATH]; // + 0x824 | |
| WCHAR szOriginalName[MAX_PATH]; // + 0xA2C | |
| WCHAR szExpExeName[MAX_PATH]; // + 0xC34 | |
| WCHAR szProgDesc[MAX_PATH]; // + 0xE3C | |
| WCHAR szFolder[MAX_PATH]; // + 0x1044 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <msdelta.h> | |
| #pragma comment(lib, "msdelta.lib") | |
| BOOL load_file(LPCTSTR FileName, LPDWORD BytesRead, LPVOID *AllocatedBuffer) | |
| { | |
| HANDLE f; | |
| LARGE_INTEGER fsz; | |
| LPVOID buffer = NULL; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Ref = src | |
| // https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf | |
| // | |
| // Credits: | |
| // Vyacheslav Rusakov @swwwolf | |
| // Tom Bonner @thomas_bonner | |
| // | |
| #include <Windows.h> |