2022

x64 Paging Mechanism

zoemurmure
| , 4 min read
Preface During the process of learning HEVD (HackSys Extreme Vulnerable Driver), I found there were many concepts I didn’t fully understand, which prompted this article. The content is translated from reference^[1]^, with minor adjustments to the content and structure for learning purposes. Ba

[HEVD Exploit Series] StackOverflowGS

zoemurmure
| , 18 min read
0. Preface HackSys Extreme Vulnerable Driver (HEVD) is a Windows driver with multiple vulnerabilities developed for learning kernel exploit techniques. This article describes how to bypass a stack overflow vulnerability with /GS protection under a Windows 10 64-bit environment, involving two securit

[HEVD Exploit Series] StackOverflow

zoemurmure
| , 6 min read
Target Function TriggerBufferOverflowStack __int64 __fastcall TriggerBufferOverflowStack(void *Src, unsigned __int64 Size) { char Dst[2048]; // [rsp+20h] [rbp-818h] BYREF memset(Dst, 0, sizeof(Dst)); ProbeForRead(Src, 0x800ui64, 1u); DbgPrintEx(0x4Du, 3u, "[+] UserBuffer: 0x%p\n", Src); DbgP