search

0mWindyBug / KDP-compatible-driver-loader

KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys
128 stars 27 forks source link

Loader calculates the seCiCallbacsInstr wrong in case of a carry over #3

Closed rafaelscheel closed 7 months ago

rafaelscheel commented 7 months ago

The LEA instruction searched for in getCiValidateImageHeaderEntry in Loader.cpp performs 32bit math. The current code does 64bit math. The issue was hiddne, since %x was used instead of %p for the output of 64bit addresses.

This leads to a wronggly calculated seCiCallbacksAddr and to a blue screen. So far this seems to only affect windows server operating systems.

I provide a fix in a forked repo and create the pull request today.

P.S. my first time contributing to open source code, so let me know if this is not the right approach ;)

0mWindyBug commented 7 months ago

Thanks for pointing it out