can1357 / CVE-2018-8897

Arbitrary code execution with kernel privileges using CVE-2018-8897.
https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/
BSD 3-Clause "New" or "Revised" License
410 stars 112 forks source link

Build instructions #1

Closed edermi closed 6 years ago

edermi commented 6 years ago

Hi,

thanks for the exploit. May it be possible to add build instructions?

Thanks!

can1357 commented 6 years ago

Simply dropping all files in a solution and compiling with x64|Release works for me with MSVC. Let me know if you run into any issues, I can also add a solution file if needed.

edermi commented 6 years ago

I'm using Visual Studio Community 2017. File > New Project > Visual C++ > Empty Project I added your header files in the solution explorer to "Header Files" and Main.cpp and Native.asm to "Source Files". Building the project for x64|Release gives me 22 unresolved external symbols (the asm functions, e.g. __readss).

2018-05-14 13_15_36-window

Thanks for your help!

can1357 commented 6 years ago

Right-click on your project, go to Build Dependencies and click on Build Customizations.... Enable masm(.targets, .props) and click OK. Then right-click on Native.asm, go to Properties and set the item type to Microsoft Macro Assembler. This should solve your problem.

can1357 commented 6 years ago

On another note, to make sure you don't bugcheck:

edermi commented 6 years ago

Works fine, thanks for your help and the tips to improve reliability!

Malayke commented 6 years ago

Hi can1357, I failed to compile with VS2017, what version of MSVC r u using?

can1357 commented 6 years ago

VS2017 as well

Malayke commented 6 years ago

it's work, thx. I run the output exe file and got some error:

C:\Users\x\source\repos\CVE-2018-8897\x64\Release>CVE-2018-8897.exe

[[[[[[        Assert Failed: !KvaInfo.KvaShadowFlags.KvaShadowEnabled        ]]]]]]
can1357 commented 6 years ago

@Malayke read the error?