about HEAP_SPRAY_ADDRESS

coolboy4me / cve-2019-0708_bluekeep_rce

it works on xp (all version sp2 sp3)

75 stars 16 forks source link

about HEAP_SPRAY_ADDRESS #2

Open 0xTract0r opened 5 years ago

0xTract0r commented 5 years ago

'0x953b09c0' which 2003 version did you get?

coolboy4me commented 5 years ago

cn_win_srv_2003_r2_enterprise_with_sp2 2G 4 d Enable Clear f883b905 0001 (0001) termdd!IcaChannelInputInternal+0x295 ".printf \"cbData=%x \", poi(esp+4); gc; " 5 d Enable Clear f883b90b 0001 (0001) termdd!IcaChannelInputInternal+0x29b ".printf \"malloc p=%x \n\", eax;gc;" the two break points in windbg will be helpful to get the heap spray address ...