search

hacksysteam / HackSysExtremeVulnerableDriver

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
https://hacksys.io
GNU General Public License v3.0
2.42k stars 525 forks source link

I modified the source code to allow Integer Overflow exploitation on x64 #48

Open viniciusmarangoni opened 2 years ago

viniciusmarangoni commented 2 years ago

Hi,

I was interested in playing the Integer Overflow challenge running on a Windows 10 (x64). Unfortunately, the binary generated by the original source code uses a 64-bit register when performing the sum Size + TerminatorSize and the integer overflow cannot be achieved.

I have modified the code to allow the integer overflow to occur on 64-bit by using an ULONG (4 bytes) variable to store the sum result.

I'm opening this as an issue instead of submitting a pull request because the modified code is not as "elegant" as the original one.

ULONG TmpSize = 0;

[...]

        TmpSize = (ULONG) (Size + TerminatorSize);
        if (TmpSize > sizeof(KernelBuffer))
        {
            DbgPrint("[-] Invalid UserBuffer Size: 0x%X\n", Size);

            Status = STATUS_INVALID_BUFFER_SIZE;
            return Status;
        }

[...]
hacksysteam commented 2 years ago

Hi @viniciusmarangoni

Thank you so much for the bug report. I'll look into it ASAP.

Cheers

hacksysteam commented 2 years ago

Hi @viniciusmarangoni

We had a similar bug report in the past. https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/pull/39

Can you check the pull request and see if helps.