search

hfiref0x / TDL

Driver loader for bypassing Windows x64 Driver Signature Enforcement
BSD 2-Clause "Simplified" License
1.05k stars 333 forks source link

furutaka x86 #12

Closed dummy0stud closed 8 years ago

dummy0stud commented 8 years ago

hey hfiref0x, I made some changes to furutaka to make it work compiled as x86(wow64)

I changed TDLMapDriver and it's working as expected, fixed some data structures, imports resolving, kernel base address getter, by using heavens gate tecnique

but TDLExploit fails, I am getting DeviceIoControl "Ldr: SUP_IOCTL_LDR_LOAD call failed" and GetLastError 0x32(ERROR_NOT_SUPPORTED) I am reversing virtualBox driver, and there is only one reference to IoIs32bitProcess it looks like it is not blocking anything, can you help me to make furutaka work compiled as x86?

dummy0stud commented 8 years ago

taking a closer look, it stores at IRP structure 0xC00000BB(STATUS_NOT_SUPPORTED)

  v13 = 0xC00000BB;
  v6->IoStatus.Status = v13;
  v6->IoStatus.Information = v8;
  IofCompleteRequest(v6, 0);

I believe now, vbox driver will not work with wow64, I am right?

hfiref0x commented 8 years ago

Of course. If you plan to use it from 32bit Windows you need x86 vboxdrv.sys. I don't want even discuss any wow64 issues, because it is complete perversion as well as whole 32bit thing.