HackSysExtremeVulnerableDriver icon indicating copy to clipboard operation
HackSysExtremeVulnerableDriver copied to clipboard

Published 20 hours ago verified publisher icon hacksysteam

I modified the source code to allow Integer Overflow exploitation on x64

Open viniciusmarangoni opened this issue 3 years ago • 2 comments

Hi,

I was interested in playing the Integer Overflow challenge running on a Windows 10 (x64). Unfortunately, the binary generated by the original source code uses a 64-bit register when performing the sum Size + TerminatorSize and the integer overflow cannot be achieved.

I have modified the code to allow the integer overflow to occur on 64-bit by using an ULONG (4 bytes) variable to store the sum result.

I'm opening this as an issue instead of submitting a pull request because the modified code is not as "elegant" as the original one.

ULONG TmpSize = 0;

[...]

        TmpSize = (ULONG) (Size + TerminatorSize);
        if (TmpSize > sizeof(KernelBuffer))
        {
            DbgPrint("[-] Invalid UserBuffer Size: 0x%X\n", Size);

            Status = STATUS_INVALID_BUFFER_SIZE;
            return Status;
        }

[...]

viniciusmarangoni avatar May 13 '22 12:05 viniciusmarangoni

Hi @viniciusmarangoni

Thank you so much for the bug report. I'll look into it ASAP.

Cheers

hacksysteam avatar May 13 '22 17:05 hacksysteam

Hi @viniciusmarangoni

We had a similar bug report in the past. https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/pull/39

Can you check the pull request and see if helps.

hacksysteam avatar May 15 '22 16:05 hacksysteam