nixawk

icon location /kernel/

Results 46 issues of nixawk

[Exp] Windows Kernel - Privilege Escalation

[Dev] Windows Kernel - Demo

``` #include typedef PIO_STACK_LOCATION PSTACK; #define IOCONTROL_BASE 0x800 #define IOCONTROL_CODE(x) CTL_CODE(FILE_DEVICE_UNKNOWN, IOCONTROL_BASE + x, METHOD_BUFFERED, FILE_ANY_ACCESS) #define IOCTL_HEL IOCONTROL_CODE(0) #define IOCTL_PRT IOCONTROL_CODE(1) #define IOCTL_BYE IOCONTROL_CODE(2) NTSTATUS DispatchCommon(PDEVICE_OBJECT pDriverObject, PIRP pIrp)...

[Dev] Windows Kernel - ExAllocatePoolWithTag / ExFreePool

``` NTSTATUS ntstatus; UNICODE_STRING dst = {0}; UNICODE_STRING src = RTL_CONSTANT_STRING(L"Allocate Example"); dst.Buffer = (PWCHAR)ExAllocatePoolWithTag(NonPagedPool, src.Length, 'TEST'); if (dst.Buffer == NULL) { DbgPrint("....."); ntstatus = STATUS_INSUFFICIENT_RESOURCES; } dst.Length = dst.MaximumLength...

[Dev] Windows Kernel - STRING

2 comment

``` RtlCopyBytes RtlCopyMemory RtlCopyString RtlCopyUnicodeString RtlCreateRegistryKey RtlCreateSecurityDescriptor RtlDeleteRegistryValue RtlDowncaseUnicodeChar RtlEqualMemory RtlEqualString RtlEqualUnicodeString RtlFillMemory RtlFindClearBits RtlFindClearBitsAndSet RtlFindClearRuns RtlFindFirstRunClear RtlFindLastBackwardRunClear RtlFindLeastSignificantBit RtlFindLongestRunClear RtlFindMostSignificantBit RtlFindNextForwardRunClear RtlFindSetBits RtlFindSetBitsAndClear RtlFreeAnsiString RtlFreeUnicodeString RtlGetEnabledExtendedFeatures RtlGetVersion RtlGUIDFromString RtlHashUnicodeString...

Windows Kernel - User Mode And Kernel Mode

1 comment

![userandkernelmode01](https://user-images.githubusercontent.com/7352479/30028891-e869a0a2-9154-11e7-8ddc-96f7a03bc92d.png) ## References 1. https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/user-mode-and-kernel-mode 2. https://blog.codinghorror.com/understanding-user-and-kernel-mode/ 3. http://www.osronline.com/article.cfm?article=576

Windows Kernel - Functions Ps*

``` PsReferenceImpersonationToken PsReturnProcessPageFileQuota PshedDisableErrorSource PsOpenProcess PspWow64CurrentPeb PsGetThreadProcessId PsGetProcessSessionId PsGetProcessInheritedFromUniqueProcessId PspJobTimeLimitsInterval PsMapSystemDlls PspDisableExceptionChainValidation PsGetProcessDebugPort PspThreadMapping PsEnterPriorityRegion PspSystemQuotaBlock PspDetachSession PsGetProcessSecurityPort PsLookupProcessThreadByCid PsUILanguageComitted PspUnhandledExceptionInSystemThread PspInitializeProtectedProcessParameters PsProvGuid PsImpersonateClient PsSuspendThread PspReplenishCycleCredit PsChargeProcessPagedPoolQuota PspGetRateQuotaEntry PspInitializeQuotaExpansionDescriptor PspJobSchedulingClasses...

Windows Kernel - Functions Io*

``` IopStoreArcInformation IoSetTopLevelIrp IopFreeBandwidthContract IopEnumerateRelations IopCheckListForCancelableIrp IoCsqRemoveIrp IovpAdvanceStackDownwards IopPortAddAllocation IopRemoveHardErrorPacket IoKernelIssuedIoBoostedCount IopGetDriverPathInformation IoReleaseRemoveLockEx IoAllocateDriverObjectExtension IopQueryNameInternal IopRemoveRelationFromList IoReportTargetDeviceChangeAsynchronous IopInsertLegacyBusDeviceNode IopIsAddressRangeValid IopDisableCrashDump IopSymlinkCleanupECP IopInitializeBuiltinDriver IopRetestConfiguration IopGroupIndex IopCompareReqAlternativePriority IopQueryOperationLength IoGetTransactionParameterBlock IopLegacyResourceAllocation IopDecrementDeviceObjectHandleCount IoWritePartitionTableEx...

Windows Kernel -Functions Rtl*

``` RtlSetOwnerSecurityDescriptor RtlFindLastBackwardRunClear RtlpLockAtomTable RtlStdLogStackTrace RtlReadSingleHookValidation RtlpVersions RtlpMuiRegLoadLicInformation RtlpMuiRegInitAnyLanguage RtlGetVersion RtlpStdListRemove RtlCompareString RtlpNormListInitGuardEnter RtlpMuiRegCreateKernelRegistryInfo RtlGetCompressionWorkSpaceSize RtlGetGroupSecurityDescriptor RtlpRegTziFormatToTzi RtlStringCchCatW RtlpProductInfoMapping RtlpCopyExtendedContext RtlFindLongestRunClear RtlInterlockedClearBitRun RtlStringCchCopyW RtlpLocateXStateChunk RtlStringCchCopyA RtlpProcessIFEOKeyFilter RtlSetAllBitsEx RtlCmDecodeMemIoResource RtlpCreateSplitBlock RtlpUnwindHandler...

Windows Kernel - Functions Zw*

``` ZwRenameTransactionManager ZwCreateNamedPipeFile ZwCreateDirectoryObject ZwDeleteBootEntry ZwAlpcRevokeSecurityContext ZwWriteVirtualMemory ZwAlertThread ZwQuerySystemInformationEx ZwIsProcessInJob ZwAlpcDeleteResourceReserve ZwListenPort ZwAcceptConnectPort ZwQueueApcThreadEx ZwOpenFile ZwDebugActiveProcess ZwGetNotificationResourceManager ZwDisableLastKnownGood ZwTerminateJobObject ZwQuerySystemEnvironmentValue ZwOpenPrivateNamespace ZwFlushInstructionCache ZwDeviceIoControlFile ZwMapCMFModule ZwFlushInstallUILanguage ZwMakePermanentObject ZwSetThreadExecutionState ZwAlpcOpenSenderThread ZwDeleteKey ZwPropagationComplete...

Windows Kernel - Functions Ex*

``` ExpGetSystemFirmwareTableInformation ExUnregisterExtension ExpReleaseResourceForThreadLite ExpTranslateNtPath ExfReleasePushLockShared ExResourceTimeoutCount ExpHotpatchQueryLock ExpCreateOutputARC ExpParseEfiPath ExReturnPoolQuota ExpMicrocodeInformationUnload ExpUpdateProductSuiteType ExpAllocateStringRoutine ExpAllocateHandleTableEntry ExpGetObjectInformation ExpWorkerFactoryInitialization ExUnlockHandleTableEntry ExpCreateWorkerThread ExInterlockedRemoveHeadList ExpPoolScanCount ExRegisterAttributeInformationCallback ExpTimerMapping ExSetAttributeInformation ExpFreeHandleTableEntry ExpKeyManipLock ExpLicensingDescriptorsCount ExWorkerQueue ExpLicensingCacheHeaderFlagsInternal ExInitializeLookasideListEx...