Alessandro Iandoli
Alessandro Iandoli
May i ask you to do another attempt compiling under the branch `second`? https://github.com/MrAle98/CVE-2024-49138-POC/tree/second Always restart and then delete all the folder C:\temp before launching it. By the way the...
Do you have my same version of ntoskrnl.exe (same hash)?
Yes. I was lazy and I just put hardcoded offsets instead of using hashing to retrieve the proper functions in ntoskrnl.exe. It requires to modify the offsets in the POC...
Yes i think they are all at least for the poc in master branch.
The buf variable contains the beginning of ntoskrnl.exe or just zeros? You have the same issue also with the poc in the second branch?
Do you have second branch updated to latest commit?
Did you delete folder c:\temp before running the poc everytime? Also for the second branch poc?
CreateLogContainerScanContext should never be printed as the main thread should hang. While the second call to AddLogContainer should always fail
At line 809 of second branch poc do you have something like first option or the second option? First option. ``` *((PDWORD64)pDriverFunction) = (DWORD64)g_ntbase + 0x7f06a0; //address of DbgkpTriageDumpRestoreState ```...
The exploit forces the driver to dereference multiple data structures. From FILE_OBJECT to DEVICE_OBJECT to DRIVER_OBJECT. It may require to change also all the offsets in the structures, but I...