waliedassar

Trigger STATUS_GUARD_VIOLATION

Oct 22nd, 2012
182
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com
  2. //http://www.twitter.com/waleedassar
  3. //Code to trigger STATUS_GUARD_PAGE_VIOLATION in a nerdy way.
  4. #include "stdafx.h"
  5. #include "windows.h"
  6. #include "stdio.h"
  7. #define ThreadBasicInformation 0x0
  8. struct THREAD_BASIC_INFORMATION
  9. {
  10.         unsigned long ExitStatus;
  11.         unsigned long TEBAddress;
  12.         unsigned long shit[0x5]; //Only to preserve the structure's size
  13. };
  14. extern "C"
  15. {
  16.         int __stdcall ZwQueryInformationThread(HANDLE,unsigned long,THREAD_BASIC_INFORMATION*,unsigned long,unsigned long*);
  17. }
  18. int dummy()
  19. {
  20.     int x=0;
  21.     int y=x+1;
  22.     Sleep(INFINITE);
  23.     return y;
  24. }
  25. int __cdecl Handler(EXCEPTION_RECORD* pRec,void* est,unsigned char* pContext,void* disp)
  26. {
  27.     if(pRec->ExceptionCode==0x80000001)
  28.     {
  29.         MessageBox(0,"Expected","waliedassar",0);
  30.         ExitProcess(0);
  31.     }
  32.     return ExceptionContinueSearch;
  33. }
  34. void main()
  35. {
  36.     //--------------Install Exception Handler----------------------------
  37.     __asm
  38.     {
  39.         push offset Handler
  40.         push dword ptr fs:[0x0]
  41.         mov dword ptr fs:[0x0],esp
  42.     }
  43.     //-------------Create a new thread and extract some info------------
  44.     unsigned long tid=0;
  45.     HANDLE h=CreateThread(0,0x1000,(LPTHREAD_START_ROUTINE)&dummy,0,0,&tid);
  46.     if(!h) return;
  47.     printf("Thread %x has been created.\r\n",tid);
  48.     THREAD_BASIC_INFORMATION TBI={0};
  49.     ZwQueryInformationThread(h,ThreadBasicInformation,&TBI,sizeof(TBI),0);
  50.     printf("Thread TEB at %x\r\n",TBI.TEBAddress);
  51.     char* p=(char*)(TBI.TEBAddress);
  52.     unsigned long StackBase=*(unsigned long*)(p+0x4);
  53.     unsigned long StackCurrPointer=*(unsigned long*)(p+0x8);
  54.     printf("Thread Stack base: %x\r\n",StackBase);
  55.     printf("Thread Stack Current: %x\r\n",StackCurrPointer);
  56.     //--------------Trigger the STATUS_GUARD_VIOLATION------------------
  57.     MEMORY_BASIC_INFORMATION MBI={0};
  58.     if(VirtualQuery((void*)(StackCurrPointer-0x1000),&MBI,sizeof(MBI)))
  59.     {
  60.          printf("Protect: %x\r\n",MBI.Protect);
  61.          unsigned long px=StackCurrPointer-0x1000;
  62.          unsigned char x=*(unsigned char*)px;
  63.     }
  64.     //--------------------------------------------------------------
  65.     ExitProcess(0);
  66. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×