Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Windows PAGE TABLE ENTRY (kernel space 0xffdf0000)
- ###########################################################################
- // addressed from 0xffdf0000 - 0xffdfffff are reserved for the system
- // (ie, not for use by the hal)
- #define KI_BEGIN_KERNEL_RESERVED 0xffdf0000
- #define KIP0PCRADDRESS 0xffdff000
- #########################################################################
- 1: kd> !pte 0xffdf0000
- VA ffdf0000
- PDE at 00000000C0603FF0 PTE at 00000000C07FEF80
- contains 000000000018A063 contains 00000000001DA163
- pfn 18a ---DA--KWEV pfn 1da -G-DA--KWEV <==== Read WRITE
- finding rop gadget
- 1: kd> s 0xFFD00000 L100000 C3
- ffd008ab c3 74 05 e8 24 10 00 00-38 1d 6f e2 48 00 74 30 .t..$...8.o.H.t0
- ffd00f73 c3 0c 60 66 06 60 66 06-60 66 06 30 c3 0c 1f 80 ..`f.`f.`f.0....
- ffd00f7f c3 0c 1f 80 f0 00 00 00-00 00 00 00 00 00 00 00 ................
- ffd01cac c3 dc be dc b7 dc b6 dc-af dc 00 00 9d dc 3d dc ..............=.
- ffd01fb6 c3 00 b4 00 b5 00 c4 00-82 00 c1 00 87 00 f5 00 ................
- ffd08891 c3 55 89 e5 57 89 c7 56-89 d6 53 0f b7 05 24 e0 .U..W..V..S...$.
- @st1ll_di3,#emingh
Advertisement
Add Comment
Please, Sign In to add comment
