Giter Club home page Giter Club logo

andrewspecial's People

Contributors

gabu-b avatar hoangprod avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

gavz heruix vysecurity johnjohnsp1 explife0011 thewover milkdevil sasqwatch raystyle sry309 alex89munteanu ith4cker akpotter c-sto minkione mkv4 cheunal jymcheong analyticsearch cybermonitor trolldbois dcmjid tuantmb falcon-pioupiou p3r1k0 0x13337 killix06 swherdman shantanu561993 bigbrobro acknowledgehim eltorobiz jean13 keystroke95 aaaaagold jjsdub556 mrg-effitas peta909 gabu-b topotam itzdan usr007 superuser5 redteams kennyzeng p3t3rp4rk3r imulmul atropineal developer191 ariel-shin zwleagle mutchako uunoob fengjixuchui chaitanyakrishna 5l1v3r1 fakeuser7 exodus444 akibbe-hank johnwax curi0usjack msf-ntdll wizzard-lizzard askyeye samgithub-2020 fadinglr skybulk tamersp25 lunarobliq hackingbharat opexxx exengineer1 axax002 yangboyd nocomp opensesamedoors gysf666 ngsimon 7a6570 nopadd firstblue 0xajstrike porpoise-trend wuming-sir skyn9ne epmpub cvlabsio yougth1 gmh5225 1iuchang rnmx gitpit dmore thomasxm

andrewspecial's Issues

Some correctness issues and handle leaks

Issue 1

GetProcId does not close process snapshot in early return

DWORD GetProcId(const wchar_t* ProcName)
{
	PROCESSENTRY32   pe32;
	HANDLE         hSnapshot = NULL;

	pe32.dwSize = sizeof(PROCESSENTRY32);
	hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

	if (Process32First(hSnapshot, &pe32))
	{
		do {
			if (wcscmp(pe32.szExeFile, ProcName) == 0) {
+				CloseHandle(hSnapshot);
				return pe32.th32ProcessID;
				break;
			}

		} while (Process32Next(hSnapshot, &pe32));
	}
	if (hSnapshot != INVALID_HANDLE_VALUE)
		CloseHandle(hSnapshot);

	return NULL;
}

AndrewSpecial/AndrewSpecial.cpp

Line 15 in 81f7cdb

return pe32.th32ProcessID;

Issue 2

Incorrect check on CreateFile API

		HANDLE hFile = CreateFileA("Andrew.dmp", GENERIC_ALL, 0, nullptr, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, nullptr); //Create the dmp file

		if (!hFile)
! This check is incorrect. If CreateFileA fails, hFile will be INVALID_HANDLE_VALUE which is -1 not 0.
		{
			printf("Failed to write dump: Invalid dump file\n");
		}

AndrewSpecial/AndrewSpecial.cpp

Line 154 in 81f7cdb

if (!hFile)

Issue 3

AndrewSpecial should call CloseHandle on hProc to avoid a handle leak. There are a couple of code paths that exit the function without closing the handle.

AndrewSpecial/AndrewSpecial.cpp

Line 181 in 81f7cdb

return 0;

AndrewSpecial/AndrewSpecial.cpp

Line 194 in 81f7cdb

return 1;

AndrewSpecial/AndrewSpecial.cpp

Line 181 in 81f7cdb

return 0;

Error: MiniDumpWriteDump failed with code 8007012b

Hey there, fun little PoC! After compiling and running against Windows 10 1809 x64, I get the following error:

AndrewSpecial.exe
RPM: 75905440 ---- ntRVM: 00B016BA
ntReadVirtualMemory Syscall is 3f
Got lsass.exe handle: 12c
Error: MiniDumpWriteDump failed with code 8007012b

The exe works as expected against Win7 x32 SP1

Is there anything I need to modify to support my version of Win 10?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.