Skip to content

Windows win32k.sys menus and some “close, but no cigar” bugs

Ten post nie jest dostępny w języku polskim!

{ 6 } Comments

  1. tobi | 13-wrz-13 at 06:08:41 | Permalink

    a) Most of USER and GDI should not be in the kernel at all.
    b) The kernel code is too low-level. It looks like C programming was done 20 years ago. Modern C++ would squash many errors because it supports safer and higher level patterns.

  2. j00ru | 13-wrz-13 at 06:15:42 | Permalink

    @tobi: very true, although… a large part of win32k.sys was actually written in C++, but still contains bugs (see http://blog.cmpxchg8b.com/2013/05/introduction-to-windows-kernel-security.html). I guess it’s still mostly about how you write code, not what you write it in.

  3. jeffball | 14-wrz-13 at 06:02:58 | Permalink

    Wouldn’t the code in the first example include a double fetch bug since they use the userland provided input_string->Length to allocate a buffer and then do a memcpy without copying it to kernel land first?

  4. Yuhong Bao | 20-wrz-13 at 14:42:35 | Permalink

    “Modern C++ would squash many errors because it supports safer and higher level patterns.”
    I think most of that stuff was designed for user mode not kernel mode.

  5. Andrea | 24-wrz-13 at 06:00:29 | Permalink

    Nice review. I Personally tried to take a glance at xxxInsertMenuItem function of Windows 7 64 Win32k, exploiting it with the help of your source code, and it seems that suffer for the bug you have described.
    Very funny and interesting! Thank you for sharing this…

    Great work!
    Andrea

  6. kele | 27-paź-13 at 14:48:37 | Permalink

    moar, gimmeh moar

Post a Comment

Your email is never published nor shared. Required fields are marked *