Blue Screen of Death before fuzzing #4
Comments
|
I also tested on Windows 10 18362.30 build. The same error occur. After investigation, I found the root cause is line 120 in Poison.cpp: *(PCHAR)exAllocAddr = '\xe9'; This line introduces a "attempted_write_to_readonly_memory" error in core dump. I checked the offset generated in VersionConst.h, it seems that all the offset (exallocatepoolwithtag, _KeServiceDescriptorTableShadow, and syscall num have no error.) Still working on the solution. |
|
Problem solved. I added those lines before line 120 in Poison.cpp: _asm These lines enables write permissions to the ExAllocatePoolWithTag memory. |
|
Hi, I'm sorry for the late reply, I was really busy for a while. Thank you for reporting and solving this issue. I could not observe this symptom in my environment, but it seems my implementation for heap memory poisoning indeed has some unstable points. I may have to consider disabling the memory poisoning functionality by default. Anyway, thank you again for reporting the issue! I will leave the issue open until I make the decision and update the code. |
Hi @jchoi2022 ,
I encountered the BSoD problem when enter this command: python C:\Launcher\hooker32.py
I am sure the testing VM windows version matches the dll being statically analyzed. They are both Windows 17134.1 32bit. At first I used your provided dlls for 17134.1 but failed. Then I tried to extract the dlls directly from the windows system in the VM and modified the script accordingly but still failed at this stage.
The text was updated successfully, but these errors were encountered: