Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Harden against PEB stomping in UM #34

Open
stevemk14ebr opened this issue Oct 29, 2024 · 1 comment
Open

Harden against PEB stomping in UM #34

stevemk14ebr opened this issue Oct 29, 2024 · 1 comment

Comments

@stevemk14ebr
Copy link
Collaborator

  • Usermode reads should use

    extern "C" __declspec(dllexport) __declspec(noinline) BOOLEAN TraceAccessMemory(PVOID SafeAddress, ULONG_PTR UnsafeAddress, SIZE_T NumberOfBytes, SIZE_T ChunkSize, BOOLEAN DoRead)
    or at least ProbeForRead to restrict addresses we read to UM and catch with __try __except if they're invalid addresses.

  • Guard against PEB / Module lists stomping. Cycles can be created not including the list head/end causing infinite loops in the module walks

@stevemk14ebr
Copy link
Collaborator Author

58547f0 fixes the first issue by using Se api

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant