flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Windows > About FS register in Windows OS
Author
Thread Post new topic Reply to topic
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 13 Aug 2011, 02:38
Reference:
http://en.wikipedia.org/wiki/Win32_Thread_Information_Block

Code:
FS:[0x124]

Pointer to KTHREAD (ETHREAD) structure

which is the biggest structure I've ever seen:
http://www.nirsoft.net/kernel_struct/vista/KTHREAD.html

Look at this field:
PVOID KernelStack;

What does make you think ?

Maybe with some tweaks we may end up injecting some code into ring0. Rolling Eyes

What do you think ?
Post 13 Aug 2011, 02:38
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 13 Aug 2011, 08:33
It's not going to be so easy, hundreds of researchers keep inspecting Windows code for vulnerabilities.
Post 13 Aug 2011, 08:33
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
addes3



Joined: 09 May 2011
Posts: 29
addes3 13 Aug 2011, 18:51
They may be reading this topic...
Post 13 Aug 2011, 18:51
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.