Index
> Windows > Blue Screen of DeathGoto page Previous 1, 2 |
| Author |
|
|
kohlrak 02 Jan 2007, 22:00
that's interesting... the output (when you add the MB_OK) is rather intresting... What exactly is the bugstring? Is it trying to print the file located at C:\, only it dosn't exist because no file was referanced?
|
|||
02 Jan 2007, 22:00 |
|
|
LocoDelAssembly 02 Jan 2007, 22:17
I can't believe it, that code works
 I got a blank screen though without any message but my FIRST minidump file has been created.
You made me produce my first BSOD since the last installation (more than 1 year ago). 
For those who wants to fall in the trap maybe you will need to execute that code twice (I have to do that). The first time appears a couple of times a message box with wierd strings and at the second time no message box appear but a system crash appears instead. Do you know if there is plans to fix this and if this is a known bug at Microsoft? Chears PS: Actually my exact sequence was executing the code as posted, changing MB_SERVICE_NOTIFICATION to 0 and the third attempt changing 0 back to MB_SERVICE_NOTIFICATION. |
|||
|
02 Jan 2007, 22:17 |
|
|
kohlrak 02 Jan 2007, 22:23
If they know about it, they're working to fix it. lol
|
|||
|
02 Jan 2007, 22:23 |
|
|
LocoDelAssembly 02 Jan 2007, 22:30
Not exactly, the bug that allows an ordinary executable to get ring-0 level when the user has SE_DEBUG_PRIVILEGE was never fixed because they think that it's not a bug. The same could happen with this.
|
|||
|
02 Jan 2007, 22:30 |
|
|
kohlrak 02 Jan 2007, 22:32
Actually, i woudln't see that as a bug either, because you could want your device to only be used by 1 file. This on the other hand, is more like a hack string, i'm not sure how it works, but i'd deffinately try to fix this, but they may not knwo about this.
|
|||
|
02 Jan 2007, 22:32 |
|
|
LocoDelAssembly 02 Jan 2007, 22:41
Here I found something, it's a very new discover of a very OLD bug http://www.securiteam.com/windowsntfocus/6D00R0AHPK.html
|
|||
|
02 Jan 2007, 22:41 |
|
|
DOS386 02 Jan 2007, 23:21
Hey, what an interesting thread ...
 . . .
Kermil wrote: Quote: To call BSOD you can invoke the following code: ...... Does the code work ? For me it does not (on non-NT stuff  ), and I
could not yet test on an XP machine
However, I have a code that bluescreens (some at least) of such non-NT machines: Code: mov al,$FE ; Do NOT execute on XP - it gets silently killed there Patch code ^^^ into simplest PE-32 "Hello World"  _________________ Bug Nr.: 12345 Title: Hello World program compiles to 100 KB !!! Status: Closed: NOT a Bug Last edited by DOS386 on 04 Sep 2007, 20:46; edited 2 times in total |
|||
|
02 Jan 2007, 23:21 |
|
|
kohlrak 02 Jan 2007, 23:25
It works on windows xp... I'll test your simple code now..
EDIT: xp dosn't like the line "out $64,al". I used the code below (for future referance)... Code: use32 format PE gui include '...\include\win32ax.inc' entry start section '.code' readable executable start: mov al,$FE out $64,al invoke ExitProcess, 0 section '.import' import readable writeable library kernel, 'kernel32.dll' import kernel, ExitProcess, 'ExitProcess' |
|||
|
02 Jan 2007, 23:25 |
|
|
Kermil 03 Jan 2007, 02:38
Look the following link, I think it would be intresting for you
http://www.securitylab.ru/poc/extra/283628.php |
|||
|
03 Jan 2007, 02:38 |
|
|
LocoDelAssembly 03 Jan 2007, 03:47
And here a brief explanation http://secunia.com/cve_reference/CVE-2006-6797/ http://secunia.com/advisories/23491/
Again an old bug discovered recently. Funny, in december 2005 was also discovered a very old vulnerability about WMF and to keep the tradition the same happens in december 2006, very old bug that survived lots of updates... Thanks for the interesting bug |
|||
|
03 Jan 2007, 03:47 |
|
|
kohlrak 03 Jan 2007, 05:07
Perhaps it might not get fixed... Works good for me. lol and that link (by kermil) is interesting. I didn't test the code or even read it too deeply (since it's getting late) but it appears to use another way to call the bluescreen (assuming it calls the blue screen). I may have to try that out later on when i have more time. Perhaps this weekend.
|
|||
|
03 Jan 2007, 05:07 |
|
|
ACP 03 Jan 2007, 11:28
When talking about gaining ring 0 privileges while SeDebugPrivilege is enable take a look at this article:
http://www.securiteam.com/windowsntfocus/5TP0B2KC0K.html Also Georgi Guninski has found very interesting bug some time ago (wk2 only): http://www.securiteam.com/windowsntfocus/5ZP0L1F4AG.html |
|||
|
03 Jan 2007, 11:28 |
|
|
DOS386 12 Jan 2007, 02:00
Finally tested Kermil's code on XP:
- BAD: No bluescreen 
- GOOD: it crashed other way at least, with a reboot on 2nd click 
Anyone else tested Kermil's ( NT/XP ) or my ( ME/98 ) code ??? _________________ Bug Nr.: 12345 Title: Hello World program compiles to 100 KB !!! Status: Closed: NOT a Bug |
|||
|
12 Jan 2007, 02:00 |
|
|
LocoDelAssembly 12 Jan 2007, 03:07
Your code for Me/9x demostrates the design flaw of that platform since applications are allowed to do I/O with IN and OUT instructions because of the IOPL level that the applicacions have in that plataform. NT based Windowses haven't got this flaw because the IOPL level disallows such instructions and any attempt to execute them raises a general protection fault exception.
Another well known flaw is the CLI / JMP $ program that hangs the system completely (i.e. you have to press reset or turn of the computer to escape from the hanging). c:\>debug -a cli jmp 101 -g Doing the above on an NT system just hangs the DOS console but the system keeps running flawlessly. |
|||
|
12 Jan 2007, 03:07 |
|
|
zhak 12 Jan 2007, 22:05
Quote:
yup, it reboots my PC, too.... |
|||
|
12 Jan 2007, 22:05 |
|
|
madmatt 28 Apr 2009, 09:37
Interesting, Tried the code on Vista Home Premium, and no crash. Must be fixed.
|
|||
|
28 Apr 2009, 09:37 |
|
|
edfed 27 Dec 2012, 08:42
idem on win8. no crash.
it remembers me the bug in the TI basic of the TI80 if " hem, alt-gr seems to don't work now...
and my xp VM is completelly bugged now |
|||
|
27 Dec 2012, 08:42 |
|
| Goto page Previous 1, 2 < Last Thread | Next Thread > |
Forum Rules:
|