In the null pointer vulnerability protection technology-the primary article, we introduced a null pointer and a null pointer vulnerability concept, in this advanced article describes a null pointer use and the corresponding protection mechanisms.
Author: sun Jian slope
1 to improve the article: the null pointer use
1.1 ZwAllocateVirtualMemory basic introduction
1.2 ZwAllocateVirtualMemory function knowledge
1.3 the zero page memory allocation of the instance of win7 vs win8
2 improve: the windows zero page memory protection mechanism
2.1 set up a kernel debugging environment
2.1.1 virtual machine and debugging environment
2.1.2 configuration start windbg
2.2 user mode and kernel mode cross-stack debugging
2.2.1 kernel debugging user-mode programs
2.2.2 user mode into kernel mode
2.3 inverse analysis of the nt! NtAllocateVirtualMemory
2.3.1 NtAllocatevirtualMemory parameters to confirm
2.3.2 find NtAllocatevirtualMemory for zero page memory Safety mechanisms
2.3.3 confirmation NtAllocatevirtualMemory for zero page memory Safety mechanisms
2.3.4 find the kernel in the other of the zero page memory protection function
The front of the main introduction to a null pointer some of the concepts and related knowledge, to understand what is a null pointer, for by wild pointers caused a null pointer vulnerability is not today's focus. The next Main for pointing to the zero page memory null pointer vulnerability to do a detailed introduction.
This exploit is mainly focused in two ways:
For the first case you can use a NULL pointer to bypass the conditions of the judgment or security certification. Such as X. 0rg null pointer dereference denial of access Vulnerability, CVE-2 0 0 8-0 1 5 3 as Figure comparison of modified patches before and after comparison:
From the code patch can be seen the exploit NULL pointer to change the program flow to trigger the vulnerability.
For the second case, in some cases the zero page memory can also be used, for example, the following two cases: