GetDeviceInterfacesMemoryLeak
所属分类:弱点检测代码
开发工具:C++
文件大小:0KB
下载次数:0
上传日期:2020-10-18 21:02:48
上 传 者:
sh-1993
说明: IopGetDeviceInterfaces中发生的小型内存泄漏PoC,
(Small memory leak PoC that is happening in IopGetDeviceInterfaces,)
文件列表:
assets/ (0, 2020-10-18)
assets/ida_line.png (215597, 2020-10-18)
assets/ida_writeup.png (71251, 2020-10-18)
assets/windbg_poolhit.png (70144, 2020-10-18)
assets/windbg_poolused.png (66177, 2020-10-18)
assets/windbg_stacktrace.png (61424, 2020-10-18)
leak/ (0, 2020-10-18)
leak/leak.sln (1402, 2020-10-18)
leak/leak/ (0, 2020-10-18)
leak/leak/leak.cpp (1081, 2020-10-18)
leak/leak/leak.vcxproj (7295, 2020-10-18)
leak/leak/leak.vcxproj.filters (603, 2020-10-18)
leak/leak/ntdll.h (1136, 2020-10-18)
# Memory leak in IopGetDeviceInterfaces
After few days of debugging my kernel-mode driver to figure out why hooking EFI runtime services function causes leak in paged memory, I noticed weird thing... It happens even without the driver loaded!
To figure out where it comes from, I started by looking which pool tag is being used. Quick look in WinDbg showed me that it's pool tag "Pp" that is constantly gaining size.
Now there was nothing easier then to set breakpoint to the pool allocation.
After the breakpoint was hit, I could see exactly where it was coming from.
Relocated image in IDA and found exactly the line.
There we go.
Running Windows 10 x64 Pro 2004 (19041.264). Would be nice if you fixed this Microsoft. It's just small leak but it's annoying.
近期下载者:
相关文件:
收藏者: