-
-
[讨论]这个Buffer是不是有点不妥啊?
-
发表于:
2014-3-12 23:15
2923
-
buffer没检查下?还是我看错了???
NTSTATUS __stdcall NtGetPlugPlayEvent(ULONG Reserved1, ULONG Reserved2, PVOID [B]Buffer[/B], ULONG BufferLength)
{
NTSTATUS result; // eax@2
PPnpUserBlock _PpUserBlock; // eax@7
PVOID v6; // eax@14
if ( *(_BYTE *)(__readfsdword(292) + 0xD7) != 1 )// PrevMode != UserMode
return 0xC0000022u;
if ( ![B]SeSinglePrivilegeCheck(SeTcbPrivilege, 1) [/B])// fuck !!!
return 0xC0000061u;
if ( !PiUserModeRunning )
{
PiUserModeRunning = 1;
PipRequestDeviceAction(IopRootDeviceNode->PhysicalDeviceObject, 0x11u, 0, 0, 0, 0);
}
_PpUserBlock = PpUserBlock;
if ( !PpUserBlock->LastFail )
{
PpUserBlock->ResultLen = 0;
KeSetEvent(&PpUserBlock->UmPnpQueryEvent, 0, 0);
result = KeWaitForSingleObject(&PpUserBlock->KrnPnpDoneEvent, 0, 1, 0, 0);
if ( result < 0 || result == 192 )
return result;
_PpUserBlock = PpUserBlock;
}
if ( BufferLength >= _PpUserBlock->ResultLen )
{
_PpUserBlock->LastFail = 0;
result = PpUserBlock->Result;
if ( (PpUserBlock->Result & 0x80000000u) == 0 )
{
v6 = PpUserBlock->Buf1;
if ( v6 )
result = PiControlMakeUserModeCallersCopy(&[B]Buffer[/B], v6, PpUserBlock->ResultLen, 4u, 1, 0);// !!!!!Buffer no checked
else
result = 0xC0000001u;
}
}
else
{
_PpUserBlock->LastFail = 1;
result = 0xC0000023u;
}
return result;
}
我看错~~~最终调用了ProbeForWrite,基本不会出大问题:-《
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
