GitHub - Mauzy0x00/dbutil_2_3-Exploit

A Windows kernel exploit for systems that are using the Dell driver DBUtil_2_3.sys

Alt name: Dell Latitude 7204 Rugged BIOS update A16.

This is a learning endeavor; as always.

There is a memmove call in sub_15294 that can be manipulated using the argument registers RAX, R9 and RCX. RDI holds a pointer to DeviceExtentions which holds a pointer to SystemBuffer at offset 0 and the size of the input buffer is at offset 8.

RAX : From RBX+0x10
R9 : From RBX
RCX : From RDI in the major function handler

This means that R9 in sub_15294 is a pointer to the input buffer which gives control of the src/dest and size of the call to memmove.

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
bin		bin
src		src
.gitignore		.gitignore
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
README.md		README.md
disable_blockList.reg		disable_blockList.reg
load_driver.c++		load_driver.c++
load_driver.exe		load_driver.exe

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

A Windows kernel exploit for systems that are using the Dell driver DBUtil_2_3.sys

Alt name: Dell Latitude 7204 Rugged BIOS update A16.

About

Releases

Packages

Languages

Mauzy0x00/dbutil_2_3-Exploit

Folders and files

Latest commit

History

Repository files navigation

A Windows kernel exploit for systems that are using the Dell driver DBUtil_2_3.sys

Alt name: Dell Latitude 7204 Rugged BIOS update A16.

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages