论坛的人气上来了一点哦,大家来玩点“调试游戏”吧!让我们以“挑战”会友! ^_^第一则挑战以基础为主,但是想完成好还是需要比较扎实的功底的。高手免看~=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=[背景]360的郑同学继江民、瑞星、微点之后又和大成天下的驱动飙上啦! ^_^连续曝光的几个漏洞甚至把大成的吴总都炸出来了.. 呵呵http://hi.baidu.com/mj0011/blog/item/58b9367f2fcc870d29388a3d.htmlhttp://hi.baidu.com/mj0011/blog/item/8b8827d133bd393d9a50276c.htmlhttp://hi.baidu.com/mj0011/blog/item/0e66a2ded3c1a35dccbf1adc.htmlhttp://hi.baidu.com/mj0011/blog/item/4ee0b1ecd71a3a3827979132.htmlhttp://hi.baidu.com/mj0011/blog/item/6dd8c1a24e6078a8caefd06d.html我们这次的挑战以最近的漏洞入手——首页巡警v1.2及以下版本本地权限提升漏洞(任意内核地址写入)您可以在这里下载我整理好的文章(LaTeX):http://advdbg.org/dfstore/img/ADVDBG%e5%86%85%e6%a0%b8%e8%b0%83%e8%af%95%e6%8c%91%e6%88%981.pdf细细观瞧这个漏洞,您会发现基本功是多么的重要啊。另外这个漏洞(和HkZwSetValueKey钩子不校验Ring3参数)也再次验证了那句经典的老话“一切输入都是有害的”。好了,挑战开始:1. 您能基于调试详细分析漏洞的原因及具体的危害吗?(蓝屏的原因不光有直接非法地址访问)2. 重现该漏洞驱动及攻击代码3. 写一个验证Ring3缓冲区安全性的函数——在以后自己的钩子里您也可以受益的 ^_^4. 单纯的任意内核地址写入Patch系统关键变量或0x90掉核心验证还不够好玩,你能写一段ShellCode让驱动跑个对话框出来吗?5. 另外太多太多可实践、讨论的完成的优秀的挑战者们将有机会获得 ADVDBG 年底将要出版的新书:《Showstopper : The Breakneck Race to Create Windows NT and the Next Generation at Microsoft》http://advdbg.org/blogs/advdbg_system/articles/370.aspxhttp://advdbg.org/blogs/advdbg_system/articles/506.aspx祝您好运!^_^
4楼和我的感觉一样。
老虎吃天,无处下抓。
哎~
Keep Your Eye Open for Online Golf Clubs
So, you acknowledge golf; the huge blooming ground, the golf cart, brilliant day, hitting the connected shots by accepted the golf club. Golf is in fact a bold which can be enjoyed on the annual off day.The activity of continuing on a blooming golf clubs for sale
golf advance and the alleged golf club in duke is awesome. If you accept planned to buy set of golf clubs afresh accomplish abiding you try your duke on online arcade of abatement golf clubs.Most of the online sites which activity advanced ambit of golf clubs activity abatement golf clubs now and then. If you anticipate of discount, you TaylorMade Burner 2.0 Irons
anticipate of abnormal artefact or banal clearance. Yes, it happens sometimes if you go for a discounted artefact and you end up affairs bad product.Make abiding you yield able admonition and buy your abatement golf clubs alone from reliable online sites.The banal approval articles are in actuality not necessarily defective. The simple acumen abaft it is the website buyer wants to use any acumen to access its advertise or ambition to advance in the new artefact range.