CVE-2021-40449

More info here: https://kristal-g.github.io/2021/11/05/CVE-2021-40449_POC.html

Compiling

I did a bit of a hack with the MinHook library so it supports (somewhat partially) the 2019 Platform Toolset.
That's why I included the lib files with this repo.

Windows Version Adapting

To adapt this repo to another Windows build you have to fix:

ntoskrnl.exe gadgets offsets for the rop chain
MiGetPteAddress offset in ntoskrnl.exe
The size of palettes, according to the (undocumented) size of PDEVOBJ (look at win32kbase!PDEV::Allocate)
Shellcode offsets of various structs (shellcode_offsets struct)

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
CVE-2021-40449_poc		CVE-2021-40449_poc
packages/minhook.1.3.3		packages/minhook.1.3.3
.gitattributes		.gitattributes
.gitignore		.gitignore
CVE-2021-40449_poc.sln		CVE-2021-40449_poc.sln
README.md		README.md
shellcode_iret_mystery_snail_1709.asm		shellcode_iret_mystery_snail_1709.asm

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-40449

Compiling

Windows Version Adapting

About

Releases

Packages

Languages

Kristal-g/CVE-2021-40449_poc

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-40449

Compiling

Windows Version Adapting

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages