Documentation on compiling the exploits #60
Description
I see that the 3.00 version of the release does not contain compiled Exploit, so I wanted to compile them myself.
I am running on Windows 10 x64, with Visual Studio Code 2022.
I ran the .bat file in C:\Users\user\Documents\HackSysExtremeVulnerableDriver-master\Builder\Build_HEVD_Exploit.bat.
However, when then running
C:\Users\user\Documents\HackSysExtremeVulnerableDriver-master\compile\exploit\HackSysEVDExploit.exe, I get the following output (option was -a -c cmd)
[+] Starting Arbitrary Memory Overwrite Exploitation
[+] Creating The Exploit Thread
[+] Exploit Thread Handle: 0x190
[+] Getting Device Driver Handle
[+] Device Name: \\.\HackSysExtremeVulnerableDriver
[+] Device Handle: 0x194
[+] Setting Up Vulnerability Stage
[+] Allocating Memory For WRITE_WHAT_WHERE Structure
[+] Memory Allocated: 0x013E55A8
[+] Allocation Size: 0x8
[+] Gathering Information About Kernel
[+] Loaded Kernel: ntoskrnl.exe
[+] Kernel Base Address: 0x7CA00000
[-] Failed To Load Kernel: 0x7ELooking the documentation, I see that 0x7E means ERROR_MOD_NOT_FOUND. However, I can see the file C:\Windows\System32\ntoskrnl.exe.
Edit:
I feel like this is because the application is compiled in 32 bits, but try to load ntoskrnl.exe that is 64-bit. If I actually Load ntoskrnl.exe with LoadLibraryEx("C:\\Windows\\System32\\ntoskrnl.exe", NULL, LOAD_LIBRARY_AS_DATAFILE);, it loads successfully, but fails to find HalDispatchTable proc address afterwards.
However, I could not find a way to compile the exploit in 64 bits for now. Espececially Payloads.c, because it looks like inline assembly is not supported in 64 bits by Visual Studio ?
error C4235: nonstandard extension used: '__asm' keyword not supported on this architectureWhat I am missing to get the exploits running ? (I am in a VirtualBox VM)
Thank you very much,
Atticus