The Vectored Exception Handling (VEH) is a Windows mecanism to handle application exceptions. Even if you have an official Windows API to add and remove handlers via AddVectoredExceptionHandler and RemoveVectoredExceptionHandler, there is no official way to list all registered handlers in an application. Inside the source code of ReactOS you can find a source file with these API reimplemented and it can give us good information about how it works.

You always have a lot of possibilities when you make a shellcode payload, especially on Windows. Do you need to write all your ASM manually or can you be helped by your compiler? Do I need to directly use syscall or to search the functions in memory? Because it’s not always simple to make it, I have made the decision to write an article about that.

Recently I was involved in a security conference called SecuDay where I have presented Attacking Games for Fun and Profit. At the end of the conference, we have been invited to resolve some challenges conceived by Charles Bouillaguet.

Today, I will try to explain how we can make a hook on a C++ class method. This technique works on Linux and Windows, but my examples are compiled on Linux.

In this article, we will exploit a write-what-where vulnerability in Windows 7 x64. To do that, we will use the last level of 0vercl0k: the level 3.

In my previous article, I have talked about the exploitation of kernel buffer overflow. This time, I will not play with Windows XP x86 but with Windows 7 x64 on the 0vercl0k’s level 2 driver.

WinDbg is a powerfull Windows debugger, it can debug x86 application and x64 application, in user-land or in kernel-land. Despite its useful commands, we would like to make some plugin to do a faster and better debugging session. Fortunately for us, it’s possible to write WinDbg plugins in C or C++ to add a lot of commands in our favorite debugger.

The buffer overflow are cool in user-land but they can be more funny in kernel-land. This time, we will use a buffer overflow to make an escalade privilege to get the SYSTEM rights, so we will could make anything we want on the system. To train us, we don’t need to code a driver by ourself: 0vercl0k have done it for us! So we got the level 1 files and we start our XP VM.