cfb,hugsy

Hello friend 🤖

I break stuff. I build tools to break stuff. I break those tools too.

My main projects

Project	Release	Description
		GEF is a collection of commands to drastically improve GDB.
		GEF-Extras is a collection of utilities built for GEF, by the community.
		CEMU is graphical tool that provide a contained environment to learn, write and execute assembly code, based on Capstone/Keystone/Unicorn.
		Canadian Furious Beaver is a tool for hijacking IRPs handler in Windows drivers, and facilitating the process of analyzing Windows drivers for vulnerabilities.
		pwn++ is a modern C++ exploit library for Windows & Linux
		defcon_27_windbg_workshop is the content of the WinDbg workshop given at Defcon27 with @0vercl0k.
		CTFHub is webapp that attempts to provide an OK way to manage CTFs for teams playing CTFs.
		gef-binja is a Binary Ninja plugin to interface with GEF.
		proxenet is HTTP proxy that allows to create interception plugins in any language (Python, Ruby, Perl, JS, etc.).
		sstoper is the first OpenSource SSTP VPN client for Linux.
		ropgadget-rs A fast ROP gadget finder written in pure Rust for x86/x64/ARM/AARCH64 arches and PE/ELF/Macho formats.
		bochscpu-python Python bindings for BochsCPU

And more...

Some other useful code template repos:

Project	Description
c++20 project template	A template repository for C++20 projects, with docs and CI ready to use
pwn++ template	Bootstrap C++ exploits with pwn++
modern cpp windows driver template	Windows driver template, using C++20 & cmake & GithubActions

There's also a bunch of unsorted code snippets here and there

Stats

Contact Me!

[Win7] DRIVER_IRQL_NOT_LESS_OR_EQUAL

Win7 failed to hook \driver\pcw at DPC_LEVEL

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff880011e90b0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880044a9d77, address which referenced memory

Debugging Details:
------------------

*** WARNING: Unable to verify checksum for Broker.exe

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.Sec
    Value: 1

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on PH0NY

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 26

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 65

    Key  : Analysis.System
    Value: CreateObject


BUGCHECK_CODE:  d1

BUGCHECK_P1: fffff880011e90b0

BUGCHECK_P2: 2

BUGCHECK_P3: 1

BUGCHECK_P4: fffff880044a9d77

WRITE_ADDRESS:  fffff880011e90b0 

PROCESS_NAME:  Broker.exe

TRAP_FRAME:  fffff880028e05f0 -- (.trap 0xfffff880028e05f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff880044a94d0 rbx=0000000000000000 rcx=fffff880011e9060
rdx=0000000000000150 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880044a9d77 rsp=fffff880028e0780 rbp=fffff880028e07d0
 r8=0000000000000000  r9=0000000080000005 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
IrpDumper!AddObjectByName+0x1a3:
fffff880`044a9d77 48874150        xchg    rax,qword ptr [rcx+50h] ds:fffff880`011e90b0={pcw!PcwpFastIoDeviceControl (fffff880`011e3db0)}
Resetting default scope

STACK_TEXT:  
fffff880`028dfd38 fffff800`029a7c22 : fffff880`011e90b0 fffffa83`02431940 00000000`00000065 fffff800`028c4378 : nt!RtlpBreakWithStatusInstruction
fffff880`028dfd40 fffff800`029a8a12 : 00000000`00000003 00000000`00000000 fffff800`028fc5d0 00000000`000000d1 : nt!KiBugCheckDebugBreak+0x12
fffff880`028dfda0 fffff800`028ecfa4 : fffff8a0`00075130 fffff880`028e05a0 00000000`00000000 fffff880`028e05f0 : nt!KeBugCheck2+0x722
fffff880`028e0470 fffff800`028fb2e9 : 00000000`0000000a fffff880`011e90b0 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx+0x104
fffff880`028e04b0 fffff800`028f90ce : 00000000`00000001 fffff880`011e90b0 00000000`00000000 fffffa83`023cccc0 : nt!KiBugCheckDispatch+0x69
fffff880`028e05f0 fffff880`044a9d77 : fffffa83`023cccc0 fffffa83`023cccc0 00000000`00000000 fffffa83`023ccff8 : nt!KiPageFault+0x44e
fffff880`028e0780 fffff880`044a9eca : 00000000`00000007 00000000`00222004 fffffa83`02f33550 00000000`0000000e : IrpDumper!AddObjectByName+0x1a3 [D:\Code\CFB\Driver\IoAddDriver.c @ 147] 
fffff880`028e07f0 fffff880`044a928b : 00000000`00000002 fffffa83`026086d8 00000000`00000000 fffffa83`04edd060 : IrpDumper!HandleIoAddDriver+0xc2 [D:\Code\CFB\Driver\IoAddDriver.c @ 253] 
fffff880`028e0820 fffff800`02b541fa : 00000000`00000002 fffffa83`045a1d20 fffffa83`00000000 fffffa83`026085c0 : IrpDumper!DriverDeviceControlRoutine+0xdb [D:\Code\CFB\Driver\Driver.c @ 740] 
fffff880`028e0850 fffff800`02d118b1 : fffffa83`045a1d20 00000000`00000018 fffffa83`045a1d20 fffff800`02a3d180 : nt!IopSynchronousServiceTail+0xfa
fffff880`028e08c0 fffff800`02ba23c6 : fffffa83`02431940 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc51
fffff880`028e0a00 fffff800`028faf53 : fffffa83`02431940 00000000`0296fa28 fffff880`028e0a88 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
fffff880`028e0a70 00000000`77aa981a : 000007fe`fd5cc489 00000199`00100033 00000000`001e86f0 00000000`00000002 : nt!KiSystemServiceCopyEnd+0x13
00000000`0296fa38 000007fe`fd5cc489 : 00000199`00100033 00000000`001e86f0 00000000`00000002 00000000`001e83f0 : ntdll!NtDeviceIoControlFile+0xa
00000000`0296fa40 00000000`7793587f : 00000000`00222004 00000000`00000002 00000000`00211520 00000000`00213948 : KERNELBASE!DeviceIoControl+0x75
00000000`0296fab0 00000001`3f6e3778 : 00000000`00000000 00000000`00000000 00000000`0296fc59 00000000`00000000 : kernel32!DeviceIoControlImplementation+0x7f
00000000`0296fb00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Broker+0x3778


FAULTING_SOURCE_LINE:  D:\Code\CFB\Driver\IoAddDriver.c

FAULTING_SOURCE_FILE:  D:\Code\CFB\Driver\IoAddDriver.c

FAULTING_SOURCE_LINE_NUMBER:  147

FAULTING_SOURCE_CODE:  
   143: 	PFAST_IO_DISPATCH FastIoDispatch = pDriver->FastIoDispatch;
   144: 
   145: 	if (FastIoDispatch)
   146: 	{
>  147: 		PFAST_IO_DEVICE_CONTROL OldFastIoDeviceControl = (PFAST_IO_DEVICE_CONTROL)InterlockedExchangePointer(
   148: 			(PVOID*)&FastIoDispatch->FastIoDeviceControl,
   149: 			(PVOID)InterceptGenericFastIoDeviceControl
   150: 		);
   151: 
   152: 		NewDriver->FastIoDeviceControl = OldFastIoDeviceControl;


SYMBOL_NAME:  IrpDumper!AddObjectByName+1a3

hugsy / cfb Goto Github PK

cfb's Introduction

Hello friend 🤖

My main projects

Stats

Contact Me!

cfb's People

Contributors

Stargazers

Watchers

Forkers

cfb's Issues

Recommend Projects

Recommend Topics

Recommend Org