O'Reilly logo

The Shellcoder's Handbook: Discovering and Exploiting Security Holes, Second Edition by Gerardo Richarte, Felix FX Lindner, John Heasman, Chris Anley

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 27. Hacking the Windows Kernel

This chapter discusses how to find and exploit bugs in Windows kernel-mode code. We start with a brief overview of the kernel and a discussion of common programming flaws. We then look at two common interfaces from which the kernel can be attacked—system calls and device drivers I/O control codes—before introducing kernel-mode exploit payloads that elevate privilege, execute a secondary user-mode payload, and subvert kernel security.

Windows Kernel Mode Flaws—An Increasingly Hunted Species

Vulnerabilities affecting Windows kernel-mode code are reported on a more and more frequent basis. In any given month on Bugtraq or Full Disclosure chances are there will be several kernel issues reported, typically local privilege escalation through flaws in device drivers but occasionally remotely exploitable vulnerabilities, often requiring no authentication. Ironically, many of these issues are in security products themselves such as personal firewalls.

Kernel bugs have traditionally received less attention and have been perceived as harder to find and harder to exploit than user-mode bugs. The reality is that many classes of bugs affecting user-mode applications—stack overflows, integer overflows, heap overflows—are present in kernel code, and the techniques for finding these in user-mode applications—fuzzing, static analysis, and dynamic analysis—apply equally well to kernel-mode code. In some cases, bugs are easier to spot in kernel-mode code than user ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required