tag:blogger.com,1999:blog-5498266518143777458.post8090180487034277524..comments2009-12-26T09:39:05.949+01:00Piotr Baniahttp://www.blogger.com/profile/16139783712412229709noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-5498266518143777458.post-53065745232318577942009-10-18T21:15:31.249+01:002009-10-18T21:15:31.249+01:00@mish: no problem :-)Piotr Baniahttp://www.blogger.com/profile/16139783712412229709noreply@blogger.comtag:blogger.com,1999:blog-5498266518143777458.post-73136828350758777702009-10-17T20:04:57.172+01:002009-10-17T20:04:57.172+01:00Thank you for posting it, Piotr! I didn&#39;t see it earlier, hence the late gratitude :-).<br /><br />--Mishmishhttp://www.blogger.com/profile/13727369528689120304noreply@blogger.comtag:blogger.com,1999:blog-5498266518143777458.post-42816888945681587732009-10-07T18:04:37.397+01:002009-10-07T18:04:37.397+01:00@Rolf: Thanks man! :-)<br /><br />@mish: Im glad u liked it. I don&#39;t think the &quot;dump-proggie&quot; is worth publishing and moreover i never thought someone would like to see it. It&#39;s one of the tools you write in 5 mins just to proceed with another research step. Anyway im attaching a little code fragment perhaps it can help you a little. This one uses libdasm but any diassembler library will be fine. Of course it reads from the already dumped srv2.sys file (you can dump the memory contents in few different ways in example: by writing a windbg plugin and using ReadMemory, writing a windows device driver etc.). The addresses are hardcoded for SP2 AFAIR, and finally the code is ugly and shouldn&#39;t be viewed by anyone :-)<br /><br /><a href="http://piotrbania.com/all/smb_just_snap.c" rel="nofollow">http://piotrbania.com/all/smb_just_snap.c</a>Piotr Baniahttp://www.blogger.com/profile/16139783712412229709noreply@blogger.comtag:blogger.com,1999:blog-5498266518143777458.post-39046218113142776842009-10-06T03:20:24.052+01:002009-10-06T03:20:24.052+01:00Good work, Piotr :-)Rolf Rolleshttp://www.blogger.com/profile/11281039521454183084noreply@blogger.comtag:blogger.com,1999:blog-5498266518143777458.post-20925333483086960672009-10-05T20:55:56.102+01:002009-10-05T20:55:56.102+01:00Piotr,<br /><br />I really enjoyed reading your guest post on the Metasploit blog, congrats on the reliable exploit!<br /><br />I know you won&#39;t share the exploit code, honestly I&#39;m a novice and I&#39;m not sure it would make too much sense to me. But I am learning, and I thought if you could share the bit of code you wrote to enumerate the memory regions in SRV2.SYS that can be reached with the vulnerable function it would be pretty informative. If not I understand, but it might make a(nother) good blog post :-).<br /><br />Regards,<br /><br />--Mikemishhttp://www.blogger.com/profile/13727369528689120304noreply@blogger.com