The full code for the mitigation bypass is provided as well as a toy example to experiment with the vulnerability. Please be aware that the provided driver has been made only to be exploited and is a very simple “fake” write-what-where vulnerability. As such, it should not be used on a non-testing environment as it potentially exposes the user to a high risk.
== Project organization ==
Two projects are linked. The first one is the mitigation bypass itself. The “write_what_where” function contains the code of any vulnerability modified in a way that leads to this primitive (this is exactly what we’ve done for a real-world kernel use-after-free vulnerability). In this case, it is an exploit for the toy vulnerability. The other project corresponds to the toy driver.
== Installing the driver ==
Simply build the driver as a normal KMDF driver project using the provided visual studio project file. Once you get the driver binary, ensure that you disable signature verification by booting your operating system in test mode (press shift while clicking the restart button). Once it is done, you should see a special message on the bottom right of your desktop indicating you’re running in that mode.
At this point, you should be able to load the driver using OSR’s driver loader . At this point you should be able to trigger the exploit and see a system authority console spawning.
Tested on Windows 7 – SP1 – 32 bits