add comment on kshellcode about freeing corrupted buffer
This commit is contained in:
worawit
@@ -13,6 +13,8 @@
|
|||||||
; get call because system call is called on other processors.
|
; get call because system call is called on other processors.
|
||||||
; - The shellcode do not allocate shadow stack if possible for minimal shellcode size.
|
; - The shellcode do not allocate shadow stack if possible for minimal shellcode size.
|
||||||
; It is ok because some Windows function does not require shadow stack.
|
; It is ok because some Windows function does not require shadow stack.
|
||||||
|
; - Compiling shellcode with specific Windows version macro, corrupted buffer will be freed.
|
||||||
|
; This helps running exploit against same target repeatly more reliable.
|
||||||
; - The userland payload MUST be appened to this shellcode.
|
; - The userland payload MUST be appened to this shellcode.
|
||||||
;
|
;
|
||||||
; Reference:
|
; Reference:
|
||||||
|
|||||||
@@ -11,6 +11,8 @@
|
|||||||
; If userland shellcode causes any exception, the system process get killed.
|
; If userland shellcode causes any exception, the system process get killed.
|
||||||
; - On idle target with multiple core processors, the hijacked system call might take a while (> 5 minutes) to
|
; - On idle target with multiple core processors, the hijacked system call might take a while (> 5 minutes) to
|
||||||
; get call because system call is called on other processors.
|
; get call because system call is called on other processors.
|
||||||
|
; - Compiling shellcode with specific Windows version macro, corrupted buffer will be freed.
|
||||||
|
; This helps running exploit against same target repeatly more reliable.
|
||||||
; - The userland payload MUST be appened to this shellcode.
|
; - The userland payload MUST be appened to this shellcode.
|
||||||
;
|
;
|
||||||
; Reference:
|
; Reference:
|
||||||
|
|||||||
Reference in New Issue
Block a user