[01] HEVD two-machine debugging environment to build
0x00 Foreword
Recently started learning Windows kernel vulnerability, refer to a lot of blog and other information, I decided to share while studying the whole process of analysis. Novice, if wrong, please correct me.
The whole learning mainly HEVD ( HackSysExtremeVulnerableDriver
) project-based, it is
a kernel driver vulnerabilities exist, there are several loopholes which, by ControlCode control type of vulnerability, drivers of this project covers almost all kernel vulnerabilities that may exist, from the most basic stack overflow, overflow to the pool, after the release of reuse, etc. type, is a very good project.
Experimental environment: Win10 Professional Edition VMware Workstation 15 Pro + + Win7
x86 SP1
Experimental Tools: VS2015 + Windbg + KmdManager + DbgViewer
0x01 set up dual-debugging environment
With the environment it is really hard, but did not sloppy, otherwise affect the work behind it.
VMware+win7
First, go to
the official website
to download the VMware product, follow the prompts to install it. For serial number, the serial number can be online.
When finished, double click to open, like this:
Configure the virtual machine, when the future with mirroring and virtual environment, direct
information and guidance
can not be repeated here.
Successful start, only to find a familiar interface:
Windbg
Kernel debugger, is inseparable from Windbg, you first need to download and install the SDK, directly to
the official website to download
installation.
After installation, you need to configure the virtual machine and the host serial port to communicate to debug, drawing on previous experience , we can quickly complete the configuration.
配置完成后,当我们打开调试模式后,windbg显示如下,及说明配置成功。
<wiz_code_mirror>
1
tips:安装完成后,可以保存快照,这样大大加速每次虚拟机开机效率。
编译驱动程序
我们需要安装Visual Studio 2015以及最新的SDK。还要安装Windows驱动程序工具包(WDK)。具体安装步骤可参考教程,安装完成后,下载项目。解压,打开Driver中的HEVD.sln文件,如下:
编译前,需要设置项目属性:
右键-属性-C/C++ - 警告等级 设置为等级3(/W3)
将警告视为错误 改为 否(/WX-)
-代码生成 -安全检查 改为 禁用安全检查(/GS-)
-链接器 - 将连接器警告视为错误 改为 否(/WX:NO)
-Driver Settings - Target OS Version 改为Windows 7
然后编译,如下所示,即生成驱动文件。
多说一点,我第一次操作时,发现了编译不能成功,出现如下错误:
error : Invalid argument <HEVD.crt> for property <TestCertificate>.
经过长时间的查找资料,最终发现了解决方案,感谢
海歌也疯狂的方法!
0x02 关于工具:
很多人都在用OSRLoader,我个人使用的是KmdManger和DbgViewer,有需要的可以点击下载。
提取码:kooc
后面将开始对内核常见漏洞类型进行分析和学习,冲鸭!
