|
|
|
|
|
|
by bdonlan
4987 days ago
|
|
|
I kind of get the feeling that the author doesn't really know what he's doing. The actual exploit code is a fragment of what looks like a 'hello world' sort of console IO test. The 0xC0000000 he goes on and on about is just GENERIC_READ | GENERIC_WRITE, which is a totally legal combination. And he disassembles his own code for no particularly good reason. Given all of this, it's not really a surprise that he's not clear on responsible disclosure policies (this doesn't really violate 'full disclosure policies' - he's fully disclosing it, after all!). It sounds like he was just playing around with things, found a way to crash his own machine by accident, and decided to post it online. I also note that the code is incomplete, and looks reasonably straightforward and correct from casual inspection. I wonder if the real cause is elsewhere? |
|
|
Also, the code is complete: check the tarball listed at the end of the page.