‘Exploiting Windows Device Drivers’
‘The original article can be found at: http://pb.specialised.info/all/articles/ewdd.pdf‘
Device driver vulnerabilities are increasingly becoming a major threat to the security of Windows and other operating systems. It is a relatively new area, thus very few technical papers covering this subject are available. To the author’s knowledge, the first windows device driver attack was presented by SEC-LABS team in the ‘Win32 Device Drivers Communication Vulnerabilities’ whitepaper.
This publication presented useful technique of drivers exploitation and layed a ground for further research. Second publication surely worth to mention is the article by Barnaby Jack, titled ‘Remote Windows Kernel Exploitation Step into the Ring 0′.
Due to lack of technical paper on the discussed subject, Piotr Bania decided to share results of his own research. In this paper a device driver exploitation technique will be introduced, provide detailed description of techniques used and include full exploit code with sample vulnerable driver code for tests.
The reader should be familiar with IA-32 assembly and have previous experience with software vulnerability exploitation. Plus, it is highly recommended to read the two previously mentioned whitepapers.’