Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

24H2 checklist #2101

Open
14 tasks done
dmex opened this issue Jun 17, 2024 · 0 comments
Open
14 tasks done

24H2 checklist #2101

dmex opened this issue Jun 17, 2024 · 0 comments
Assignees
@dmex
Labels
bug

Comments

@dmex
Copy link
Collaborator

dmex commented Jun 17, 2024
edited
Loading

An inside look at Microsoft's development strategy for Windows 11:

IMAGE ALT TEXT HERE
https://www.youtube.com/watch?v=s99ZeamF7J0

Microsoft retuning null pointers for information classes has broken enumeration of handles, threads and other objects:

  • SystemModuleInformation (11) RTL_PROCESS_MODULE_INFORMATION RTL_PROCESS_MODULE_INFORMATION.DllBase
  • SystemLocksInformation (12) RTL_PROCESS_LOCK_INFORMATION RTL_PROCESS_LOCK_INFORMATION.Address
  • SystemHandleInformation (16) SYSTEM_HANDLE_INFORMATION SYSTEM_HANDLE_INFORMATION.Handles[N].Object
  • SystemObjectInformation (17) SYSTEM_OBJECT_INFORMATION SYSTEM_OBJECT_INFORMATION.Object
  • SystemExtendedHandleInformation (64) SYSTEM_HANDLE_INFORMATION_EX SYSTEM_HANDLE_INFORMATION_EX.Handles[N].Object
  • SystemBigPoolInformation (66) SYSTEM_BIGPOOL_INFORMATION SYSTEM_BIGPOOL_INFORMATION.AllocationInfo[N].VirtualAddress
  • SystemModuleInformationEx (77) RTL_PROCESS_MODULE_INFORMATION_EX RTL_PROCESS_MODULE_INFORMATION_EX.BaseInfo.ImageBase
  • SystemFullProcessInformation (148) SYSTEM_EXTENDED_THREAD_INFORMATION.StackBase
  • SYSTEM_EXTENDED_THREAD_INFORMATION.Win32StartAddress if the thread’s Win32StartAddress is a kernel address.
  • SYSTEM_EXTENDED_THREAD_INFORMATION.ThreadInfo.StartAddress
  • ProcessHandleTracing (32) PROCESS_HANDLE_TRACING_QUERY PROCESS_HANDLE_TRACING_QUERY.HandleTrace[N].Stacks
  • ProcessWorkingSetWatchEx (42) PROCESS_WS_WATCH_INFORMATION_EX
  • PROCESS_WS_WATCH_INFORMATION_EX.BasicInfo.FaultingPc
  • PROCESS_WS_WATCH_INFORMATION_EX.BasicInfo.FaultingVa

Steps to reproduce (optional)

Windows 11 - https://windows-internals.com/kaslr-leaks-restriction/

Expected behavior (optional)

Functional

Actual behavior (optional)

Non-functional

Environment (optional)

image
@dmex dmex self-assigned this Jun 17, 2024
@dmex dmex removed the needs-triage label Jun 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dmex dmex

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dmex