You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I faced an error while compiling your PoC exploit for Win32k Local Privilege Escalation.
OS: macOS Big Sur
CC: x86_64-w64-mingw32-g++
uname: Darwin Ivans-MacBook-Air.local 20.1.0 Darwin Kernel Version 20.1.0: Sat Oct 31 00:07:10 PDT 2020; root:xnu-7195.50.7~2/RELEASE_ARM64_T8101 arm64
Command: x86_64-w64-mingw32-g++ ExploitTest.cpp
Error log:
ExploitTest.cpp: In function 'BOOL FindHMValidateHandle()':
ExploitTest.cpp:84:32: error: cast from 'BYTE*' {aka 'unsigned char*'} to 'unsigned int' loses precision [-fpermissive]
84 | unsigned int offset = ((unsigned int)pIsMenu - (unsigned int)hUser32) + addr;
| ^~~~~~~~~~~~~~~~~~~~~
ExploitTest.cpp:84:56: error: cast from 'HMODULE' {aka 'HINSTANCE__*'} to 'unsigned int' loses precision [-fpermissive]
84 | unsigned int offset = ((unsigned int)pIsMenu - (unsigned int)hUser32) + addr;
| ^~~~~~~~~~~~~~~~~~~~~
ExploitTest.cpp: In function 'HWND__* GuessHwnd(QWORD*, DWORD)':
ExploitTest.cpp:131:35: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
131 | hwndMagicWindow = (HWND)*(DWORD*)(qwBaseAddress - 0xc8);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ExploitTest.cpp: In function 'int main(int, _TCHAR**)':
ExploitTest.cpp:509:17: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
509 | (LPCWSTR)g_lpWcxMagic,
| ^~~~~~~~~~~~~~~~~~~~~
ExploitTest.cpp:663:24: warning: ISO C++ forbids converting a string constant to 'LPWSTR' {aka 'wchar_t*'} [-Wwrite-strings]
663 | si.lpDesktop = L"WinSta0\\Default";
| ^~~~~~~~~~~~~~~~~~~
ExploitTest.cpp:666:29: error: cannot convert '_TCHAR*' {aka 'char*'} to 'LPCWSTR' {aka 'const wchar_t*'}
666 | lstrcpyW(cmd, argv[1]);
| ~~~~~~^
| |
| _TCHAR* {aka char*}
In file included from /usr/local/Cellar/mingw-w64/9.0.0_2/toolchain-x86_64/x86_64-w64-mingw32/include/windows.h:70,
from ExploitTest.cpp:6:
/usr/local/Cellar/mingw-w64/9.0.0_2/toolchain-x86_64/x86_64-w64-mingw32/include/winbase.h:1446:64: note: initializing argument 2 of WCHAR* lstrcpyW(LPWSTR, LPCWSTR)'
1446 | WINBASEAPI LPWSTR WINAPI lstrcpyW (LPWSTR lpString1, LPCWSTR lpString2);
| ~~~~~~~~^~~~~~~~~
ExploitTest.cpp: In function 'DWORD64 g_newxxxClientFreeWindowClassExtraBytes(DWORD64*)':
ExploitTest.cpp:164:1: warning: control reaches end of non-void function [-Wreturn-type]
164 | }
| ^
The text was updated successfully, but these errors were encountered:
Hello ,
I was having the same issues until I ran the project in Microsoft Visual Studio 2022 Community Edition. After installing the Desktop C++ packages I opened up the project file (ExploitTest.vcxproj). If you are asked to re-target the project accept the defaults and click OK.
Once the project loads make sure you are set for x64 in the debug drop down. If you are set for x86 you will get a compile error for an unknown symbol r10.
Click Build --> Build Solution there will be some warnings but a successful build will be found in the \x64\Debug directory.
Note if the system has the January updates this Exploit will hang and not complete. Once you remove those updates it will run perfectly.
Hello, @KaLendsi
I faced an error while compiling your PoC exploit for Win32k Local Privilege Escalation.
OS:
macOS Big Sur
CC:
x86_64-w64-mingw32-g++
uname
:Darwin Ivans-MacBook-Air.local 20.1.0 Darwin Kernel Version 20.1.0: Sat Oct 31 00:07:10 PDT 2020; root:xnu-7195.50.7~2/RELEASE_ARM64_T8101 arm64
Command:
x86_64-w64-mingw32-g++ ExploitTest.cpp
Error log:
The text was updated successfully, but these errors were encountered: