How to run userland code from the kernel on Windows – Version 2.0

Introduction 2 years ago, Thierry F. wrote an article in this blog about a technique that could allow a driver to inject a DLL in a process (https://thisissecurity.net/2014/04/08/how-to-run-userland-code-from-the-kernel-on-windows/). This was based on the reverse engineering of the field PEB.KernelCallbackTable, which is untyped and completely undocumented. You may have discovered, through the article mentioned above that,... Continue Reading →

Blog at WordPress.com.

Up ↑