Show threadCindʎ Xiao 🍉Jul 9, 2023

Both win32kbase_rs.sys and win32kfull_rs.sys from Windows 11 Insider Preview 25357.1 are indexed for download now on Winbindex as well!

https://winbindex.m417z.com/?arch=insider&file=win32kbase_rs.sys
https://winbindex.m417z.com/?arch=insider&file=win32kfull_rs.sys

You can find both the x64 version and the ARM64 version available for download there.

#rust #rustlang #windows #microsoft #win32k #reversing #reverseengineering

Winbindex - The Windows Binaries Index

An index of Windows binaries, including download links for executables such as exe, dll and sys files

Show threadCindʎ Xiao 🍉Jun 23, 2023

Starting to reverse the actual Win32k GDI Rust structures inside win32kbase_rs now too...

Mostly trying to figure out REGION_CORE and friends. I think this rgncore::RegionCore::intersects function was a simple place to start and looks OK so far???

#rust #rustlang #windows #microsoft #reversing #reverseengineering #win32k

Show threadCindʎ Xiao 🍉Jun 22, 2023

Another win32k Rust diagram here, showing how calling the C function NtGdiPtInRegion (exported from win32kbase) ends up calling in to the Rust function rgncore::RegionCore::contains_point (inside win32kbase_rs) !

There's a "shim" function named Win32kRS::RegionCore_bInside_point inside win32kbase that takes care of actually calling into the Rust function exports table. There's a whole bunch more of these new functions, one for each exported function from the Rust code, under the namespace Win32kRS.

#rust #rustlang #windows #reversing #reverseengineering #microsoft #win32k

Show threadDaniel Paoliello Apr 25, 2023
@[email protected] Woot! The #Rust port of (parts of) #win32k is now public! Coming to an Insider build... Soon 😉
ITSEC NewsFeb 8, 2022
Microsoft Patch Tuesday, February 2022 Edition - Microsoft today released software updates to plug security holes in its Windows o... https://krebsonsecurity.com/2022/02/microsoft-patch-tuesday-february-2022-edition/ #andrewcunningham #cve-2022-21989 #cve-2022-21996 #cve-2022-22005 #recordedfuture #immersivelabs #printspooler #timetopatch #arstechnica #gregwiseman #allanliska #kevinbreen #rapid7 #win32k
Microsoft Patch Tuesday, February 2022 Edition – Krebs on Security

dispatchFeb 8, 2022
Microsoft Patch Tuesday, February 2022 Edition https://krebsonsecurity.com/2022/02/microsoft-patch-tuesday-february-2022-edition/ #AndrewCunningham #CVE-2022-21989 #CVE-2022-21996 #CVE-2022-22005 #RecordedFuture #ImmersiveLabs #PrintSpooler #TimetoPatch #ArsTechnica #GregWiseman #AllanLiska #KevinBreen #Rapid7 #Win32k
Microsoft Patch Tuesday, February 2022 Edition – Krebs on Security

ITSEC NewsApr 5, 2020
‘Zombie’ Windows win32k bug reanimated by researcher - Dozens of bugs in a core Windows API could enable attackers to elevate their privileges in the ope... more: https://nakedsecurity.sophos.com/2020/04/03/zombie-windows-win32k-bug-reanimated-by-researcher/ #operatingsystems #windowsapi #kernelbug #windows #win32k #zombie
‘Zombie’ Windows win32k bug reanimated by researcher

Dozens of bugs in a core Windows API could enable attackers to elevate their privileges in the operating system.

Naked Security