I modified the source code to allow Integer Overflow exploitation on x64

[viniciusmarangoni]

Hi,

I was interested in playing the Integer Overflow challenge running on a Windows 10 (x64). Unfortunately, the binary generated by the original source code uses a 64-bit register when performing the sum Size + TerminatorSize and the integer overflow cannot be achieved.

I have modified the code to allow the integer overflow to occur on 64-bit by using an ULONG (4 bytes) variable to store the sum result.

I'm opening this as an issue instead of submitting a pull request because the modified code is not as "elegant" as the original one.

ULONG TmpSize = 0;

[...]

        TmpSize = (ULONG) (Size + TerminatorSize);
        if (TmpSize > sizeof(KernelBuffer))
        {
            DbgPrint("[-] Invalid UserBuffer Size: 0x%X\n", Size);

            Status = STATUS_INVALID_BUFFER_SIZE;
            return Status;
        }

[...]

[hacksysteam]

Hi @viniciusmarangoni

Thank you so much for the bug report. I'll look into it ASAP.

Cheers

[hacksysteam]

Hi @viniciusmarangoni

We had a similar bug report in the past. #39

Can you check the pull request and see if helps.