Tags archives: exploit

 

 

 

 

 

 

 

 

 

0

Microsoft Windows Kernel Pool Address Derivation

The OpenType ATMFD.DLL kernel-mode font driver on Windows has an undocumented “escape” interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications […]

The post Microsoft Windows Kernel Pool Address Derivation appeared first on MondoUnix.