> This is a bug in lsadump2 - there's a type mismatch in one of the > functions, although I forget which one. Something is a pointer which > shouldn't be, or vice versa. Once you fix that, it'll be good to go.
Are you sure about that ? After investigating deeper, I found several problems in LSADUMP2 : - Buffers too small (300 bytes for the smallest) - Allocated memory not flagged as executable (that is why LSADUMP2 is not compatible with the NX flag) - Reuse of freed memory Here is a small patch that has been tested sucessfully on Windows XP SP2 with DEP "AlwaysOn" enabled (where LSADUMP2 failed). Regards, - Nicolas RUFF Security researcher @ EADS-CCR --------------------------------------------------------------- diff lsadump2/dumplsa.c lsadump3/dumplsa.c 34a35 > #define BUF_SIZE 1024 110c111 < char szBuffer[1000]; --- > char szBuffer[BUF_SIZE]; 137c138 < TCHAR szBuffer[300]; --- > TCHAR szBuffer[BUF_SIZE]; 189c190 < WCHAR wszSecret[500]; --- > WCHAR wszSecret[BUF_SIZE]; 230c231 < char szSecret[500]; --- > char szSecret[BUF_SIZE]; 242a244 > lsaData = NULL; diff lsadump2/lsadump2.c lsadump3/lsadump2.c 261c261 < MEM_COMMIT, PAGE_READWRITE); --- > MEM_COMMIT, PAGE_EXECUTE_READWRITE); _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
