Hi!
BUFFER OVERFLOW result stack trace is
"Frame","Module","Location","Address","Path"
"0","FLTMGR.SYS","FltDecodeParameters +
0x1c5d","0xfffff8019f72555d","C:\Windows\System32\drivers\FLTMGR.SYS"
"1","FLTMGR.SYS","FltDecodeParameters +
0x17bc","0xfffff8019f7250bc","C:\Windows\System32\drivers\FLTMGR.SYS"
"2","FLTMGR.SYS","FltDecodeParameters +
0x1328","0xfffff8019f724c28","C:\Windows\System32\drivers\FLTMGR.SYS"
"3","FLTMGR.SYS","FltDecodeParameters +
0x111e","0xfffff8019f724a1e","C:\Windows\System32\drivers\FLTMGR.SYS"
"4","ntoskrnl.exe","IofCallDriver +
0x59","0xfffff80051856109","C:\Windows\system32\ntoskrnl.exe"
"5","ntoskrnl.exe","KeIsAttachedProcess +
0xf3","0xfffff80051929343","C:\Windows\system32\ntoskrnl.exe"
"6","ntoskrnl.exe","NtQueryInformationFile +
0x492","0xfffff80051e8b5c2","C:\Windows\system32\ntoskrnl.exe"
"7","ntoskrnl.exe","setjmpex +
0x7905","0xfffff800519e6705","C:\Windows\system32\ntoskrnl.exe"
"8","<unknown>","0x7ffc7a17f9e4","0x7ffc7a17f9e4",""
"9","<unknown>","0x7ffc7639af04","0x7ffc7639af04",""
"10","<unknown>","0x7ffc7728fe86","0x7ffc7728fe86",""
"11","<unknown>","0x7ffc7728f622","0x7ffc7728f622",""
"12","<unknown>","0x7ffc77290a46","0x7ffc77290a46",""
"13","<unknown>","0x14048ccca","0x14048ccca",""
"14","<unknown>","0x14009463b","0x14009463b",""
"15","<unknown>","0x140094365","0x140094365",""
"16","<unknown>","0x14008e541","0x14008e541",""
"17","<unknown>","0x140286f46","0x140286f46",""
"18","<unknown>","0x1400a17ca","0x1400a17ca",""
"19","<unknown>","0x1402923cb","0x1402923cb",""
"20","<unknown>","0x1401b95c0","0x1401b95c0",""
"21","<unknown>","0x14049f304","0x14049f304",""
"22","<unknown>","0x7ffc77bb7974","0x7ffc77bb7974",""
"23","<unknown>","0x7ffc7a13a2d1","0x7ffc7a13a2d1",""
It looks like too small buffer is passed to NtQueryInformationFile .
Andrus.
