On Tue, 30 Oct 2001, Peter Viscarola wrote:
>You guys said a usermode app should not crash the system. But why the
following code does?
>Note: Don’t run it from ‘DOS’.
>
(I hate to even answer email like this, but here goes nothin’)Sorry, dude. I hate to admit that curiosity got the best of me, and I tried
this app. You know, I was thinkin’ “Maybe there’s something really clever
here that I’m missing.”Of course, it does not crash the system… not on Win2K and not on XP.
Then run it properly. If you run it from an existing CSRSS window, it
doesn’t crash (I think if you put more backspaces in, such that you walked
off the beginning of the buffer, it would eventually crash, but I’ve not
got the inclination to try), because it doesn’t offshoot the buffer.
If you double-click it in Explorer, it will crash. You might need more
backspaces, but it can certainly be made to crash CSRSS. The backspaces
simply seem to walk off the beginning of the array used to store the
buffer, and then write something to it.
I guess it depends what you mean by having a user-mode application crash
the system. In this case, the kernel is unharmed by the CSRSS crash, but
crashes the system deliberately because it can’t recover from having no
CSRSS process. It’s a kernel-mode crash, albeit induced by a user-mode
failure.
Does that count as a user-mode crash?
Aside from killing required user-mode processes (whether it be through
exploiting bugs in them, or opening the process itself and killing it),
AFAIK the only other real option available to user-mode applications is to
exploit a bug within genuine kernel-mode code.
One such example is something I’ve come across in Win2K and WinxP (source
http://drpizza.dyndns.org/downloads/crash.cpp), where Win32k.sys can be
provoked into crashing the system when taking a certain sequence of
steps. The user-mode application certainly induces a crash, but the flaw
resides within the kernel itself; the OS’s “no crashes from user-mode
applications” guarantee would rather presume that the kernel-mode software
itself didn’t crash.
–
Peter xxxxx@inkvine.fluff.org
http://www.inkvine.fluff.org/~peter/
logic kicks ass:
(1) Horses have an even number of legs.
(2) They have two legs in back and fore legs in front.
(3) This makes a total of six legs, which certainly is an odd number of
legs for a horse.
(4) But the only number that is both odd and even is infinity.
(5) Therefore, horses must have an infinite number of legs.
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com