Remix clone Hacker News

new | show | ask | jobs Github

	▲	dcrazy 5 days ago
		I can’t find any mention online of the `SystemTokenInformation` enum member outside of this article, even in this otherwise very comprehensive collection of documented and undocumented values: https://www.geoffchappell.com/studies/windows/km/ntoskrnl/ap... Seems like SystemTokenInformation might be a very new addition, possibly even Windows 11 only?
	▲	musjleman 5 days ago \| parent \| next [-]
		I'm pretty sure it's just a small mistake in the article on the exact syscall used to query the token information. Checked a kernel from November 2024 vs a current one and from I can tell, this used to be the actual mechanism the exploit worked: `Thread #1 looping NtQueryInformationToken(TokenAccessInformation, InfoBuffer); Thread #2 looping Ptr = *(InfoBuffer + SidHashOffset); if (IsValidCanonicalKernelPtr(Ptr)) done`
	▲	voidsec 5 days ago \| parent \| prev [-]
		Sorry, the article was fixed with the right class and syscall names; somehow, it slipped past review.