Informative Information for the Uninformed | ||||||||||||||
|
||||||||||||||
Next: Thread Spinning
Up: Payload Components
Previous: SharedUserData SystemCall Hook
  Contents
Recovery
Another distinction between kernel-mode vulnerabilities and
user-mode vulnerabilities is that it is not safe to simply let the
kernel crash. If the kernel crashes, the box will blue screen and
the payload that was transmitted may not even get a chance to run.
As such, it is necessary to identify ways in which normal execution
can be resumed after a kernel-mode vulnerability has been triggered.
However, like most things in the kernel, the recovery method that
can be used is highly dependent on the vulnerability in question, so
it makes sense to have a few possible approaches. Chances are,
though, that the methods listed in this document will not be enough
to satisfy every situation and in many cases may not even be the
most optimal. For this reason, kernel-mode exploit writers are
encouraged to research more specific recovery methods when
implementing an exploit. Regardless of these concerns, this section
describes the general class of recovery payloads and
identifies scenarios in which they may be most useful.
Subsections |