четверг, 30 июня 2016 г.

tcpip port pools in fresh windows 10 builds

It seems that old good TcpPortPool & UdpPortPool were removed since est. build 14251 and were replaced with more complex structure stored in TcpCompartmentSet & UdpCompartmentSet

Lets see how we can get access to port pools
from InetCreatePortPool:
  push  50506E49h                       ; Tag
  push  26A8h                           ; NumberOfBytes
  mov   edi, ecx
  mov   esi, edx
  push  200h                            ; PoolType
  mov   [ebp+var_4], edi
  call  ds:__imp__ExAllocatePoolWithTag@12


some memory was alloced with tag InPP. Time for windbg