__checkReturn bool NtUserMessageCallEscape( __in extinterface::CORE_PAYLOAD payloadId ) { if (!m_win32k) return false; if (!PatchMpFnidPfn()) return false; auto pwn_img = TeleportToKernel(); if (!pwn_img) return false; extinterface::PACKET packet; InitPacket(packet); #ifdef CFG return DoCfgAwareEscape(pwn_img, packet); #else return DoEscape(pwn_img, packet); #endif }
/* * Create a new SunliteOutputPort object */ SunliteOutputPort::SunliteOutputPort(SunliteDevice *parent, unsigned int id, libusb_device *usb_device) : BasicOutputPort(parent, id), m_term(false), m_new_data(false), m_usb_device(usb_device), m_usb_handle(NULL) { InitPacket(); }
oexBOOL CDataPacket::WritePacket(oexUINT x_uPacketType, oexUINT x_uDataType, oexCPVOID x_pData, oexUINT x_uData) { // Lock the buffer oexAutoLock ll( *this ); if ( !ll.IsLocked() ) return oexFALSE; // Initialize packet if ( !InitPacket( x_uPacketType, 1, x_uData ) ) return oexFALSE; // Add the users data if ( !AddPacketData( x_uDataType, x_pData, x_uData ) ) return oexFALSE; // Add end packet data return EndPacket(); }
HRESULT CStreamParser::ParseH264AnnexB(Packet *pPacket) { if (!m_pPacketBuffer) { m_pPacketBuffer = InitPacket(pPacket); } m_pPacketBuffer->Append(pPacket); BYTE *start = m_pPacketBuffer->GetData(); BYTE *end = start + m_pPacketBuffer->GetDataSize(); MOVE_TO_H264_START_CODE(start, end); while(start <= end-4) { BYTE *next = start + 1; MOVE_TO_H264_START_CODE(next, end); // End of buffer reached if(next >= end-4) { break; } size_t size = next - start; CH264Nalu Nalu; Nalu.SetBuffer(start, (int)size, 0); Packet *p2 = NULL; while (Nalu.ReadNext()) { Packet *p3 = new Packet(); p3->SetDataSize(Nalu.GetDataLength() + 4); // Write size of the NALU (Big Endian) AV_WB32(p3->GetData(), (uint32_t)Nalu.GetDataLength()); memcpy(p3->GetData() + 4, Nalu.GetDataBuffer(), Nalu.GetDataLength()); if (!p2) { p2 = p3; } else { p2->Append(p3); SAFE_DELETE(p3); } } if (!p2) break; p2->StreamId = m_pPacketBuffer->StreamId; p2->bDiscontinuity = m_pPacketBuffer->bDiscontinuity; m_pPacketBuffer->bDiscontinuity = FALSE; p2->bSyncPoint = m_pPacketBuffer->bSyncPoint; m_pPacketBuffer->bSyncPoint = FALSE; p2->rtStart = m_pPacketBuffer->rtStart; m_pPacketBuffer->rtStart = Packet::INVALID_TIME; p2->rtStop = m_pPacketBuffer->rtStop; m_pPacketBuffer->rtStop = Packet::INVALID_TIME; p2->pmt = m_pPacketBuffer->pmt; m_pPacketBuffer->pmt = NULL; m_queue.Queue(p2); if(pPacket->rtStart != Packet::INVALID_TIME) { m_pPacketBuffer->rtStart = pPacket->rtStart; m_pPacketBuffer->rtStop = pPacket->rtStop; pPacket->rtStart = Packet::INVALID_TIME; } if(pPacket->bDiscontinuity) { m_pPacketBuffer->bDiscontinuity = pPacket->bDiscontinuity; pPacket->bDiscontinuity = FALSE; } if(pPacket->bSyncPoint) { m_pPacketBuffer->bSyncPoint = pPacket->bSyncPoint; pPacket->bSyncPoint = FALSE; } if(m_pPacketBuffer->pmt) { DeleteMediaType(m_pPacketBuffer->pmt); } m_pPacketBuffer->pmt = pPacket->pmt; pPacket->pmt = NULL; start = next; } if(start > m_pPacketBuffer->GetData()) { m_pPacketBuffer->RemoveHead(start - m_pPacketBuffer->GetData()); } SAFE_DELETE(pPacket); do { pPacket = NULL; REFERENCE_TIME rtStart = Packet::INVALID_TIME, rtStop = rtStart = Packet::INVALID_TIME; std::deque<Packet *>::iterator it; for (it = m_queue.GetQueue()->begin(); it != m_queue.GetQueue()->end(); ++it) { // Skip the first if (it == m_queue.GetQueue()->begin()) { continue; } Packet *p = *it; BYTE* pData = p->GetData(); if((pData[4]&0x1f) == 0x09) { m_bHasAccessUnitDelimiters = true; } if ((pData[4]&0x1f) == 0x09 || (!m_bHasAccessUnitDelimiters && p->rtStart != Packet::INVALID_TIME)) { pPacket = p; if (p->rtStart == Packet::INVALID_TIME && rtStart != Packet::INVALID_TIME) { p->rtStart = rtStart; p->rtStop = rtStop; } break; } if (rtStart == Packet::INVALID_TIME) { rtStart = p->rtStart; rtStop = p->rtStop; } } if (pPacket) { Packet *p = m_queue.Get(); Packet *p2 = NULL; while ((p2 = m_queue.Get()) != pPacket) { p->Append(p2); SAFE_DELETE(p2); } // Return m_queue.GetQueue()->push_front(pPacket); Queue(p); } } while (pPacket != NULL); return S_OK; }
oexBOOL CDataPacket::vWriteMultiPacket( oexUINT x_uPacketType, oexUINT x_uBuffers, oexPVOID *x_pArgs ) { // Lock the buffer oexAutoLock ll( *this ); if ( !ll.IsLocked() ) return oexFALSE; // Variable params oexPVOID *ptrExtra = x_pArgs; // Calculate the total size needed oexUINT uTotalSize = 0, i; for ( i = 0; i < x_uBuffers; i++ ) { OEX_TRY // This could GPF if caller screws up { // oexUINT uType = *(oexUINT*)ptrExtra; // oexUCHAR *pPtr = *(oexUCHAR**)( ptrExtra + 1 ); oexUINT uSize = *(oexUINT*)( ptrExtra + 2 ); // Track the total size uTotalSize += uSize; // Skip these parameters ptrExtra += 3; } // end try OEX_CATCH_ALL { oexASSERT( 0 ); return oexFALSE; } } // end for // Initialize packet if ( !InitPacket( x_uPacketType, x_uBuffers, uTotalSize ) ) return oexFALSE; // Now add the data ptrExtra = x_pArgs; for ( i = 0; i < x_uBuffers; i++ ) { OEX_TRY // This could GPF if caller screws up { oexUINT uType = *(oexUINT*)ptrExtra; oexUCHAR *pPtr = *(oexUCHAR**)( ptrExtra + 1 ); oexUINT uSize = *(oexUINT*)( ptrExtra + 2 ); // Add the users data if ( !AddPacketData( uType, pPtr, uSize ) ) return oexFALSE; // Skip these parameters ptrExtra += 3; } // end try OEX_CATCH_ALL { oexASSERT( 0 ); return oexFALSE; } } // end for // Add end packet data return EndPacket(); }