[转载]Windows Local Shellcode Injection

信息来源：http://www.argeniss.com/
文章作者：Cesar Cerrudo (cesar>.at.<argeniss>.dot.<com)

This paper describes a new technique to create 100% reliable local exploits for Windows operating systems, the technique uses some Windows operating systems design weaknesses that allow low privileged processes to insert data on almost any Windows processes no matter if they are running under high privileges. We all know that local exploitation is much easier than remote exploitation but it has some difficulties. After a brief introduction and a description of the technique, a couple of samples will be provided so the reader will be able to write his/her own exploits.