Update README.md

merge-requests/1/head
_xeroxz 4 years ago
parent 7be51648ad
commit 07e09a9131

@ -7,16 +7,22 @@
# HMDM - Highly Modular Driver Mapper # HMDM - Highly Modular Driver Mapper
***
HMDM is a driver mapper which uses any method to allocate kernel memory and any method to copy kernel memory to map unsigned code into the windows kernel. This project is based off of physmeme and is what I intended on creating originally, but was unable to. This repo contains two examples of HMDM, one with VDM (Vulnerable Driver Manipulation of drivers exposing arbitrary physical memory read and write), and the other example using MSREXEC which uses any driver that can write to arbitrary MSR's to elevate to kernel execution. Besides VDM and MSREXEC, one could use any other method of executable kernel memory allocation and arbitrary kernel writes to interface with `drv::hmdm_ctx`. HMDM is a driver mapper which uses any method to allocate kernel memory and any method to copy kernel memory to map unsigned code into the windows kernel. This project is based off of physmeme and is what I intended on creating originally, but was unable to. This repo contains two examples of HMDM, one with VDM (Vulnerable Driver Manipulation of drivers exposing arbitrary physical memory read and write), and the other example using MSREXEC which uses any driver that can write to arbitrary MSR's to elevate to kernel execution. Besides VDM and MSREXEC, one could use any other method of executable kernel memory allocation and arbitrary kernel writes to interface with `drv::hmdm_ctx`.
### Getting Started ### Getting Started
***
In order to create a `drv::hmdm_ctx`, one must first declare two lambdas. One lambda for allocating executable kernel memory, and another lambda for arbitrary kernel writes. Programmers can use any vulnerabilities to facilitate these requirements. In order to create a `drv::hmdm_ctx`, one must first declare two lambdas. One lambda for allocating executable kernel memory, and another lambda for arbitrary kernel writes. Programmers can use any vulnerabilities to facilitate these requirements.
###### drv::kalloc_t - VDM Example #### VDM Example
*** ***
###### drv::kalloc_t - VDM Example
```cpp ```cpp
vdm::vdm_ctx vdm(_read_phys, _write_phys); vdm::vdm_ctx vdm(_read_phys, _write_phys);
drv::kalloc_t _kalloc = [&](std::size_t size) -> void* drv::kalloc_t _kalloc = [&](std::size_t size) -> void*
@ -33,10 +39,13 @@ drv::kalloc_t _kalloc = [&](std::size_t size) -> void*
}; };
``` ```
###### drv::kalloc_t - MSREXEC Example #### MSREXEC Example
*** ***
###### drv::kalloc_t - MSREXEC Example
***NOTE***: When using MSREXEC be aware that `vdm::msrexec_ctx::exec` returns void. This requires a programmer to make a nested lambda in order to obtain a result. ***NOTE***: When using MSREXEC be aware that `vdm::msrexec_ctx::exec` returns void. This requires a programmer to make a nested lambda in order to obtain a result.
```cpp ```cpp

Loading…
Cancel
Save