Update README.md

merge-requests/1/head
_xeroxz 4 years ago
parent b7b8ca242e
commit a164e2c9c0

@ -13,7 +13,40 @@ HMDM is a driver mapper which uses any method to allocate kernel memory and any
***
In order to create a `drv::hmdm_ctx`, one must first declare two lambdas. One lambda for allocating executable kernel memory, and another lambda for arbitrary kernel writes. Programmers can use any vulnerabilities to facilitate these requirements.
In order to create a `drv::hmdm_ctx`, one must first declare two lambdas. One lambda for allocating executable kernel memory, and another lambda for arbitrary kernel writes. Programmers can use any vulnerabilities to facilitate these requirements. Once both lambdas are defined one can create a `drv::hmdm_ctx`. Simply pass in both lambdas at the same time with a `static initializer`.
```cpp
drv::hmdm_ctx drv_mapper({ _kalloc, _kmemcpy });
// read driver off disk to be mapped...
drv::drv_buffer_t drv_buffer;
utils::open_binary_file(argv[1], drv_buffer);
// map driver into the kernel...
const auto [drv_base, drv_entry] = drv_mapper.map_module(drv_buffer);
```
***NOTE:*** `drv::hmdm_ctx` does not call the drivers entry. You must do this yourself using whatever method. This is easily done with VDM and MSREXEC.
```cpp
// calls driver entry point with MSREXEC...
// you can change the entry point params to fit your needs...
NTSTATUS result;
msrexec.exec([&result, drv_entry = drv_entry, drv_base = drv_base]
(void* krnl_base, get_system_routine_t get_kroutine) -> void
{
using drv_entry_t = NTSTATUS(*)(std::uintptr_t);
result = reinterpret_cast<drv_entry_t>(drv_entry)(drv_base);
});
```
```cpp
// calls driver entry point with VDM...
// you can change the entry point params to fit your needs...
const auto entry_result =
vdm.syscall<NTSTATUS(*)(std::uintptr_t)>(
reinterpret_cast<void*>(drv_entry), drv_base);
```
#### VDM Example

Loading…
Cancel
Save