HMDM is a driver mapper which uses any method to allocate kernel memory and any method to copy kernel memory to map unsigned code into the windows kernel. This project is based off of [physmeme](https://githacks.org/_xeroxz/physmeme) and is what I intended on creating originally, but was unable to. This repo contains two examples of HMDM, one with [VDM](https://githacks.org/_xeroxz/vdm) (Vulnerable Driver Manipulation of drivers exposing arbitrary physical memory read and write), and the other example using [MSREXEC](https://githacks.org/_xeroxz/msrexec) which uses any driver that can write to arbitrary MSR's to elevate to kernel execution. Besides [VDM](https://githacks.org/_xeroxz/vdm) and [MSREXEC](https://githacks.org/_xeroxz/msrexec), one could use any other method of executable kernel memory allocation and arbitrary kernel writes to interface with `drv::hmdm_ctx`.
HMDM is a driver mapper which uses any method to allocate kernel memory and any method to copy kernel memory to map unsigned code into the windows kernel. This project is based off of [physmeme](https://githacks.org/_xeroxz/physmeme) and is what I intended on creating originally, but was unable to. This repo contains two examples of HMDM, one with [VDM](https://githacks.org/_xeroxz/vdm) (Vulnerable Driver Manipulation of drivers exposing arbitrary physical memory read and write), and the other example using [MSREXEC](https://githacks.org/_xeroxz/msrexec) which uses any driver that can write to arbitrary MSR's to elevate to kernel execution. Besides [VDM](https://githacks.org/_xeroxz/vdm) and [MSREXEC](https://githacks.org/_xeroxz/msrexec), one could use any other method of executable kernel memory allocation and arbitrary kernel writes to interface with `drv::hmdm_ctx`.
* [MSREXEC](https://githacks.org/_xeroxz/msrexec) - Elevate Arbitrary MSR Writes To Kernel Execution
* [physmeme](https://githacks.org/_xeroxz/physmeme) - systematic exploitation of physical read/write to map unsigned code into the kernel.
* [PSKDM](https://githacks.org/_xeroxz/PSKDM) - Process-Context Specific Kernel Driver Mapper
* [kdmapper](https://github.com/z175/kdmapper) - KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
* [drvmap](https://github.com/not-wlan/drvmap) - Driver Mapper which uses capcom.sys
* [gdrv-loader](https://github.com/alxbrn/gdrv-loader) - Driver Loader which disables DSE using gdrv.sys
### Driver Requirements
### Driver Requirements
Driver must be compiled with /GS- and control flow guard disabled. These settings are located in C/C++ --> Code Generation ---> Security Check/Control Flow Guard. The driver
Driver must be compiled with /GS- and control flow guard disabled. These settings are located in C/C++ --> Code Generation ---> Security Check/Control Flow Guard. The driver