* buck#0001 - contributed to nasa-tables which is inherited in this project...
# PSKDM (Process-Context Specific Kernel Driver Mapper)
# PSKDM (Process-Context Specific Kernel Driver Mapper)
Map a driver into specific processes only, with zero allocations in the kernel. The driver is allocated in a suspended runtimebroker.exe which is created with the sole
Map a driver into specific processes only, with zero allocations in the kernel. The driver is allocated in a suspended runtimebroker.exe which is created with the sole
@ -39,4 +35,8 @@ processes pointing at the allocated driver in the runtimebroker, thus mapping th
Keeping your driver out of the kernels paging tables. Most driver mappers map a driver into a kernel pool (ExAllocatePool). Physmeme, Kdmapper, Drvmapper, all do this, its easily
Keeping your driver out of the kernels paging tables. Most driver mappers map a driver into a kernel pool (ExAllocatePool). Physmeme, Kdmapper, Drvmapper, all do this, its easily
detected and easy to dump. This keeps your driver inside of your context :)
detected and easy to dump. This keeps your driver inside of your context :)
I guess you can call this physmeme v2? You can use any driver that exposes physical memory read/write with this driver mapper, simply replace the vulnerable driver inside of raw_driver.hpp.
I guess you can call this physmeme v2? You can use any driver that exposes physical memory read/write with this driver mapper, simply replace the vulnerable driver inside of raw_driver.hpp.
# credit
* buck#0001 - contributed to nasa-tables which is inherited in this project...
IDontCode
4 years ago