run code in an address space not associated with a process.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
_xeroxz 120d9c8168
Update README.md
4 years ago
hyperspace idk what i added but its done 4 years ago
img init commit 4 years ago
LICENSE init commit 4 years ago
README.md Update README.md 4 years ago
hyperspace.sln init commit 4 years ago

README.md

hyperspace

run code in a address space not associated with a process. The thread schedular loads CR3 with KTHREAD->ApcState->Process->DirectoryTableBase. You can make a clone of a KPROCESS structure and change DirectoryTableBase to your new address space. DirectoryTableBase contains a CR3 value just FYI... its not just a physical address...

KTHREAD, KAPC_STATE, KPROCESS

struct _KPROCESS
{
    struct _DISPATCHER_HEADER Header;                                       //0x0
    struct _LIST_ENTRY ProfileListHead;                                     //0x18
    ULONGLONG DirectoryTableBase;                                           //0x28 <---- put new CR3 value here...
    struct _LIST_ENTRY ThreadListHead;                                      //0x30
    ULONG ProcessLock;                                                      //0x40
    // ... etc ...
};

struct _KAPC_STATE
{
    struct _LIST_ENTRY ApcListHead[2];                                      //0x0
    struct _KPROCESS* Process;                                              //0x20 <----- swap this with new fake KPROCESS...
    union
    {
        UCHAR InProgressFlags;                                              //0x28
        struct
        {
            UCHAR KernelApcInProgress:1;                                    //0x28
            UCHAR SpecialApcInProgress:1;                                   //0x28
        };
    };
};

struct _KTHREAD
{
    struct _DISPATCHER_HEADER Header;                                       //0x0
    VOID* SListFaultAddress;                                                //0x18
    ULONGLONG QuantumTarget;                                                //0x20
    
    // ... etc ...
    
    struct _KTRAP_FRAME* TrapFrame;                                         //0x90
    union
    {
        struct _KAPC_STATE ApcState;                                        //0x98
        struct
        {
            UCHAR ApcStateFill[43];                                         //0x98
            CHAR Priority;                                                  //0xc3
            ULONG UserIdealProcessor;                                       //0xc4
        };
    };
};