Update README.md

merge-requests/1/head
xerox 5 years ago
parent 603d66c502
commit 6b9bfe03e9

@ -2,7 +2,7 @@
Before I begin, those who helped me create this project shall be credited. Before I begin, those who helped me create this project shall be credited.
- Can1357, for helping me find the correct page in physical memory. - [Can1357](https://blog.can.ac), for helping me find the correct page in physical memory.
- buck, for teaching me everything about paging tables. (although not used in this project) - buck, for teaching me everything about paging tables. (although not used in this project)
- Ch40zz, for helping me fix many issues in things I could never have fixed. - Ch40zz, for helping me fix many issues in things I could never have fixed.
- wlan, I used your drv_image class :) - wlan, I used your drv_image class :)
@ -164,3 +164,28 @@ NTSTATUS DriverEntry(PVOID lpBaseAddress, DWORD32 dwSize)
} }
``` ```
# System Crash Probability
I made a small test to see the average amount of times you could hook `NtTraceControl` and call into it before having another thread call into it at the same time or patch guard
detecting you have patched code in ntoskrnl. Here are the results:
- 6,004 calls
- 2,194 calls
- 6,897 calls
- 679 calls
- 17,159 calls
- 4,140 calls
`6004 + 2194 + 6897 +679 + 17159 + 4140 = 37073`
`37073 / 6 = 6178.83333333`
On average one in every 6,178 syscalls will another thread call into the function that is currently hooked. It takes three syscalls to map a driver if you are clearing the pe header.
`6,178 / 3 = 2059`
So on average one in every 2,059 drivers mapped you will crash once.
`2059 / 3 = 686`
If you were to use physmeme to load your driver three times a day it would take on average 686 days to crash your system.
Loading…
Cancel
Save