@ -11,14 +11,6 @@ Before I begin, those who helped me create this project shall be credited.
Given ANY map/unmap (read/write) of physical memory, one can now systematically map unsigned code into ones kernel.
Many drivers expose this primitive and now can all be exploited by simply coding a few functions.
# WARNING
All anti virus softwares must be disabled/uninstalled avast specically... they hook the system service dispatch table with their HV and prevent physmeme from working...
### What versions of windows does this mapper support?
This mapper should work without any issues for pretty much all versions of relevant windows. Tested on windows 10 (1803-1909), but should support all the way back to vista.
### What drivers support physical read/write?
Any driver exposing MmMapIoSpace/MmUnmapIoSpace or ZwMapViewOfSection/ZwUnmapViewOfSection can be exploited. This means bios flashing utils, fan speed utils
@ -46,98 +38,6 @@ Less then one second. For each physical memory range I create a thread that maps
In other words... its very fast, you wont need to worry about waiting to find the correct page.
# How to use
There are four functions that need to be altered to make this mapper work for you. I will cover each one by one. These functions are defined inside of a `physmeme.hpp` and need
to stay inside of this file. This allows people to make different `physmeme.hpp` files for each driver they want to abuse. Modular code.
When writing your driver you will need a custom entry point just like every other driver mapper.
### `HANDLE load_drv()`
Load driver must take zero parameters and return a handle to the driver. Here is an example of this:
```cpp
/*
please code this function depending on your method of physical read/write.
This function must take the virtual address of the mapping (the address returned from map_phys) and the size that was mapped. If this function is unable to free the memory
you will blue screen because you will run out of ram (happend a few times to me).
```cpp
/*
please code this function depending on your method of physical read/write.