Browse Source

Update README.md

merge-requests/5/head
IDontCode 2 years ago
parent
commit
60e725a668
  1. 10
      README.md

10
README.md

@ -7,10 +7,6 @@
<img src="https://githacks.org/xerox/nasa-mapper/-/raw/baa56396025feca63e9fa85b7fc8c89efa34b45a/img/Windows%2010-Supported-green.svg"/>
</div>
# credit
* buck#0001 - contributed to nasa-tables which is inherited in this project...
# PSKDM (Process-Context Specific Kernel Driver Mapper)
Map a driver into specific processes only, with zero allocations in the kernel. The driver is allocated in a suspended runtimebroker.exe which is created with the sole
@ -39,4 +35,8 @@ processes pointing at the allocated driver in the runtimebroker, thus mapping th
Keeping your driver out of the kernels paging tables. Most driver mappers map a driver into a kernel pool (ExAllocatePool). Physmeme, Kdmapper, Drvmapper, all do this, its easily
detected and easy to dump. This keeps your driver inside of your context :)
I guess you can call this physmeme v2? You can use any driver that exposes physical memory read/write with this driver mapper, simply replace the vulnerable driver inside of raw_driver.hpp.
I guess you can call this physmeme v2? You can use any driver that exposes physical memory read/write with this driver mapper, simply replace the vulnerable driver inside of raw_driver.hpp.
# credit
* buck#0001 - contributed to nasa-tables which is inherited in this project...
Loading…
Cancel
Save