Update README.md

merge-requests/5/head
IDontCode 4 years ago
parent 7959c55f38
commit 60e725a668

@ -7,10 +7,6 @@
<img src="https://githacks.org/xerox/nasa-mapper/-/raw/baa56396025feca63e9fa85b7fc8c89efa34b45a/img/Windows%2010-Supported-green.svg"/> <img src="https://githacks.org/xerox/nasa-mapper/-/raw/baa56396025feca63e9fa85b7fc8c89efa34b45a/img/Windows%2010-Supported-green.svg"/>
</div> </div>
# credit
* buck#0001 - contributed to nasa-tables which is inherited in this project...
# PSKDM (Process-Context Specific Kernel Driver Mapper) # PSKDM (Process-Context Specific Kernel Driver Mapper)
Map a driver into specific processes only, with zero allocations in the kernel. The driver is allocated in a suspended runtimebroker.exe which is created with the sole Map a driver into specific processes only, with zero allocations in the kernel. The driver is allocated in a suspended runtimebroker.exe which is created with the sole
@ -39,4 +35,8 @@ processes pointing at the allocated driver in the runtimebroker, thus mapping th
Keeping your driver out of the kernels paging tables. Most driver mappers map a driver into a kernel pool (ExAllocatePool). Physmeme, Kdmapper, Drvmapper, all do this, its easily Keeping your driver out of the kernels paging tables. Most driver mappers map a driver into a kernel pool (ExAllocatePool). Physmeme, Kdmapper, Drvmapper, all do this, its easily
detected and easy to dump. This keeps your driver inside of your context :) detected and easy to dump. This keeps your driver inside of your context :)
I guess you can call this physmeme v2? You can use any driver that exposes physical memory read/write with this driver mapper, simply replace the vulnerable driver inside of raw_driver.hpp. I guess you can call this physmeme v2? You can use any driver that exposes physical memory read/write with this driver mapper, simply replace the vulnerable driver inside of raw_driver.hpp.
# credit
* buck#0001 - contributed to nasa-tables which is inherited in this project...
Loading…
Cancel
Save