Paging Table Manipulation From Usermode
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
_xeroxz 862bffec32 Update README.md 1 year ago
PTM fixed some issues with how i read/write phys 1 year ago
img updated icon 2 years ago
LICENSE init commit 2 years ago
PTM.pdf research paper for this project... 1 year ago
PTM.sln updated readme 2 years ago
README.md Update README.md 1 year ago

README.md

PTM - Paging Table Manipulation From Usermode

paging table manipulation from user-mode. operations such as getting and setting all paging table entries and values are offered. the code is aware of large pages. Link to write up can be found here.

example

vdm::read_phys_t _read_phys = 
	[&](void* addr, void* buffer, std::size_t size) -> bool
{
	return vdm::read_phys(addr, buffer, size);
};

vdm::write_phys_t _write_phys =
	[&](void* addr, void* buffer, std::size_t size) -> bool
{
	return vdm::write_phys(addr, buffer, size);
};

vdm::vdm_ctx vdm(_read_phys, _write_phys);
nasa::mem_ctx my_proc(vdm);

const auto ntoskrnl_base =
    reinterpret_cast<void*>(
	    util::get_kmodule_base("ntoskrnl.exe"));

const auto ntoskrnl_pde = my_proc.get_pde(ntoskrnl_base);
std::printf("[+] pde.present -> %d\n", ntoskrnl_pde.second.present);
std::printf("[+] pde.pfn -> 0x%x\n", ntoskrnl_pde.second.pfn);
std::printf("[+] pde.large_page -> %d\n", ntoskrnl_pde.second.large_page);
[+] pde.present -> 1
[+] pde.pfn -> 0x10400
[+] pde.large_page -> 1
[+] press any key to close...

table entry manipulation

  • get/set pml4e's
  • get/set pdpte's
  • get/set pde's
  • get/set pte's

table manipulation

  • copy table
  • make self referencing table.

virtual memory

  • convert virtual addresses to physical addresses
  • get table entries for a given address
  • change table entries for a given address

credit

  • buck#0001 - inspiration for most of this.
  • Ch40zz - helping me connect the dots.

related work