From a7e3f4667f5478f48a7ec863cdc788f0da7578cb Mon Sep 17 00:00:00 2001 From: xerox Date: Sun, 19 Apr 2020 22:28:23 +0000 Subject: [PATCH] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2691c50..fabc521 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ auto syscall_page_offet = rva % 0x1000; Now that we know that the syscalls bytes are going to be that far into the physical page we can map each physical page into our process 512 at a time (2mb) and then check the page + page_offset and compare with the syscalls bytes. After we have the syscalls page mapped into our process we can pretty much call any function inside -of the kernel simply by installing an inline hook into that mapped page and then calling into the syscall. This is what kdmapper does. +of the kernel simply by installing an inline hook into that mapped page and then calling into the syscall.