Ptm
Posts tagged: "PTM"
Voyager - A Hyper-V Hacking Framework
Voyager is a Hyper-V hijacking project based upon existing Hyper-V hijacking work by cr4sh which aims to extend the usability to AMD and earlier Windows 10 versions. This project however does not support secure boot or legacy bios yet. I would highly suggest checking out cr4sh's work on Hyper-V as this project is almost entirely based upon it with some minor differences in inject techniques...
Hyperspace - Hidden Address Spaces
On Windows, each process has its own virtual address space. The CR3 value loaded into a logical processor is located inside of the KPROCESS structure...
Reverse Injector - Merging Address Spaces
The bottom 256 PML4E's are what map all code, data, and stacks. The 256th PML4E maps modules such as ntdll.dll, and other loaded modules. As you can foresee, some PML4E index's overlap. In order to handle overlapping PML4E's, Reverse Injector simply finds empty PML4E's and inserts the remote PML4E's into them.
PTM - Page Table Manipulation From Usermode
PTM is a Windows 10 C++ library that allows a programmer to manipulate all memory, physical, and virtual from user-mode. The project inherits an interface from VDM allowing the use of a physical memory read-write primitive to fuel this project. VDM is used solely to configure the page tables in such a way that PTM can manage them from user-mode. Once the page tables are configured for PTM VDM is no longer required. However, VDM can inherit an instance of PTM as a means to read and write physical memory. Both VDM and PTM work extremely well together and independently from each other.
PSKP - Process-Context Specific Kernel Patch
Knowing that PML4(E)'s of the kernel are not globally mapped, one could rebuild the paging tables for a given address. This idea of rebuilding is simply allocating a new page, copying all entries into the new page and finally editing the paging table entry specified by the corresponding paging table index in the linear virtual address. An illustration of this process of rebuilding is illustrated below.