Александр
Александр
Ah, no-no, that's about a PE parser, not about PDB's! You can use that PDB parser in usermode only. The best approach is to parse all necessary data from your...
Hi here! Here are no new updates for that driver, nothing to rebuild
Hi here! You can set any kernel registers directly from userspace using this: https://github.com/HoShiMin/EnjoyTheRing0/blob/ea426c4ce56e5cf406732a572dc8db8b3c5e6626/EnjoyTheRing0/IOCTLDispatcher.c#L237-L246 It will call the given callback with Ring0 privileges. So that, you can pass an address...
I already forgot about details, but it looks like you could try something like this: ```cpp size_t __stdcall shell(PSHELL_CODE_ARGUMENTS args) { // ... Your Ring0 code here... return 0; }...
Also, there is another driver with ability to call usermode shells with much more simple and straightforward implementation: https://github.com/HoShiMin/Kernel-Bridge/tree/master
You can load your driver without signing using any mapper with any vulnerable driver (e.g., by Intel, nVidia or VirtualBox which can't be just blacklisted by Microsoft). The most famous...