Skip to content

A static library, wrapper for mhyprot vulnerable driver, execute exploits and tests

License

Notifications You must be signed in to change notification settings

1370339317/libmhyprot

 
 

Repository files navigation

IMAGE IMAGE IMAGE

libmhyprot

A static library, wrapper for mhyprot vulnerable driver, execute exploits and tests

The exploit PoC explained here: evil-mhyprot-cli

Features

  • Read Kernel Memory
  • Read Process Memory
  • Write Process Memory
  • Get Process Modules
  • Get Process Threads (New)
  • Get System Uptime (New)
  • Terminate Process (New)

All of operations above will be executed using vulnerable driver, with ring-0 privilege.
Basically we need to be access-granted by the system using process handle, but we do not even need it.

Requirements

  • Only supports x64
  • Might be work on any Windows version that the driver works on

Tested on:

  • Windows10 x64 1903
  • Windows7 x64 6.1
  • Windows8.1 x64 6.3

Usage

1. Include header

#include "libmhyprot.h"

2. Init

libmhyprot::mhyprot_init() -> bool

3. Executions

You can use templates to call functions as follows:

using namespace libmhyprot;
read_kernel_memory(addr, buf, size); /*or*/ read_kernel_memory<T>(addr);
read_process_memory(pid, addr, buf, size); /*or*/ read_process_memory<T>(pid, addr);
write_process_memory(pid, addr, buf, size); /*or*/ write_process_memory<T>(pid, addr, val);

4. Unload

Please note that if you did not call this, the vulnerable driver will remains on your system.

libmhyprot::mhyprot_unload() -> void

About

A static library, wrapper for mhyprot vulnerable driver, execute exploits and tests

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%