Skip to content

goodluck4you/FindKernelExportFromUm

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

FindKernelExportFromUm

If you are using vulnerable drivers this might be useful.

DESCRIPTION

Basically does as the name says. You get kernel exports, in this example "NtQueryInformationFile", from usermode without reading from kernel memory.

HOW IT WORKS

You can get the base addresses from kernel modules from usermode by calling NtQuerySystemInformation with the SystemModuleInformation class. Then you get the export address from the image on disk and translate the address.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%