A small proof-of-concept for using disk devices for DMA on Windows.

Related tags

Miscellaneous ddma
Overview

ddma

A small proof-of-concept for using disk devices for DMA on Windows.

Why

Some native hypervisors (i.e. Hyper-V) allow the guest unvirtualized device access, which means SLAT can be circumvented.

Demo

Modifying Hyper-V at runtime (baremetal - 2004).

Demo

Notes

If kernel debugging is enabled, then the demo will bugcheck due to MiShowBadMapper. You can fix this by changing the first byte the function references to 2.

Your HBA may not support 64-bit addressing and thus cannot access higher physical memory.

This PoC also only supports ATA.

You might also like...
Proof of Concept for CVE-2021-1585: Cisco ASA Device Manager RCE

staystaystay staystaystay is a proof of concept exploit for CVE-2021-1585, a man in the middle or evil endpoint RCE issue affecting Cisco ASA Device M

Jake Baines 9 Sep 28, 2022
Proof of concept userspace filesystem that executes filenames as shell commands and makes the result accessible though reading the file.

ExecFS Proof of concept userspace filesystem that executes filenames as shell commands and makes the result accessible though reading the file. $ ./ex

Camel Coder 42 Jan 7, 2023
Proof of Concept 'GeoPackage' to Arrow Converter

gpkg The goal of gpkg is to provide a proof-of-concept reader for SQLite queries into Arrow C Data interface structures. Installation You can install

Dewey Dunnington 8 May 20, 2022
Userspace I/O library for Xilinx AXI S2MM DMA
Userspace I/O library for Xilinx AXI S2MM DMA

Userspace DMA I/O This library should simplify the use of the Xilinx AXI DMA controller when used in S2MM (Stream to Memory-Mapped) mode. A typical us

MicroTCA Technology Lab 4 Sep 20, 2022
Identify I2C devices from a database of the most popular I2C sensors and other devices

I2C Detective Identify I2C devices from a database of the most popular I2C sensors and other devices. For more information see http://www.technoblogy.

David Johnson-Davies 21 Nov 29, 2022
Future-proof NvENC & NvFBC patcher (Linux/Windows)

nvlax Future-proof NvENC & NvFBC patcher Requirements Working internet connection during configuration (i.e cloning does NOT include dependencies) CMa

Illyan Garte 117 Dec 28, 2022
Graphs the disk IO in a linux terminal.
Graphs the disk IO in a linux terminal.

diskgraph Monitor for disk IO Introduction The diskgraph tool will graph disk IO under linux, in a terminal. Examples: $ ./diskgraph /dev/nvme0n1 $ ./

Bram Stolk 184 Nov 14, 2022
Microcontroller based switchless ROM switcher for the Commodore 1541-II disk drive

Retroninja 1541-II Switchless Multi-ROM A microcontroller based switchless ROM switcher for the Commodore 1541-II disk drive. Switch between stock CBM

retroninja 5 Sep 3, 2022
Hide SMBIOS/disk/NIC serials from EFI bootkit
Hide SMBIOS/disk/NIC serials from EFI bootkit

Rainbow Rainbow is a bootkit like HWID spoofer for Windows. It abuses several hooks in EFI runtime services and uses clever DKOM to hide hardware seri

Samuel Tulach 184 Jan 6, 2023
Owner
null
GitHub
STM32 examples for USART using DMA for efficient RX and TX transmission

STM32 UART DMA RX and TX This application note contains explanation with examples for 2 distinct topics: Data reception with UART and DMA when applica

Tilen Majerle 821 Dec 26, 2022
Proof-of-concept implementation for the paper "Osiris: Automated Discovery of Microarchitectural Side Channels" (USENIX Security'21)

Osiris This repository contains the implementation of the Osiris framework discussed in the research paper "Osiris: Automated Discovery of Microarchit

CISPA 41 Nov 11, 2022
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module

InlineExecute-Assembly InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process

anthemtotheego 402 Dec 26, 2022
Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR

Detect-Hooks Detect-Hooks is a proof of concept Beacon Object File (BOF) that attempts to detect userland API hooks in place by AV/EDR. The BOF will r

anthemtotheego 121 Dec 25, 2022
A proof-of-concept port of uxn to the STM32duino environment

ArdUxno-demo A quick-and-dirty proof-of-concept port of Devine Lu Linvega's amazing Uxn virtual stack machine to an STM32 microcontroller. uxn.c and u

Cass Smith 11 Nov 9, 2022
An implementation and proof-of-concept of Process Forking.

ForkPlayground A library to implement the Process Forking attack described in this blog post. ForkLib - C++ library that implements the Process Forkin

Bill Demirkapi 174 Nov 21, 2022
The Machinery IDL - Proof of Concept

The Machinery IDL - Proof of Concept This is a proof of concept for an Interface Description Language isomorphic with C for describing C11 ABI compati

null 6 Jul 21, 2022
CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a

anthemtotheego 188 Dec 25, 2022
CVE-2021-4034: Local Privilege Escalation in polkit's pkexec proof of concept

CVE-2021-4034 Proof of Concept Qualys researches found a pretty cool local privilege escalation vulnerability in Polkit's pkexec: writeup, tweet. This

Marco Bonelli 20 Jun 22, 2022
Proof of Concept (PoC) CVE-2021-4034

PwnKit-Exploit CVE-2021-4034 @c0br40x help to make this section in README!! Proof of Concept [email protected]:~/PwnKit-Exploit$ make cc -Wall exploit.

Luis Javier 60 Nov 10, 2022