Skip to content

Nurshot/KM-UM-Communication

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
KM
KM
 
 
UM
UM
 
 
.gitignore
.gitignore
 
 
Kernel.sln
Kernel.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

KM-UM-Communication

In user mode, it allows you to read and write through the kernel. It is actually a classic ioctl driver, but the difference is that it allows you to make changes in the cr0 section. It has been tested up to Windows 21H1. If you want to add 22H2, you have to add it yourself.You can access the offsets from the link. https://ntdiff.github.io

To Run on Your Computer

Method 1

  Unsigned Drivers can be loaded using https://github.com/Mattiwatti/EfiGuard

Method 2

  /Activate test mode and restart your computer
  bcdedit /set testsigning on

  /Create and start the service
  sc create steel type= kernel binpath="C:\...\numerickernel.sys"
  sc start steel
  
  /Stop the service when you are done
  sc stop steel

  /Disable test mode
  bcdedit /set testsigning off

Usage/Examples

Read Memory

DWORD x = Driver.ReadVirtualMemory<DWORD>(pid, ModuleBase + Pointerone, sizeof(DWORD));

Write Memory

int a=0;
DWORD writeng = ModuleBase + Pointerone;
Driver.WriteVirtualMemory<DWORD>(pid, writeng, a, sizeof(ULONG));

Write CR0 Memory (Best Part)

int a=0;
DWORD writeng = ModuleBase + Pointerone;
Driver.WriteReadOnlyCrMemory<DWORD>(pid, writeng, a, sizeof(ULONG));

Warning

Do not continuously try to write while using Write CR0 Memory. If you cannot lower the IRQL level, you may get a blue screen.

License

GNU

About

Kernel and user mode write-read memory communication.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages