Skip to content

Xacone/Eneio64-Driver-Exploits

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
exploit
exploit
 
 
kaslr
kaslr
 
 
procs
procs
 
 
README.md
README.md
 
 
sd.py
sd.py
 
 

Repository files navigation

Exploit for eneio64.sys Kernel Driver - Turning Physical Memory R/W into Virtual Memory R/W

  • This exploit targets eneio64.sys, a vulnerable driver offering read/write primitives on the system's physical memory. The associated CVE is CVE-2020-12446. I'm not the one behind this CVE discovery, all credit goes to @ihack4falafel.
  • This exploit targets Windows 11 22H2. Check the nt!HalpLMStub & EPROCESS/KTHREAD offsets if you're targeting another Windows version/build.
  • eneio64.sys is currently (March 8, 2025) tolerated by HVCI which reinforces the Vulnerable Driver Blocklist. eneio64.sys can be loaded on Windows 11 23H2 and 24H2 as well.
  • The main purpose of this exploit is to demonstrate how to map virtual addresses to physical addresses using the same virtual-to-physical translation process as the OS. A walkthrough of this POC is published here.
  • The exploit presented here enables privilege elevation via token theft.
  • For educational purposes only.
eneio64-privesc.mp4

About

A serie of exploits targeting eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W

xacone.github.io/eneio-driver.html

Topics

exploit driver-exploitation

Resources

Readme
Activity

Stars

123 stars

Watchers

5 watching

Forks

23 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 1

Languages