{"id":20465687,"url":"https://github.com/samueltulach/nullmap","last_synced_at":"2025-07-28T12:38:15.123Z","repository":{"id":137812597,"uuid":"612358302","full_name":"SamuelTulach/nullmap","owner":"SamuelTulach","description":"Using CVE-2023-21768 to manual map kernel mode driver ","archived":false,"fork":false,"pushed_at":"2023-03-10T20:16:53.000Z","size":21,"stargazers_count":176,"open_issues_count":4,"forks_count":35,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-12-10T07:51:49.922Z","etag":null,"topics":["cve-2023-21768","driver","exploit","kernel","manual-mapper","mapper","windows"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SamuelTulach.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-10T19:08:28.000Z","updated_at":"2024-12-10T02:34:56.000Z","dependencies_parsed_at":"2024-05-18T23:30:51.329Z","dependency_job_id":null,"html_url":"https://github.com/SamuelTulach/nullmap","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamuelTulach%2Fnullmap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamuelTulach%2Fnullmap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamuelTulach%2Fnullmap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamuelTulach%2Fnullmap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SamuelTulach","download_url":"https://codeload.github.com/SamuelTulach/nullmap/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230431103,"owners_count":18224655,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2023-21768","driver","exploit","kernel","manual-mapper","mapper","windows"],"created_at":"2024-11-15T13:19:28.009Z","updated_at":"2024-12-19T12:10:06.314Z","avatar_url":"https://github.com/SamuelTulach.png","language":"C","readme":"# nullmap\nA very simple driver manual mapper based on my older [voidmap](https://github.com/SamuelTulach/voidmap) and [CVE-2023-21768 POC](https://github.com/xforcered/Windows_LPE_AFD_CVE-2023-21768) by [chompie](https://twitter.com/chompie1337) and [b33f](https://twitter.com/FuzzySec). Because the underlying IoRing post-exploitation memory r/w primitive is not handling many consequent reads and writes very well, I've decided to overwrite CR4 to disable SMEP/SMAP to execute the driver mapped in usermode. Tested on Windows 11 22H2 (22621.525). \n\nUsage:\n```\nnullmap.exe \u003cpath_to_driver\u003e\n```\n\nPossible problems:\n- Manual mapped driver will be in a pool allocated by ExAllocatePool. If you want to use this for anything more serious you should consider finding a better way of memory allocation so it can't be dumped so easily.\n- There is no easy way to read the original cr4 value which means that I had to hardcode the value that was there on my system. While it should be the same for most modern CPUs, you should still double-check that the value is correct.\n- I've hard-coded offset to NtGdiGetEmbUFI since there is no easy way to sigscan it, which means that you will have to update this offset for your specific Windows build.\n- It was written in one afternoon, it might not be the cleanest code base.\n\nVideo:\n\n[![video](https://img.youtube.com/vi/qdAZ8mTsTrc/0.jpg)](https://www.youtube.com/watch?v=qdAZ8mTsTrc)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamueltulach%2Fnullmap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsamueltulach%2Fnullmap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamueltulach%2Fnullmap/lists"}