{"id":26215127,"url":"https://github.com/xacone/eneio64-driver-exploit","last_synced_at":"2025-03-12T10:27:11.519Z","repository":{"id":281298675,"uuid":"942716896","full_name":"Xacone/Eneio64-Driver-Exploit","owner":"Xacone","description":"Exploit for Eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W","archived":false,"fork":false,"pushed_at":"2025-03-08T05:29:38.000Z","size":12,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-08T06:25:41.591Z","etag":null,"topics":["driver-exploitation","exploit"],"latest_commit_sha":null,"homepage":"https://xacone.github.io/eneio-driver.html","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Xacone.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-04T15:01:25.000Z","updated_at":"2025-03-08T05:29:43.000Z","dependencies_parsed_at":"2025-03-08T06:35:48.319Z","dependency_job_id":null,"html_url":"https://github.com/Xacone/Eneio64-Driver-Exploit","commit_stats":null,"previous_names":["xacone/eneio64-driver-exploit"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Xacone%2FEneio64-Driver-Exploit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Xacone%2FEneio64-Driver-Exploit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Xacone%2FEneio64-Driver-Exploit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Xacone%2FEneio64-Driver-Exploit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Xacone","download_url":"https://codeload.github.com/Xacone/Eneio64-Driver-Exploit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243199126,"owners_count":20252356,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["driver-exploitation","exploit"],"created_at":"2025-03-12T10:27:10.980Z","updated_at":"2025-03-12T10:27:11.507Z","avatar_url":"https://github.com/Xacone.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Exploit for eneio64.sys Kernel Driver - Turning Physical Memory R/W into Virtual Memory R/W\n\n- This exploit targets [eneio64.sys](https://www.loldrivers.io/drivers/90ecbbf7-b02f-424d-8b7d-56cc9e3b5873/), a vulnerable driver offering read/write primitives on the system's physical memory. The associated CVE is CVE-2020-12446. I'm not the one behind this CVE discovery, all credit goes to [@ihack4falafel](https://github.com/ihack4falafel).\n- This exploit targets Windows 11 22H2. Check the ``nt!HalpLMStub`` \u0026 `EPROCESS`/`KTHREAD` offsets if you're targeting another Windows version.\n- eneio64.sys is currently (March 8, 2025) tolerated by HVCI which reinforces the Vulnerable Driver Blocklist. eneio64.sys can be loaded on Windows 11 23H2 and 24H2 as well.\n- The main purpose of this exploit is to demonstrate how to map virtual addresses to physical addresses using the same virtual-to-physical translation process as the OS. [A walkthrough of this POC is published here](https://xacone.github.io/eneio-driver.html).\n- The exploit presented here enables privilege elevation via token theft.\n- For educational purposes only.\n\n---\n\n\n\nhttps://github.com/user-attachments/assets/aa57cb23-4bbf-4b69-995e-beca123c9904\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxacone%2Feneio64-driver-exploit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxacone%2Feneio64-driver-exploit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxacone%2Feneio64-driver-exploit/lists"}