Skip to content

LabGuy94/Diskjacker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
kernel
kernel
 
 
loader
loader
 
 
payload
payload
 
 
shared
shared
 
 
usermode
usermode
 
 
.gitignore
.gitignore
 
 
Diskjacker.sln
Diskjacker.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
hypervpreview.mp4
hypervpreview.mp4
 
 

Repository files navigation

Diskjacker

A proof of concept project which hijacks Hyper-Vs VM Exit handler at runtime using DDMA.

Video

hypervpreview.mp4

How it works

Read at readcc.net, archived at archive.org.

Requirements

  1. AMD CPU with Virtualization Capabilities (Intel support in theory possible)
  2. Windows 11 24H2 (requires offset update in GetVmcb function in hyperv.hpp otherwise)
  3. IOMMU Disabled
  4. Hyper-V Enabled

Usage

  1. Compile the project using Visual Studio 2022 and WDK.
  2. Use a tool like HXD or bintoc to copy the bytes of payload.sys to payloadData inside of payloadBytes.h
  3. Run loader passing kernel driver as parameter
  4. Run usermode
  5. Profit!

Resources

About

Runtime Hyper-V Hijacking with DDMA

readcc.net/posts/runtimehypervhijacking/

Resources

Readme

License

MIT license
Activity

Stars

68 stars

Watchers

1 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages