Skip to content
/ Eneio64-Driver-Exploit Public

Exploit for eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W

xacone.github.io/eneio-driver.html
14 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Xacone/Eneio64-Driver-Exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

XaconeXacone
Update nt!HalpLMStub offset on Win11 22H2
Mar 23, 2025
395cdf5 · Mar 23, 2025

History

8 Commits
exploit
exploit
 
 
README.md
README.md
 
 
sd.py
sd.py
 
 

Repository files navigation

Exploit for eneio64.sys Kernel Driver - Turning Physical Memory R/W into Virtual Memory R/W

  • This exploit targets eneio64.sys, a vulnerable driver offering read/write primitives on the system's physical memory. The associated CVE is CVE-2020-12446. I'm not the one behind this CVE discovery, all credit goes to @ihack4falafel.
  • This exploit targets Windows 11 22H2. Check the nt!HalpLMStub & EPROCESS/KTHREAD offsets if you're targeting another Windows version.
  • eneio64.sys is currently (March 8, 2025) tolerated by HVCI which reinforces the Vulnerable Driver Blocklist. eneio64.sys can be loaded on Windows 11 23H2 and 24H2 as well.
  • The main purpose of this exploit is to demonstrate how to map virtual addresses to physical addresses using the same virtual-to-physical translation process as the OS. A walkthrough of this POC is published here.
  • The exploit presented here enables privilege elevation via token theft.
  • For educational purposes only.
eneio64-privesc.mp4

About

Exploit for eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W

xacone.github.io/eneio-driver.html

Topics

exploit driver-exploitation

Resources

Readme
Activity

Stars

14 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages