Module Rex::Payloads::Win32::Kernel::Common
In: lib/rex/payloads/win32/kernel/common.rb

This class provides common methods that may be shared across more than one kernel-mode payload. Many of these are from the following paper:

www.uninformed.org/?v=3&a=4&t=sumry

Methods

find_nt_idt_eeye   find_nt_kdversionblock   find_nt_pcr   resolve_call_sym  

Public Class methods

find_nt_idt_eeye()

Returns a stub that will find the base address of ntoskrnl and place it in eax. This method works by using an IDT entry. Credit to eEye.

find_nt_kdversionblock()

Returns a stub that will find the base address of ntoskrnl and place it in eax. This method uses a pointer found in KdVersionBlock.

find_nt_pcr()

Returns a stub that will find the base address of ntoskrnl and place it in eax. This method uses a pointer found in the processor control region as a starting point.

resolve_call_sym()

Alias for resolving symbols.

[Validate]