Become an AceSign inSign up
SamuelTulach/ efi-memory (1.3) over 1 year ago
C++ C
View on GitHub
Need help with efi-memory?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

SamuelTulach
252 Stars 73 Forks 48 Commits 3 Opened issues

Description

PoC EFI runtime driver for memory r/w & kdmapper fork

Services available

!
?

Need anything else?

Contributors list

Samuel Tulach SamuelTulach
# 131,300
C#
virusto...
WinForm...
Shell
 45 commits

Efi-memory is a proof-of-concept EFI runtime driver for reading and writing to virtual memory. It uses EfiGuards method of hooking SetVariable to communicate with the user-mode process. Here is an example how it works.

Repo content

driver/ - EFI driver itself

client/efi-mapper/ - kdmapper fork that uses efi-memory to manual map any Windows driver

Compiling

Compiling any of the example client programs is pretty simple. Open the solution file in Visual Studio and compile the project with it's default settings.

Compiling the driver is also pretty simple. First you need a working Linux install (or you can use Linux subsystem for Windows) and install gnu-efi (commands for Ubuntu 20.04): 

sudo apt install gnu-efi build-essential
That's all you need to install. Package manager (in the example apt) should take care of all the depencies for you. Once the installation is complete, clone this repo (make sure you have git installed): 
git clone https://github.com/SamuelTulach/efi-memory
Than navigate to the driver folder and compile the driver with make: 
cd efi-memory
cd driver
make
If the compile was successful, you should now see memory.efi in the driver folder.

Usage

In order to use the efi-memory driver, you need to load it. First, obtain a copy of memory.efi (compile it or download it from release section) and a copy of EDK2 efi shell. Now follow these steps:

  1. Extract downloaded efi shell and rename file Shell.efi (should be in folder UefiShell/X64) to bootx64.efi
  2. Format some USB drive to FAT32
  3. Create following folder structure: 
    USB:.
│   memory.efi
│
└───EFI
  └───Boot
          bootx64.efi
  4. Boot from the USB drive
  5. An UEFI shell should start, change directory to your USB (FS0 should be the USB since we are booting from it) and list files: 
    FS0:
ls
  6. You should see file memory.efi, if you do, load it: 
    load memory.efi
  7. Now there should be a nice efi-memory ascii logo printed in your UEFI shell. If there is, the driver was loaded successfuly. If that is the case, type 
    exit
    to start standard boot procedure (while Windows is booting the screen should go blue with confirmation text)

Thanks

I would like to thank @z175 for kdmapper project since that is a masterpiece. @Mattiwatti for EfiGuard project and the idea of SetVariable hooking. Roderick W. Smith for rodsbooks.com (really useful site to read about EFI basics).

License

This repo is licensed under MIT if not stated otherwise in subfolders.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.