asdlei99 / efi-memory Goto Github PK

Efi-memory is a proof-of-concept EFI runtime driver for reading and writing to virtual memory. It uses EfiGuards method of hooking SetVariable to communicate with the user-mode process. Here is an example how it works.

driver/

• EFI driver itself

client/efi-mapper/

• kdmapper fork that uses efi-memory to manual map any Windows driver

Compiling any of the example client programs is pretty simple. Open the solution file in Visual Studio and compile the project with it's default settings.

Compiling the driver is also pretty simple. First you need a working Linux install (or you can use Linux subsystem for Windows) and install gnu-efi (commands for Ubuntu 20.04):

sudo apt install gnu-efi build-essential

That's all you need to install. Package manager (in the example apt) should take care of all the depencies for you. Once the installation is complete, clone this repo (make sure you have git installed):

git clone https://github.com/SamuelTulach/efi-memory

Than navigate to the driver folder and compile the driver with make:

cd efi-memory
cd driver
make

If the compile was successful, you should now see memory.efi in the driver folder.

In order to use the efi-memory driver, you need to load it. First, obtain a copy of memory.efi (compile it or download it from release section) and a copy of EDK2 efi shell. Now follow these steps:

1. Extract downloaded efi shell and rename file Shell.efi (should be in folder UefiShell/X64) to bootx64.efi
2. Format some USB drive to FAT32
3. Create following folder structure:

USB:.
 │   memory.efi
 │
 └───EFI
      └───Boot
              bootx64.efi

4. Boot from the USB drive
5. An UEFI shell should start, change directory to your USB (FS0 should be the USB since we are booting from it) and list files:

FS0:
ls

6. You should see file memory.efi, if you do, load it:

load memory.efi

7. Now there should be a nice efi-memory ascii logo printed in your UEFI shell. If there is, the driver was loaded successfuly. If that is the case, type exit to start standard boot procedure (while Windows is booting the screen should go blue with confirmation text)

I would like to thank @z175 for kdmapper project since that is a masterpiece. @Mattiwatti for EfiGuard project and the idea of SetVariable hooking. Roderick W. Smith for rodsbooks.com (really useful site to read about EFI basics).

This repo is licensed under MIT if not stated otherwise in subfolders.