Exploitation of arbitrary write vulnerability in HackSys Extreme Vulnerable Driver.
Demonstrates kernel arbitrary write primitive (IOCTL 0x22200B) leading to code execution through:
- PDE manipulation to bypass memory write protection
NtAddAtomfunction hooking via shellcode trampoline- Arbitrary kernel function execution (
DbgPrint)
Writeup: https://vith0r.gitbook.io/public/malware-dev/posts/driver-exploitation/hevd-hacksys