Home

Awesome

POC-ExFlushTb

A POC for monitoring Tb. This code is not neat, it's just a POC.

image

Principle

Hijack HalIommuDispatch + 0x48 image

KeFlushSingleTb
    -> ExFlushTb
KeFlushTb
    -> ExFlushTb

Compile