|0.1.0||Apr 30, 2023|
#1008 in Command line utilities
PhysPatch performs physical memory scanning and patching of the entire Windows Kernel using DMA.
- Scan for "48 8b ? ? ? ? ? 48" in the virtual machine named "TargetVM" and write "48 8b 00 00" in all the matches.
physpatch -g "TargetVM" -p "48 8b 00 00" -- "48 8b ? ? ? ? ? 48"
- Scan for "488b?????48" in the first virtual machine found, without performing any patching.
physpatch -- "488b?????48"
physpatch --help for all the available arguments and their descriptions.
Who doesn't love Cargo? You can install PhysPatch with it, by running:
cargo install physpatch
You can now launch the program with the
🔩 From Source
Rust is required to build from source. If you don't have it installed, you can install it using rustup.
git clone https://github.com/sonodima/physpatch cd physpatch cargo build --release
The compiled binary will be located at
⚠️ THIS TOOL ONLY SUPPORTS AMD64 GUEST SYSTEMS
This project is heavily inspired by Hygieia, which is a scanning tool to find traces of vulnerable drivers.