This project is going to be used as a Bluehat tool for me. I am planning on using this for malw4re analysis as well as reversing. I am currently in my second year of Univeristy for compsci. The project I have is being used by friends of mine who are a bit more advanced than me currently and they have been able to achieve exactly what I want with this exact code base.
So far what I have:
UEFI B00tkit which I load onto a bootable fat32 USB (edk2 compiled EFI). B00tkit loads and patches Patchguard and DSE (either on boot or with a backd00r to kernel from Usermode).
This project is a bit above my current knowledge level but I can see huge value in having a tool like this.
All I want to get working first and foremost is a solution to this exact problem (Windows 10):
Digitally Signed (vulnerable) driver with Malw4re is loaded on Boot. This driver recursively checks Physical Memory regions and sends data to a Usermode application which is also injected into target processes (which the malware controls).
A malw4re like this is almost impossible to beat without lots of reversing and slow methodical tinkering.
With a UEFI b00tkit I can patch anything in the kernel before it boots, I can execute Disabling DSE from usermode. Theres a lot of options and I dont know which to pick. The types of malw4re we are analyzing can sometimes not even be malw4re but legitimate applications which malw4re uses as protections.
With full access to the OS and no DSE or PG I think someone with a good understanding of the Windows OS/ Kernel / Memory should be able to help me find a way to hide my backd00r and run my own code to read/write from these high powered ring0 malw4re protected processes.
I have been having a very difficult time explaining this but I can assure anyone who chooses to work with me on this will understand I just didn't explain it well.
My friends in 2nd year compsci at UNI have this working already and I really want to figure out a solution as well.
Thanks for reading, please message me for the link to the Github so you can take a look. I can make a lot more sense of this if you ask me the right questions!