Expand description
§SuperFetch
A lib allowing to utilize the Windows superfetch magic to translate virtual addresses to physical.
§Overview
SuperFetch is a library designed to speed up the memory tool and exploit development on Windows systems.
This crate will help you to quickly turn the virtual address to physical, using one simple function. Small example below:
let va: LPVOID = get_base_addr("ntoskrnl.exe")?;
let mm: MemoryMap = unsafe { MemoryMap::snapshot()? };
let pa: u64 = mm.translate(va)?;You can find full example in example folder of project github.
§Details
This crate utilizes the Superfetch. This is a Windows service that can speed up data access by preloading it. If you are wondering how it works, I strongly recommend you to read these articles:
- Inside windows page frame numbers by Sina Karvandi
- Windows address translation deep dive by 0x14c
- The SuperFetch Query superpower by Viking
Later, I will write a small note explaining his technique on the high level, and leave it on project github.
This crate is based on the C++ library superfetch created by jonomango.
Modules§
- error
- The
errormodule contains the crate error type - superfetch
- The
superfetchmodule provides the wrapper around the NtQuerySystemInformation - types
- The
typemodule contains the windows types, nessesery for crate work
Structs§
- Memory
Map - Memory map object
- Memory
Range - Physical memory range information