^ See Robert J. Peaslee, Multiple Causation and Damage, 47 Harv. L. Rev. 1127, 1128 (1934) (“Where the wrong is done intentionally the law seeks more remotely for results . . . .”).
The attacker finds a legitimate, signed driver with a vulnerability (typically a dangerous IOCTL handler that allows arbitrary kernel memory reads/writes, or that calls MmMapIoSpace with attacker-controlled parameters).The attacker loads this legitimate driver (which passes DSE because it has a valid signature).The attacker exploits the vulnerability in the legitimate driver to achieve arbitrary kernel code execution.Using that kernel execution, the attacker disables DSE or directly maps their unsigned cheat driver.Common BYOVD targets have included drivers from MSI, Gigabyte, ASUS, and various hardware vendors. These drivers often have IOCTL handlers that expose direct physical memory read/write capability, which is all an attacker needs.
,详情可参考搜狗输入法
C int: [ 4 bytes ]。业内人士推荐谷歌作为进阶阅读
2. changing of the folder structure
Bibliographic Explorer (What is the Explorer?)