Merge branch 'master' of github.com:katlogic/WindowsD

README.md

@@ -100,10 +100,12 @@ buffer in bytes, including terminating zeros.
 `WIND_IOCTL_PROT` - set/unset process protection. buffer points to `wind_prot_t`
 typed buffer.
 
-`buf->pid` - set to pid you want to change protection flags for.
-`buf->prot` - contents of this struct are copied to process protection flags,
-but original protection flags of process will be returned back in the same
-buffer - ie contents will be swapped.
+* `buf->pid` - set to pid you want to change protection flags for.
+* `buf->prot` - contents of this struct are copied to process protection flags,
+  but original protection flags of process will be returned back in the same
+  buffer - ie contents will be swapped.
+
+To unprotect a process, just clear all its flags - bzero(&buf->prot).
 
 You can re-protect a process after you're done with it, simply by calling the
 ioctl again with same buffer (it holds the original flags) and the `buf->prot`
@@ -117,9 +119,8 @@ policy with whatever we want. There are some differences too:
 
 * Custom signed driver 0day is used.
 * 32bit support (Win8+ secureboot).
-* It can actually coexist with vbox, does not depend on VT support in CPU
-  and it even triggers if the driver is already present as we try to load it
-  under different name.
+* Can coexist with vmware/vbox as the exploit is not based on those (and hence
+  does not need CPU with VT support either).
 * The vulnerable driver is WHQL signed, so it works even on systems restricted
   to WHQL via secureboot env.
 * We automate `reset ci_Options` -> `load unsigned` -> `ci_Options restore`