├── README.md
├── ClearDriverTraces
    ├── Main.cpp
    ├── Mapper.vcxproj.filters
    ├── Mapper.inf
    ├── Mapper.sln
    ├── Misc.h
    ├── Cleaning.h
    └── Mapper.vcxproj
└── .gitignore


/README.md:
--------------------------------------------------------------------------------
 1 | # ClearDriverTraces
 2 | clearing traces of a loaded driver
 3 | 
 4 | ## DESCRIPTION  
 5 | This project gets rid of some entries left behind by loading a signed kernel driver which can lead to the certificate getting blacklisted.
 6 | 
 7 | ## NOTES
 8 | I have only provided the right offsets for my windows version (21h1). You can get the correct offsets from ida. Open the module they are loaded in, search for them in the name search window, rebase the program to 0, and then copy their location.
 9 | 
10 | ## USAGE 
11 | Compile in x64 release and sign it. Load it like any other signed driver.
12 | 


--------------------------------------------------------------------------------
/ClearDriverTraces/Main.cpp:
--------------------------------------------------------------------------------
 1 | #include "Cleaning.h"
 2 | 
 3 | void MyUnload(PDRIVER_OBJECT driverObject)
 4 | {
 5 | 	Print("[s11] unloading mapper\n");
 6 | }
 7 | 
 8 | 
 9 | NTSTATUS DriverEntry(PDRIVER_OBJECT  driverObject, PUNICODE_STRING  RegistryPath)
10 | {
11 | 	UNREFERENCED_PARAMETER(RegistryPath);
12 | 	driverObject->DriverUnload = MyUnload;
13 | 
14 | 	NTSTATUS status = STATUS_SUCCESS;
15 | 	RemoveMmUnloadedDrivers(driverObject);
16 | 
17 | 	status = RemovePiDDBCacheTableEntry(driverObject);
18 | 	if (!NT_SUCCESS(status))
19 | 	{
20 | 		Print("failed to clear piddb cache %x\n", status);
21 | 		return status;
22 | 	}
23 | 
24 | 	status = RemoveKernelHashBucketListEntry(driverObject);
25 | 	if (!NT_SUCCESS(status))
26 | 	{
27 | 		Print("failed to clear hashbucket list cache %x\n", status);
28 | 		return status;
29 | 	}
30 | 
31 | 	status = DeleteCiEaCacheLookasideList();
32 | 	if (!NT_SUCCESS(status))
33 | 	{
34 | 		Print("failed to delete lookaside list %x\n", status);
35 | 		return status;
36 | 	}
37 | 
38 | 	return status;
39 | }
40 | 
41 | 


--------------------------------------------------------------------------------
/ClearDriverTraces/Mapper.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Resource Files">
 9 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
10 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
11 |     </Filter>
12 |     <Filter Include="Driver Files">
13 |       <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
14 |       <Extensions>inf;inv;inx;mof;mc;</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Inf Include="Mapper.inf">
19 |       <Filter>Driver Files</Filter>
20 |     </Inf>
21 |   </ItemGroup>
22 |   <ItemGroup>
23 |     <ClCompile Include="Main.cpp">
24 |       <Filter>Source Files</Filter>
25 |     </ClCompile>
26 |   </ItemGroup>
27 |   <ItemGroup>
28 |     <ClInclude Include="Misc.h">
29 |       <Filter>Driver Files</Filter>
30 |     </ClInclude>
31 |     <ClInclude Include="Cleaning.h">
32 |       <Filter>Driver Files</Filter>
33 |     </ClInclude>
34 |   </ItemGroup>
35 | </Project>


--------------------------------------------------------------------------------
/ClearDriverTraces/Mapper.inf:
--------------------------------------------------------------------------------
 1 | ;
 2 | ; Mapper.inf
 3 | ;
 4 | 
 5 | [Version]
 6 | Signature="$WINDOWS NT$"
 7 | Class=Sample ; TODO: edit Class
 8 | ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
 9 | Provider=%ManufacturerName%
10 | CatalogFile=Mapper.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 | PnpLockDown=1
13 | 
14 | [DestinationDirs]
15 | DefaultDestDir = 12
16 | Mapper_Device_CoInstaller_CopyFiles = 11
17 | 
18 | ; ================= Class section =====================
19 | 
20 | [ClassInstall32]
21 | Addreg=SampleClassReg
22 | 
23 | [SampleClassReg]
24 | HKR,,,0,%ClassName%
25 | HKR,,Icon,,-5
26 | 
27 | [SourceDisksNames]
28 | 1 = %DiskName%,,,""
29 | 
30 | [SourceDisksFiles]
31 | Mapper.sys  = 1,,
32 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
33 | 
34 | ;*****************************************
35 | ; Install Section
36 | ;*****************************************
37 | 
38 | [Manufacturer]
39 | %ManufacturerName%=Standard,NT$ARCH$
40 | 
41 | [Standard.NT$ARCH$]
42 | %Mapper.DeviceDesc%=Mapper_Device, Root\Mapper ; TODO: edit hw-id
43 | 
44 | [Mapper_Device.NT]
45 | CopyFiles=Drivers_Dir
46 | 
47 | [Drivers_Dir]
48 | Mapper.sys
49 | 
50 | ;-------------- Service installation
51 | [Mapper_Device.NT.Services]
52 | AddService = Mapper,%SPSVCINST_ASSOCSERVICE%, Mapper_Service_Inst
53 | 
54 | ; -------------- Mapper driver install sections
55 | [Mapper_Service_Inst]
56 | DisplayName    = %Mapper.SVCDESC%
57 | ServiceType    = 1               ; SERVICE_KERNEL_DRIVER
58 | StartType      = 3               ; SERVICE_DEMAND_START
59 | ErrorControl   = 1               ; SERVICE_ERROR_NORMAL
60 | ServiceBinary  = %12%\Mapper.sys
61 | 
62 | ;
63 | ;--- Mapper_Device Coinstaller installation ------
64 | ;
65 | 
66 | [Mapper_Device.NT.CoInstallers]
67 | AddReg=Mapper_Device_CoInstaller_AddReg
68 | CopyFiles=Mapper_Device_CoInstaller_CopyFiles
69 | 
70 | [Mapper_Device_CoInstaller_AddReg]
71 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
72 | 
73 | [Mapper_Device_CoInstaller_CopyFiles]
74 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
75 | 
76 | [Mapper_Device.NT.Wdf]
77 | KmdfService =  Mapper, Mapper_wdfsect
78 | [Mapper_wdfsect]
79 | KmdfLibraryVersion = $KMDFVERSION$
80 | 
81 | [Strings]
82 | SPSVCINST_ASSOCSERVICE= 0x00000002
83 | ManufacturerName="<Your manufacturer name>" ;TODO: Replace with your manufacturer name
84 | ClassName="Samples" ; TODO: edit ClassName
85 | DiskName = "Mapper Installation Disk"
86 | Mapper.DeviceDesc = "Mapper Device"
87 | Mapper.SVCDESC = "Mapper Service"
88 | 


--------------------------------------------------------------------------------
/ClearDriverTraces/Mapper.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.31624.102
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Mapper", "Mapper.vcxproj", "{EB6C9087-A8AA-4160-9E90-8A8864CC8806}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|ARM = Debug|ARM
11 | 		Debug|ARM64 = Debug|ARM64
12 | 		Debug|x64 = Debug|x64
13 | 		Debug|x86 = Debug|x86
14 | 		Release|ARM = Release|ARM
15 | 		Release|ARM64 = Release|ARM64
16 | 		Release|x64 = Release|x64
17 | 		Release|x86 = Release|x86
18 | 	EndGlobalSection
19 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|ARM.ActiveCfg = Debug|ARM
21 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|ARM.Build.0 = Debug|ARM
22 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|ARM.Deploy.0 = Debug|ARM
23 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|ARM64.Build.0 = Debug|ARM64
25 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|x64.ActiveCfg = Debug|x64
27 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|x64.Build.0 = Debug|x64
28 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|x64.Deploy.0 = Debug|x64
29 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|x86.ActiveCfg = Debug|Win32
30 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|x86.Build.0 = Debug|Win32
31 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Debug|x86.Deploy.0 = Debug|Win32
32 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|ARM.ActiveCfg = Release|ARM
33 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|ARM.Build.0 = Release|ARM
34 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|ARM.Deploy.0 = Release|ARM
35 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|ARM64.ActiveCfg = Release|ARM64
36 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|ARM64.Build.0 = Release|ARM64
37 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|ARM64.Deploy.0 = Release|ARM64
38 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|x64.ActiveCfg = Release|x64
39 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|x64.Build.0 = Release|x64
40 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|x64.Deploy.0 = Release|x64
41 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|x86.ActiveCfg = Release|x64
42 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|x86.Build.0 = Release|x64
43 | 		{EB6C9087-A8AA-4160-9E90-8A8864CC8806}.Release|x86.Deploy.0 = Release|x64
44 | 	EndGlobalSection
45 | 	GlobalSection(SolutionProperties) = preSolution
46 | 		HideSolutionNode = FALSE
47 | 	EndGlobalSection
48 | 	GlobalSection(ExtensibilityGlobals) = postSolution
49 | 		SolutionGuid = {F7A011C2-B9ED-4AD4-8D29-BFF8831D6A76}
50 | 	EndGlobalSection
51 | EndGlobal
52 | 


--------------------------------------------------------------------------------
/ClearDriverTraces/Misc.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include <Ntifs.h>
  3 | #include <ntimage.h> 
  4 | 
  5 | #define Print(fmt, ...) DbgPrint("[s11]: " fmt, ##__VA_ARGS__)
  6 | 
  7 | PVOID GetKernelBase(ULONG* Size)
  8 | {
  9 | 	typedef unsigned char uint8_t;
 10 | 	auto Idt_base = reinterpret_cast<uintptr_t>(KeGetPcr()->IdtBase);
 11 | 	auto align_page = *reinterpret_cast<uintptr_t*>(Idt_base + 4) >> 0xc << 0xc;
 12 | 
 13 | 	for (; align_page; align_page -= PAGE_SIZE)
 14 | 	{
 15 | 		for (int index = 0; index < PAGE_SIZE - 0x7; index++)
 16 | 		{
 17 | 			auto current_address = static_cast<intptr_t>(align_page) + index;
 18 | 
 19 | 			if (*reinterpret_cast<uint8_t*>(current_address) == 0x48
 20 | 				&& *reinterpret_cast<uint8_t*>(current_address + 1) == 0x8D
 21 | 				&& *reinterpret_cast<uint8_t*>(current_address + 2) == 0x1D
 22 | 				&& *reinterpret_cast<uint8_t*>(current_address + 6) == 0xFF) //48 8d 1D ?? ?? ?? FF
 23 | 			{
 24 | 				auto nto_base_offset = *reinterpret_cast<int*>(current_address + 3);
 25 | 				auto nto_base_ = (current_address + nto_base_offset + 7);
 26 | 				if (!(nto_base_ & 0xfff))
 27 | 				{
 28 | 					if (Size)
 29 | 						*Size = reinterpret_cast<IMAGE_NT_HEADERS64*>(nto_base_ + reinterpret_cast<IMAGE_DOS_HEADER*>(nto_base_)->e_lfanew)->OptionalHeader.SizeOfImage;
 30 | 
 31 | 					return (PVOID)nto_base_;
 32 | 				}
 33 | 			}
 34 | 		}
 35 | 	}
 36 | 
 37 | 	return NULL;
 38 | }
 39 | 
 40 | 
 41 | inline ULONG RandomNumber()
 42 | {
 43 | 	ULONG64 tickCount;
 44 | 	KeQueryTickCount(&tickCount);
 45 | 	return RtlRandomEx((PULONG)&tickCount);
 46 | }
 47 | 
 48 | void WriteRandom(ULONG64 addr, ULONG size)
 49 | {
 50 | 	for (size_t i = 0; i < size; i++)
 51 | 	{
 52 | 		*(char*)(addr + i) = RandomNumber() % 255;
 53 | 	}
 54 | }
 55 | 
 56 | //zwquerysysteminformation
 57 | typedef enum _SYSTEM_INFORMATION_CLASS
 58 | {
 59 | 	SystemBasicInformation,
 60 | 	SystemProcessorInformation,
 61 | 	SystemPerformanceInformation,
 62 | 	SystemTimeOfDayInformation,
 63 | 	SystemPathInformation,
 64 | 	SystemProcessInformation,
 65 | 	SystemCallCountInformation,
 66 | 	SystemDeviceInformation,
 67 | 	SystemProcessorPerformanceInformation,
 68 | 	SystemFlagsInformation,
 69 | 	SystemCallTimeInformation,
 70 | 	SystemModuleInformation,
 71 | } SYSTEM_INFORMATION_CLASS, * PSYSTEM_INFORMATION_CLASS;
 72 | 
 73 | 
 74 | extern "C" NTSTATUS NTAPI ZwQuerySystemInformation(ULONG SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength);
 75 | 
 76 | PVOID QuerySystemInformation(SYSTEM_INFORMATION_CLASS SystemInfoClass, ULONG* size)
 77 | {
 78 | 
 79 | 	int currAttempt = 0;
 80 | 	int maxAttempt = 20;
 81 | 
 82 | 
 83 | QueryTry:
 84 | 	if (currAttempt >= maxAttempt)
 85 | 		return 0;
 86 | 
 87 | 	currAttempt++;
 88 | 	ULONG neededSize = 0;
 89 | 	ZwQuerySystemInformation(SystemInfoClass, NULL, neededSize, &neededSize);
 90 | 	if (!neededSize)
 91 | 		goto QueryTry;
 92 | 
 93 | 	ULONG allocationSize = neededSize;
 94 | 	PVOID informationBuffer = ExAllocatePool(NonPagedPool, allocationSize);
 95 | 	if (!informationBuffer)
 96 | 		goto QueryTry;
 97 | 
 98 | 	NTSTATUS status = ZwQuerySystemInformation(SystemInfoClass, informationBuffer, neededSize, &neededSize);
 99 | 	if (!NT_SUCCESS(status))
100 | 	{
101 | 		ExFreePoolWithTag(informationBuffer, 0);
102 | 		goto QueryTry;
103 | 	}
104 | 
105 | 	*size = allocationSize;
106 | 	return informationBuffer;
107 | }
108 | 
109 | 
110 | typedef struct _SYSTEM_MODULE_ENTRY {
111 | 	HANDLE Section;
112 | 	PVOID MappedBase;
113 | 	PVOID ImageBase;
114 | 	ULONG ImageSize;
115 | 	ULONG Flags;
116 | 	USHORT LoadOrderIndex;
117 | 	USHORT InitOrderIndex;
118 | 	USHORT LoadCount;
119 | 	USHORT OffsetToFileName;
120 | 	UCHAR FullPathName[256];
121 | } SYSTEM_MODULE_ENTRY, * PSYSTEM_MODULE_ENTRY;
122 | 
123 | typedef struct _SYSTEM_MODULE_INFORMATION {
124 | 	ULONG Count;
125 | 	SYSTEM_MODULE_ENTRY Module[1];
126 | } SYSTEM_MODULE_INFORMATION, * PSYSTEM_MODULE_INFORMATION;
127 | 
128 | UINT64 GetKernelModuleBase(const char* name)
129 | {
130 | 
131 | 	ULONG size = 0;
132 | 	PSYSTEM_MODULE_INFORMATION moduleInformation = (PSYSTEM_MODULE_INFORMATION)QuerySystemInformation(SystemModuleInformation, &size);
133 | 
134 | 	if (!moduleInformation || !size)
135 | 		return 0;
136 | 
137 | 	for (size_t i = 0; i < moduleInformation->Count; i++)
138 | 	{
139 | 		char* fileName = (char*)moduleInformation->Module[i].FullPathName + moduleInformation->Module[i].OffsetToFileName;
140 | 		if (!strcmp(fileName, name))
141 | 		{
142 | 			UINT64 imageBase = (UINT64)moduleInformation->Module[i].ImageBase;
143 | 			ExFreePoolWithTag(moduleInformation, 0);
144 | 			return imageBase;
145 | 		}
146 | 	}
147 | 
148 | 	ExFreePoolWithTag(moduleInformation, 0);
149 | }


--------------------------------------------------------------------------------
/ClearDriverTraces/Cleaning.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include "Misc.h"
  3 | 
  4 | //21h1, you can get these from ida
  5 | ULONG PiDDBCacheTableOffset = 0xD2F000;
  6 | ULONG PiDDBLockOffset = 0xC44940;
  7 | 
  8 | ULONG g_KernelHashBucketListOffset = 0xBC080;
  9 | ULONG g_HashCacheLockOffset = 0x37F20;
 10 | 
 11 | ULONG g_CiEaCacheLookasideListOffset = 0x38400;
 12 | 
 13 | #pragma region MmUnloadedDrivers
 14 | 
 15 | typedef struct _KLDR_DATA_TABLE_ENTRY {
 16 | 	LIST_ENTRY InLoadOrderLinks;
 17 | 	PVOID ExceptionTable;
 18 | 	ULONG ExceptionTableSize;
 19 | 	PVOID GpValue;
 20 | 	PVOID NonPagedDebugInfo;
 21 | 	PVOID DllBase;
 22 | 	PVOID EntryPoint;
 23 | 	ULONG SizeOfImage;
 24 | 	UNICODE_STRING FullDllName;
 25 | 	UNICODE_STRING BaseDllName;
 26 | 	ULONG Flags;
 27 | 	USHORT LoadCount;
 28 | 	USHORT __Unused;
 29 | 	PVOID SectionPointer;
 30 | 	ULONG CheckSum;
 31 | 	PVOID LoadedImports;
 32 | 	PVOID PatchInformation;
 33 | } KLDR_DATA_TABLE_ENTRY, * PKLDR_DATA_TABLE_ENTRY;
 34 | 
 35 | void RemoveMmUnloadedDrivers(PDRIVER_OBJECT driverObject)
 36 | {
 37 | 	reinterpret_cast<PKLDR_DATA_TABLE_ENTRY>(driverObject->DriverSection)->BaseDllName.Length = 0; // mm unloaded drivers entry is not created if base dll name is 0
 38 | }
 39 | 
 40 | #pragma endregion
 41 | 
 42 | #pragma region PiDDBCacheTable
 43 | 
 44 | typedef struct PiDDBCacheEntry
 45 | {
 46 | 	LIST_ENTRY		list;
 47 | 	UNICODE_STRING	driverName;
 48 | 	ULONG			driverStamp;
 49 | 	NTSTATUS		loadStatus;
 50 | };
 51 | 
 52 | NTSTATUS RemovePiDDBCacheTableEntry(PDRIVER_OBJECT driverObject)
 53 | {
 54 | 	//get table and lock addresses
 55 | 	ULONG64 kernelBase = (ULONG64)GetKernelBase(NULL);
 56 | 	PRTL_AVL_TABLE PiDDBCacheTable = PRTL_AVL_TABLE(kernelBase + PiDDBCacheTableOffset);
 57 | 	PERESOURCE PiDDBLock = PERESOURCE(kernelBase + PiDDBLockOffset);
 58 | 
 59 | 	//create lookup entry
 60 | 	PiDDBCacheEntry lookupEntry;
 61 | 	RtlInitUnicodeString(&lookupEntry.driverName, PKLDR_DATA_TABLE_ENTRY(driverObject->DriverSection)->BaseDllName.Buffer);
 62 | 
 63 | 	//get spinlock
 64 | 	if (!ExAcquireResourceExclusiveLite(PiDDBLock, true))
 65 | 	{
 66 | 		Print("could not aquire PiDDB spinlock\n");
 67 | 		return STATUS_UNSUCCESSFUL;
 68 | 	}
 69 | 
 70 | 	//look for entry
 71 | 	PiDDBCacheEntry* foundEntry = (PiDDBCacheEntry*)(RtlLookupElementGenericTableAvl(PiDDBCacheTable, &lookupEntry));
 72 | 
 73 | 
 74 | 	if (!foundEntry)
 75 | 	{
 76 | 		Print("could not find PiDDB entry\n");
 77 | 		ExReleaseResourceLite(PiDDBLock);
 78 | 		return STATUS_UNSUCCESSFUL;
 79 | 	}
 80 | 
 81 | 	//get prev and next list entries to remove our entry from list
 82 | 	PLIST_ENTRY nextEntry = foundEntry->list.Flink;
 83 | 	PLIST_ENTRY prevEntry = foundEntry->list.Blink;
 84 | 
 85 | 	if (!nextEntry || !prevEntry)
 86 | 	{
 87 | 		Print("could not find PiDDB list links\n");
 88 | 		ExReleaseResourceLite(PiDDBLock);
 89 | 		return STATUS_UNSUCCESSFUL;
 90 | 	}
 91 | 
 92 | 	//replace links
 93 | 	prevEntry->Flink = foundEntry->list.Flink;
 94 | 	nextEntry->Blink = foundEntry->list.Blink;
 95 | 
 96 | 	foundEntry->list.Blink = prevEntry;
 97 | 	foundEntry->list.Flink = nextEntry;
 98 | 
 99 | 
100 | 	//clean entry
101 | 	WriteRandom((ULONG64)foundEntry->driverName.Buffer, foundEntry->driverName.Length);
102 | 	foundEntry->driverStamp = RandomNumber() % sizeof(ULONG);
103 | 	WriteRandom((ULONG64)&foundEntry->list, sizeof(LIST_ENTRY));
104 | 	foundEntry->loadStatus = RandomNumber() % sizeof(NTSTATUS);
105 | 	RtlDeleteElementGenericTableAvl(PiDDBCacheTable, foundEntry);
106 | 
107 | 	//check if entry can still be found
108 | 	foundEntry = (PiDDBCacheEntry*)(RtlLookupElementGenericTableAvl(PiDDBCacheTable, &lookupEntry));
109 | 
110 | 	if (foundEntry)
111 | 	{
112 | 		Print("could not delete PiDDB entry\n");
113 | 		ExReleaseResourceLite(PiDDBLock);
114 | 		return STATUS_UNSUCCESSFUL;
115 | 	}
116 | 
117 | 	Print("cleaned PiDDB entry\n");
118 | 	ExReleaseResourceLite(PiDDBLock);
119 | 	return STATUS_SUCCESS;
120 | }
121 | #pragma endregion
122 | 
123 | #pragma region HashBucketList
124 | 
125 | typedef struct _HashBucketEntry
126 | {
127 | 	struct _HashBucketEntry* Next;
128 | 	UNICODE_STRING DriverName;
129 | 	ULONG CertHash[5];
130 | } HashBucketEntry;
131 | 
132 | NTSTATUS RemoveKernelHashBucketListEntry(PDRIVER_OBJECT driverObject)
133 | {
134 | 	UINT64 cidllBase = GetKernelModuleBase("CI.dll");
135 | 	if (!cidllBase)
136 | 	{
137 | 		Print("failed to get ci base\n");
138 | 		return STATUS_UNSUCCESSFUL;
139 | 	}
140 | 
141 | 	PSINGLE_LIST_ENTRY g_KernelHashBucketList = PSINGLE_LIST_ENTRY(cidllBase + g_KernelHashBucketListOffset);
142 | 	PERESOURCE g_HashCacheLock = PERESOURCE(cidllBase + g_HashCacheLockOffset);
143 | 
144 | 	UNICODE_STRING driverName;
145 | 	RtlInitUnicodeString(&driverName, PKLDR_DATA_TABLE_ENTRY(driverObject->DriverSection)->FullDllName.Buffer + 6); //remove \??\C:
146 | 
147 | 	if (!ExAcquireResourceExclusiveLite(g_HashCacheLock, true))
148 | 	{
149 | 		Print("could not get hash bucket list spinlock\n");
150 | 		return STATUS_UNSUCCESSFUL;
151 | 	}
152 | 
153 | 	HashBucketEntry* currEntry = (HashBucketEntry*)g_KernelHashBucketList->Next;
154 | 	HashBucketEntry* prevEntry = (HashBucketEntry*)g_KernelHashBucketList;
155 | 
156 | 	while (currEntry)
157 | 	{
158 | 		if (!RtlCompareUnicodeString(&driverName, &currEntry->DriverName, true))
159 | 		{
160 | 			//unlink
161 | 			prevEntry->Next = currEntry->Next;
162 | 
163 | 			//overwrite
164 | 			currEntry->Next = (HashBucketEntry*)(RandomNumber() % sizeof(PVOID));
165 | 			WriteRandom((UINT64)&currEntry->CertHash, sizeof(currEntry->CertHash));
166 | 			WriteRandom((ULONG64)currEntry->DriverName.Buffer, currEntry->DriverName.Length);
167 | 
168 | 			//free 
169 | 			ExFreePoolWithTag(currEntry, 0);
170 | 			break;
171 | 		}
172 | 
173 | 		prevEntry = currEntry;
174 | 		currEntry = currEntry->Next;
175 | 	}
176 | 
177 | 	currEntry = (HashBucketEntry*)g_KernelHashBucketList->Next;
178 | 	while (currEntry)
179 | 	{
180 | 		if (!RtlCompareUnicodeString(&driverName, &currEntry->DriverName, true))
181 | 		{
182 | 			Print("failed to clear hasbucketList\n");
183 | 			ExReleaseResourceLite(g_HashCacheLock);
184 | 			return STATUS_UNSUCCESSFUL;
185 | 		}
186 | 		currEntry = currEntry->Next;
187 | 	}
188 | 
189 | 	Print("cleared hashbucketList\n");
190 | 	ExReleaseResourceLite(g_HashCacheLock);
191 | 	return STATUS_SUCCESS;
192 | }
193 | 
194 | #pragma endregion
195 | 
196 | #pragma region LookasideList
197 | 
198 | NTSTATUS DeleteCiEaCacheLookasideList()
199 | {
200 | 	UINT64 cidllBase = GetKernelModuleBase("CI.dll");
201 | 	if (!cidllBase)
202 | 	{
203 | 		Print("failed to get ci base\n");
204 | 		return STATUS_UNSUCCESSFUL;
205 | 	}
206 | 
207 | 
208 | 	PLOOKASIDE_LIST_EX g_CiEaCacheLookasideList = (PLOOKASIDE_LIST_EX)(cidllBase + g_CiEaCacheLookasideListOffset);
209 | 	ULONG size = g_CiEaCacheLookasideList->L.Size;
210 | 	ExDeleteLookasideListEx(g_CiEaCacheLookasideList);
211 | 	ExInitializeLookasideListEx(g_CiEaCacheLookasideList, NULL, NULL, PagedPool, 0, size, 'csIC', 0);
212 | }
213 | 
214 | #pragma endregion
215 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | ##
  4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
  5 | 
  6 | # User-specific files
  7 | *.rsuser
  8 | *.suo
  9 | *.user
 10 | *.userosscache
 11 | *.sln.docstates
 12 | 
 13 | # User-specific files (MonoDevelop/Xamarin Studio)
 14 | *.userprefs
 15 | 
 16 | # Mono auto generated files
 17 | mono_crash.*
 18 | 
 19 | # Build results
 20 | [Dd]ebug/
 21 | [Dd]ebugPublic/
 22 | [Rr]elease/
 23 | [Rr]eleases/
 24 | x64/
 25 | x86/
 26 | [Aa][Rr][Mm]/
 27 | [Aa][Rr][Mm]64/
 28 | bld/
 29 | [Bb]in/
 30 | [Oo]bj/
 31 | [Ll]og/
 32 | [Ll]ogs/
 33 | 
 34 | # Visual Studio 2015/2017 cache/options directory
 35 | .vs/
 36 | # Uncomment if you have tasks that create the project's static files in wwwroot
 37 | #wwwroot/
 38 | 
 39 | # Visual Studio 2017 auto generated files
 40 | Generated\ Files/
 41 | 
 42 | # MSTest test Results
 43 | [Tt]est[Rr]esult*/
 44 | [Bb]uild[Ll]og.*
 45 | 
 46 | # NUnit
 47 | *.VisualState.xml
 48 | TestResult.xml
 49 | nunit-*.xml
 50 | 
 51 | # Build Results of an ATL Project
 52 | [Dd]ebugPS/
 53 | [Rr]eleasePS/
 54 | dlldata.c
 55 | 
 56 | # Benchmark Results
 57 | BenchmarkDotNet.Artifacts/
 58 | 
 59 | # .NET Core
 60 | project.lock.json
 61 | project.fragment.lock.json
 62 | artifacts/
 63 | 
 64 | # StyleCop
 65 | StyleCopReport.xml
 66 | 
 67 | # Files built by Visual Studio
 68 | *_i.c
 69 | *_p.c
 70 | *_h.h
 71 | *.ilk
 72 | *.meta
 73 | *.obj
 74 | *.iobj
 75 | *.pch
 76 | *.pdb
 77 | *.ipdb
 78 | *.pgc
 79 | *.pgd
 80 | *.rsp
 81 | *.sbr
 82 | *.tlb
 83 | *.tli
 84 | *.tlh
 85 | *.tmp
 86 | *.tmp_proj
 87 | *_wpftmp.csproj
 88 | *.log
 89 | *.vspscc
 90 | *.vssscc
 91 | .builds
 92 | *.pidb
 93 | *.svclog
 94 | *.scc
 95 | 
 96 | # Chutzpah Test files
 97 | _Chutzpah*
 98 | 
 99 | # Visual C++ cache files
100 | ipch/
101 | *.aps
102 | *.ncb
103 | *.opendb
104 | *.opensdf
105 | *.sdf
106 | *.cachefile
107 | *.VC.db
108 | *.VC.VC.opendb
109 | 
110 | # Visual Studio profiler
111 | *.psess
112 | *.vsp
113 | *.vspx
114 | *.sap
115 | 
116 | # Visual Studio Trace Files
117 | *.e2e
118 | 
119 | # TFS 2012 Local Workspace
120 | $tf/
121 | 
122 | # Guidance Automation Toolkit
123 | *.gpState
124 | 
125 | # ReSharper is a .NET coding add-in
126 | _ReSharper*/
127 | *.[Rr]e[Ss]harper
128 | *.DotSettings.user
129 | 
130 | # TeamCity is a build add-in
131 | _TeamCity*
132 | 
133 | # DotCover is a Code Coverage Tool
134 | *.dotCover
135 | 
136 | # AxoCover is a Code Coverage Tool
137 | .axoCover/*
138 | !.axoCover/settings.json
139 | 
140 | # Visual Studio code coverage results
141 | *.coverage
142 | *.coveragexml
143 | 
144 | # NCrunch
145 | _NCrunch_*
146 | .*crunch*.local.xml
147 | nCrunchTemp_*
148 | 
149 | # MightyMoose
150 | *.mm.*
151 | AutoTest.Net/
152 | 
153 | # Web workbench (sass)
154 | .sass-cache/
155 | 
156 | # Installshield output folder
157 | [Ee]xpress/
158 | 
159 | # DocProject is a documentation generator add-in
160 | DocProject/buildhelp/
161 | DocProject/Help/*.HxT
162 | DocProject/Help/*.HxC
163 | DocProject/Help/*.hhc
164 | DocProject/Help/*.hhk
165 | DocProject/Help/*.hhp
166 | DocProject/Help/Html2
167 | DocProject/Help/html
168 | 
169 | # Click-Once directory
170 | publish/
171 | 
172 | # Publish Web Output
173 | *.[Pp]ublish.xml
174 | *.azurePubxml
175 | # Note: Comment the next line if you want to checkin your web deploy settings,
176 | # but database connection strings (with potential passwords) will be unencrypted
177 | *.pubxml
178 | *.publishproj
179 | 
180 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
181 | # checkin your Azure Web App publish settings, but sensitive information contained
182 | # in these scripts will be unencrypted
183 | PublishScripts/
184 | 
185 | # NuGet Packages
186 | *.nupkg
187 | # NuGet Symbol Packages
188 | *.snupkg
189 | # The packages folder can be ignored because of Package Restore
190 | **/[Pp]ackages/*
191 | # except build/, which is used as an MSBuild target.
192 | !**/[Pp]ackages/build/
193 | # Uncomment if necessary however generally it will be regenerated when needed
194 | #!**/[Pp]ackages/repositories.config
195 | # NuGet v3's project.json files produces more ignorable files
196 | *.nuget.props
197 | *.nuget.targets
198 | 
199 | # Microsoft Azure Build Output
200 | csx/
201 | *.build.csdef
202 | 
203 | # Microsoft Azure Emulator
204 | ecf/
205 | rcf/
206 | 
207 | # Windows Store app package directories and files
208 | AppPackages/
209 | BundleArtifacts/
210 | Package.StoreAssociation.xml
211 | _pkginfo.txt
212 | *.appx
213 | *.appxbundle
214 | *.appxupload
215 | 
216 | # Visual Studio cache files
217 | # files ending in .cache can be ignored
218 | *.[Cc]ache
219 | # but keep track of directories ending in .cache
220 | !?*.[Cc]ache/
221 | 
222 | # Others
223 | ClientBin/
224 | ~$*
225 | *~
226 | *.dbmdl
227 | *.dbproj.schemaview
228 | *.jfm
229 | *.pfx
230 | *.publishsettings
231 | orleans.codegen.cs
232 | 
233 | # Including strong name files can present a security risk
234 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
235 | #*.snk
236 | 
237 | # Since there are multiple workflows, uncomment next line to ignore bower_components
238 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
239 | #bower_components/
240 | 
241 | # RIA/Silverlight projects
242 | Generated_Code/
243 | 
244 | # Backup & report files from converting an old project file
245 | # to a newer Visual Studio version. Backup files are not needed,
246 | # because we have git ;-)
247 | _UpgradeReport_Files/
248 | Backup*/
249 | UpgradeLog*.XML
250 | UpgradeLog*.htm
251 | ServiceFabricBackup/
252 | *.rptproj.bak
253 | 
254 | # SQL Server files
255 | *.mdf
256 | *.ldf
257 | *.ndf
258 | 
259 | # Business Intelligence projects
260 | *.rdl.data
261 | *.bim.layout
262 | *.bim_*.settings
263 | *.rptproj.rsuser
264 | *- [Bb]ackup.rdl
265 | *- [Bb]ackup ([0-9]).rdl
266 | *- [Bb]ackup ([0-9][0-9]).rdl
267 | 
268 | # Microsoft Fakes
269 | FakesAssemblies/
270 | 
271 | # GhostDoc plugin setting file
272 | *.GhostDoc.xml
273 | 
274 | # Node.js Tools for Visual Studio
275 | .ntvs_analysis.dat
276 | node_modules/
277 | 
278 | # Visual Studio 6 build log
279 | *.plg
280 | 
281 | # Visual Studio 6 workspace options file
282 | *.opt
283 | 
284 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
285 | *.vbw
286 | 
287 | # Visual Studio LightSwitch build output
288 | **/*.HTMLClient/GeneratedArtifacts
289 | **/*.DesktopClient/GeneratedArtifacts
290 | **/*.DesktopClient/ModelManifest.xml
291 | **/*.Server/GeneratedArtifacts
292 | **/*.Server/ModelManifest.xml
293 | _Pvt_Extensions
294 | 
295 | # Paket dependency manager
296 | .paket/paket.exe
297 | paket-files/
298 | 
299 | # FAKE - F# Make
300 | .fake/
301 | 
302 | # CodeRush personal settings
303 | .cr/personal
304 | 
305 | # Python Tools for Visual Studio (PTVS)
306 | __pycache__/
307 | *.pyc
308 | 
309 | # Cake - Uncomment if you are using it
310 | # tools/**
311 | # !tools/packages.config
312 | 
313 | # Tabs Studio
314 | *.tss
315 | 
316 | # Telerik's JustMock configuration file
317 | *.jmconfig
318 | 
319 | # BizTalk build output
320 | *.btp.cs
321 | *.btm.cs
322 | *.odx.cs
323 | *.xsd.cs
324 | 
325 | # OpenCover UI analysis results
326 | OpenCover/
327 | 
328 | # Azure Stream Analytics local run output
329 | ASALocalRun/
330 | 
331 | # MSBuild Binary and Structured Log
332 | *.binlog
333 | 
334 | # NVidia Nsight GPU debugger configuration file
335 | *.nvuser
336 | 
337 | # MFractors (Xamarin productivity tool) working folder
338 | .mfractor/
339 | 
340 | # Local History for Visual Studio
341 | .localhistory/
342 | 
343 | # BeatPulse healthcheck temp database
344 | healthchecksdb
345 | 
346 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
347 | MigrationBackup/
348 | 
349 | # Ionide (cross platform F# VS Code tools) working folder
350 | .ionide/
351 | 


--------------------------------------------------------------------------------
/ClearDriverTraces/Mapper.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |     <ProjectConfiguration Include="Debug|ARM">
 21 |       <Configuration>Debug</Configuration>
 22 |       <Platform>ARM</Platform>
 23 |     </ProjectConfiguration>
 24 |     <ProjectConfiguration Include="Release|ARM">
 25 |       <Configuration>Release</Configuration>
 26 |       <Platform>ARM</Platform>
 27 |     </ProjectConfiguration>
 28 |     <ProjectConfiguration Include="Debug|ARM64">
 29 |       <Configuration>Debug</Configuration>
 30 |       <Platform>ARM64</Platform>
 31 |     </ProjectConfiguration>
 32 |     <ProjectConfiguration Include="Release|ARM64">
 33 |       <Configuration>Release</Configuration>
 34 |       <Platform>ARM64</Platform>
 35 |     </ProjectConfiguration>
 36 |   </ItemGroup>
 37 |   <PropertyGroup Label="Globals">
 38 |     <ProjectGuid>{EB6C9087-A8AA-4160-9E90-8A8864CC8806}</ProjectGuid>
 39 |     <TemplateGuid>{1bc93793-694f-48fe-9372-81e2b05556fd}</TemplateGuid>
 40 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 41 |     <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
 42 |     <Configuration>Debug</Configuration>
 43 |     <Platform Condition="'$(Platform)' == ''">Win32</Platform>
 44 |     <RootNamespace>Mapper</RootNamespace>
 45 |     <WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>
 46 |   </PropertyGroup>
 47 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 49 |     <TargetVersion>Windows10</TargetVersion>
 50 |     <UseDebugLibraries>true</UseDebugLibraries>
 51 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 52 |     <ConfigurationType>Driver</ConfigurationType>
 53 |     <DriverType>KMDF</DriverType>
 54 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 55 |   </PropertyGroup>
 56 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 57 |     <TargetVersion>Windows10</TargetVersion>
 58 |     <UseDebugLibraries>false</UseDebugLibraries>
 59 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 60 |     <ConfigurationType>Driver</ConfigurationType>
 61 |     <DriverType>KMDF</DriverType>
 62 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 63 |   </PropertyGroup>
 64 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 65 |     <TargetVersion>Windows10</TargetVersion>
 66 |     <UseDebugLibraries>true</UseDebugLibraries>
 67 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 68 |     <ConfigurationType>Driver</ConfigurationType>
 69 |     <DriverType>KMDF</DriverType>
 70 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 71 |     <ALLOW_DATE_TIME>1</ALLOW_DATE_TIME>
 72 |     <CharacterSet>MultiByte</CharacterSet>
 73 |   </PropertyGroup>
 74 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 75 |     <TargetVersion>Windows10</TargetVersion>
 76 |     <UseDebugLibraries>false</UseDebugLibraries>
 77 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 78 |     <ConfigurationType>Driver</ConfigurationType>
 79 |     <DriverType>KMDF</DriverType>
 80 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 81 |     <ALLOW_DATE_TIME>1</ALLOW_DATE_TIME>
 82 |     <CharacterSet>MultiByte</CharacterSet>
 83 |   </PropertyGroup>
 84 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
 85 |     <TargetVersion>Windows10</TargetVersion>
 86 |     <UseDebugLibraries>true</UseDebugLibraries>
 87 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 88 |     <ConfigurationType>Driver</ConfigurationType>
 89 |     <DriverType>KMDF</DriverType>
 90 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 91 |     <CharacterSet>MultiByte</CharacterSet>
 92 |   </PropertyGroup>
 93 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
 94 |     <TargetVersion>Windows10</TargetVersion>
 95 |     <UseDebugLibraries>false</UseDebugLibraries>
 96 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 97 |     <ConfigurationType>Driver</ConfigurationType>
 98 |     <DriverType>KMDF</DriverType>
 99 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
100 |     <CharacterSet>MultiByte</CharacterSet>
101 |   </PropertyGroup>
102 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
103 |     <TargetVersion>Windows10</TargetVersion>
104 |     <UseDebugLibraries>true</UseDebugLibraries>
105 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
106 |     <ConfigurationType>Driver</ConfigurationType>
107 |     <DriverType>KMDF</DriverType>
108 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
109 |   </PropertyGroup>
110 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
111 |     <TargetVersion>Windows10</TargetVersion>
112 |     <UseDebugLibraries>false</UseDebugLibraries>
113 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
114 |     <ConfigurationType>Driver</ConfigurationType>
115 |     <DriverType>KMDF</DriverType>
116 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
117 |   </PropertyGroup>
118 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
119 |   <ImportGroup Label="ExtensionSettings">
120 |   </ImportGroup>
121 |   <ImportGroup Label="PropertySheets">
122 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
123 |   </ImportGroup>
124 |   <PropertyGroup Label="UserMacros" />
125 |   <PropertyGroup />
126 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
127 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
128 |   </PropertyGroup>
129 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
130 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
131 |   </PropertyGroup>
132 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
133 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
134 |     <EnableInf2cat>false</EnableInf2cat>
135 |   </PropertyGroup>
136 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
137 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
138 |     <EnableInf2cat>false</EnableInf2cat>
139 |   </PropertyGroup>
140 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
141 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
142 |   </PropertyGroup>
143 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
144 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
145 |   </PropertyGroup>
146 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
147 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
148 |   </PropertyGroup>
149 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
150 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
151 |   </PropertyGroup>
152 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
153 |     <Link>
154 |       <EntryPointSymbol>DriverEntry</EntryPointSymbol>
155 |     </Link>
156 |     <ClCompile>
157 |       <TreatWarningAsError>false</TreatWarningAsError>
158 |       <LanguageStandard>stdcpp20</LanguageStandard>
159 |     </ClCompile>
160 |   </ItemDefinitionGroup>
161 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
162 |     <Link>
163 |       <EntryPointSymbol>DriverEntry</EntryPointSymbol>
164 |     </Link>
165 |     <ClCompile>
166 |       <TreatWarningAsError>false</TreatWarningAsError>
167 |       <LanguageStandard>stdcpp20</LanguageStandard>
168 |     </ClCompile>
169 |   </ItemDefinitionGroup>
170 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
171 |     <ClCompile>
172 |       <LanguageStandard>stdcpp17</LanguageStandard>
173 |     </ClCompile>
174 |   </ItemDefinitionGroup>
175 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
176 |     <ClCompile>
177 |       <LanguageStandard>stdcpp17</LanguageStandard>
178 |     </ClCompile>
179 |   </ItemDefinitionGroup>
180 |   <ItemGroup>
181 |     <Inf Include="Mapper.inf" />
182 |   </ItemGroup>
183 |   <ItemGroup>
184 |     <FilesToPackage Include="$(TargetPath)" />
185 |   </ItemGroup>
186 |   <ItemGroup>
187 |     <ClCompile Include="Main.cpp" />
188 |   </ItemGroup>
189 |   <ItemGroup>
190 |     <ClInclude Include="Cleaning.h" />
191 |     <ClInclude Include="Misc.h" />
192 |   </ItemGroup>
193 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
194 |   <ImportGroup Label="ExtensionTargets">
195 |   </ImportGroup>
196 | </Project>


--------------------------------------------------------------------------------