├── .gitignore
├── LICENSE
├── readme.md
└── src
    ├── driver.hpp
    ├── fs.hpp
    ├── kernelLoader.sln
    ├── kernelLoader.vcxproj
    ├── kernelLoader.vcxproj.filters
    ├── kernelLoader.vcxproj.user
    └── main.cpp


/.gitignore:
--------------------------------------------------------------------------------
1 | .vs
2 | src/x64


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 Soju06
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
  1 | # KernelLoader
  2 | 
  3 | KernelLoader is a simple tool to load and debug unsigned kernel.
  4 | 
  5 | ## Usage
  6 | 
  7 | ```bash
  8 | Usage:
  9 |   -l, --load [driver path] [driver name]
 10 | 	Load the driver.
 11 | 		
 12 | 	Options:
 13 | 		-o, --overwrite
 14 | 			If the driver already exists, exit and overwrite it.
 15 | 		-w, --watch
 16 | 			Quickly reload drivers from a prompt when needed.
 17 | 
 18 |   -u, --unload [driver name]
 19 | 	Delete the driver.
 20 | 
 21 | Global Options:
 22 |   -s, --status [driver name]
 23 | 	Print the drivers service status.
 24 |   -i, --ignore-signatures
 25 |   	Install services to ignore kernel driver signatures. (powered by Wind64)
 26 | 
 27 |   -r, --uninstall-ignore-signatures
 28 | 	Remove services that ignore signatures of kernel drivers. (powered by Wind64)
 29 | ```
 30 | 
 31 | ## Examples
 32 | 
 33 | #### Watch Mode
 34 | 
 35 | Here is an example of loading `../EasyShield.sys` with Watch mode and signature ignore.
 36 | 
 37 | If signature ignore is enabled and an anti-cheat is running during Watch mode, a flag may occur. Disable the anti-cheat to debug the driver.
 38 | 
 39 | **To use this feature, the driver must support the `SERVICE_ACCEPT_STOP` control.**
 40 | 
 41 | To support the `SERVICE_ACCEPT_STOP` control, refer to [here](#how-to-support-service_accept_stop-control).
 42 | 
 43 | 
 44 | ```bash
 45 | kernelLoader.exe -l ../EasyShield.sys EasyShield2 -w -i
 46 | ```
 47 | 
 48 | ```bash
 49 | [+] EasyShield2 driver loaded successfully.
 50 | 
 51 | [*] Press the 'R' key to reload the driver.
 52 |     Press the 'S' key to print the service status.
 53 |     Press the 'Q' key to exit the loop.
 54 |     Press the 'X' key to delete the driver and exit the loop.
 55 | 
 56 | 21:59:07:
 57 | ```
 58 | 
 59 | If you press the S key, you can check the service status as follows.
 60 | 
 61 | ```bash
 62 | [+] EasyShield2 Service Status :
 63 | ------------------------------------------------------
 64 |   Type                   :  SERVICE_KERNEL_DRIVER
 65 |   Status                 :  RUNNING
 66 | ------------------------------------------------------
 67 |   Wait Hint              :  0ms
 68 |   Checkpoint             :  0
 69 |   Controls Accepted      :  SERVICE_ACCEPT_STOP
 70 | ------------------------------------------------------
 71 |   Exit Code (Win32)      :  0x00000000
 72 |   Exit Code (Service)    :  0x00000000
 73 | ------------------------------------------------------
 74 | 
 75 | 
 76 | [*] Press the 'R' key to reload the driver.
 77 |     Press the 'S' key to print the service status.
 78 |     Press the 'Q' key to exit the loop.
 79 |     Press the 'X' key to delete the driver and exit the loop.
 80 | 
 81 | 21:59:45:
 82 | ```
 83 | 
 84 | ## How to support `SERVICE_ACCEPT_STOP` control
 85 | 
 86 | You can specify a callback function in `PDRIVER_OBJECT->DriverUnload`.
 87 | 
 88 | ```c
 89 | VOID OnUnload(PDRIVER_OBJECT driverObject) {
 90 | 	UNREFERENCED_PARAMETER(driverObject);
 91 |     DbgPrintEx(0, 0, "[*] Device unloaded.\n");
 92 | }
 93 | 
 94 | NTSTATUS DriverEntry(
 95 | 	PDRIVER_OBJECT		driverObject,
 96 | 	PUNICODE_STRING		registryPath
 97 | ) {
 98 | 	UNREFERENCED_PARAMETER(registryPath);
 99 |     DbgPrintEx(0, 0, "[*] Device loaded.\n");
100 | 
101 |     driverObject->DriverUnload = OnUnload;
102 | 
103 | 	return STATUS_SUCCESS;
104 | }
105 | ```


--------------------------------------------------------------------------------
/src/driver.hpp:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include <format>
  3 | #include <vector>
  4 | 
  5 | #include "fs.hpp"
  6 | 
  7 | inline bool SCManager(SC_HANDLE* handle) {
  8 | 	*handle = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
  9 | 	if (handle) return 1;
 10 | 	cout << "[x] Can't open SC manager. (permissions issue)\n";
 11 | 	return 0;
 12 | }
 13 | 
 14 | inline bool OpenDriver(
 15 | 	wstring serviceName,
 16 | 	DWORD access,
 17 | 	SC_HANDLE* manager,
 18 | 	SC_HANDLE* driver,
 19 | 	int ignoreLevel
 20 | ) {
 21 | 	auto _manager = manager;
 22 | 
 23 | 	if (!manager || !SCManager(manager))
 24 | 		return 0;
 25 | 
 26 | 	*driver = OpenService(
 27 | 		*manager,
 28 | 		serviceName.c_str(),
 29 | 		access
 30 | 	);
 31 | 
 32 | 	if (!*driver) {
 33 | 		if (ignoreLevel < 1)
 34 | 			cout << "[x] Cannot open service.\n";
 35 | 		if (!_manager) 
 36 | 			CloseServiceHandle(*manager);
 37 | 		return 0;
 38 | 	}
 39 | 	return 1;
 40 | }
 41 | 
 42 | inline bool GetStatus(
 43 | 	wstring serviceName,
 44 | 	SERVICE_STATUS* status,
 45 | 	SC_HANDLE* manager = 0
 46 | ) {
 47 | 	bool lv = 0;
 48 | 	SC_HANDLE handle, service = 0;
 49 | 
 50 | 	if (manager)
 51 | 		handle = *manager;
 52 | 
 53 | 	if (!OpenDriver(
 54 | 		serviceName,
 55 | 		SERVICE_QUERY_STATUS,
 56 | 		&handle,
 57 | 		&service,
 58 | 		0
 59 | 	)) return 0;
 60 | 
 61 | 	if (!QueryServiceStatus(service, status))
 62 | 		cout << "[x] Unable to get status of service.\n";
 63 | 	else lv = 1;
 64 | 
 65 | 	if (service)
 66 | 		CloseServiceHandle(service);
 67 | 
 68 | 	if (!manager)
 69 | 		CloseServiceHandle(handle);
 70 | 
 71 | 	return lv;
 72 | }
 73 | 
 74 | inline bool DeleteDriver(
 75 | 	wstring serviceName,
 76 | 	SC_HANDLE* manager = 0,
 77 | 	int ignoreLevel = 0
 78 | ) {
 79 | 	bool lv = 0;
 80 | 	SC_HANDLE handle, service = 0;
 81 | 
 82 | 	if (manager)
 83 | 		handle = *manager;
 84 | 
 85 | 	if (!OpenDriver(
 86 | 		serviceName,
 87 | 		SERVICE_STOP | DELETE,
 88 | 		&handle,
 89 | 		&service,
 90 | 		ignoreLevel
 91 | 	)) return 0;
 92 | 
 93 | 	if (!service) {
 94 | 		if (ignoreLevel < 1) 
 95 | 			cout << "[x] Cannot open service.\n";
 96 | 		goto CLOSE;
 97 | 	}
 98 | 	
 99 | 	SERVICE_STATUS status;
100 | 	if (
101 | 		ControlService(service, SERVICE_CONTROL_STOP, &status) ||
102 | 		status.dwCurrentState == SERVICE_STOPPED
103 | 	)
104 | 		if (!DeleteService(service) && ignoreLevel < 3)
105 | 			cout << "[x] Cannot delete service.\n";
106 | 		else lv = 1;
107 | 
108 | 	else if (ignoreLevel < 2)
109 | 		cout << "[x] Service cannot be stopped (Probably the driver unload method is not defined).\n";
110 | 
111 | CLOSE:
112 | 	if (service)
113 | 		CloseServiceHandle(service);
114 | 
115 | 	if (!manager) 
116 | 		CloseServiceHandle(handle);
117 | 
118 | 	return lv;
119 | }
120 | 
121 | inline bool LoadDriver(
122 | 	wstring driverPath,
123 | 	wstring serviceName,
124 | 	wstring displayName,
125 | 	SC_HANDLE* manager = 0,
126 | 	bool overwrite = 0
127 | ) {
128 | 	bool lv = 0;
129 | 	auto _manager = manager;
130 | 	SC_HANDLE handle;
131 | 
132 | 	if (manager)
133 | 		handle = *manager;
134 | 	else if (!SCManager(&handle))
135 | 		return 0;
136 | 	
137 | CREATE_SERVICE:
138 | 	SC_HANDLE service = CreateService(
139 | 		handle,
140 | 		serviceName.c_str(),
141 | 		displayName.c_str(),
142 | 		SERVICE_START | DELETE | SERVICE_STOP,
143 | 		SERVICE_KERNEL_DRIVER,
144 | 		SERVICE_DEMAND_START,
145 | 		SERVICE_ERROR_IGNORE,
146 | 		driverPath.c_str(),
147 | 		NULL,
148 | 		NULL,
149 | 		NULL,
150 | 		NULL,
151 | 		NULL
152 | 	);
153 | 
154 | 	if (!service) {
155 | 		if (overwrite) {
156 | 			if (DeleteDriver(
157 | 				serviceName.c_str(),
158 | 				&handle
159 | 			)) goto CREATE_SERVICE;
160 | 		} else
161 | 			cout << "[x] Unable to create service. (there is already a registered service)\n";
162 | 		goto CLOSE;
163 | 	}
164 | 
165 | 	if (!StartServiceA(service, NULL, NULL))
166 | 		cout << "[x] Service cannot be run.\n";
167 | 	else lv = 1;
168 | 
169 | CLOSE:
170 | 	if (service)
171 | 		CloseServiceHandle(service);
172 | 	if (!_manager)
173 | 		CloseServiceHandle(handle);
174 | 
175 | 	return lv;
176 | }
177 | 
178 | #define FLAG_STR(list, value, flag) \
179 | 	if ((value & flag) == flag)		\
180 | 	list.push_back(#flag);
181 | 
182 | inline bool PrintStatus(
183 | 	wstring serviceName,
184 | 	SC_HANDLE* manager = 0
185 | ) {
186 | 	SERVICE_STATUS status;
187 | 	
188 | 	if (!GetStatus(serviceName, &status, manager))
189 | 		return 0;
190 | 
191 | 	vector<string> types, ctrlacp;
192 | 	FLAG_STR(types, status.dwServiceType, SERVICE_FILE_SYSTEM_DRIVER);
193 | 	FLAG_STR(types, status.dwServiceType, SERVICE_KERNEL_DRIVER);
194 | 	FLAG_STR(types, status.dwServiceType, SERVICE_WIN32_OWN_PROCESS);
195 | 	FLAG_STR(types, status.dwServiceType, SERVICE_WIN32_SHARE_PROCESS);
196 | 	FLAG_STR(types, status.dwServiceType, SERVICE_USER_OWN_PROCESS);
197 | 	FLAG_STR(types, status.dwServiceType, SERVICE_USER_SHARE_PROCESS);
198 | 	FLAG_STR(types, status.dwServiceType, SERVICE_INTERACTIVE_PROCESS);
199 | 
200 | 	FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_NETBINDCHANGE);
201 | 	FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_PARAMCHANGE);
202 | 	FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_PAUSE_CONTINUE);
203 | 	FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_PRESHUTDOWN);
204 | 	FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_SHUTDOWN);
205 | 	FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_STOP);
206 | 	FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_HARDWAREPROFILECHANGE);
207 | 	FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_POWEREVENT);
208 | 	FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_SESSIONCHANGE);
209 | 	FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_TIMECHANGE);
210 | 	FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_TRIGGEREVENT);
211 | 	// FLAG_STR(ctrlacp, status.dwControlsAccepted, SERVICE_ACCEPT_USERMODEREBOOT);
212 | 
213 | 	cout << format(
214 | 		"[+] {} Service Status :\n"
215 | 		"------------------------------------------------------\n"
216 | 		"  Type                   :  {}\n"
217 | 		"  Status                 :  {}\n"
218 | 		"------------------------------------------------------\n"
219 | 		"  Wait Hint              :  {}ms\n"
220 | 		"  Checkpoint             :  {}\n"
221 | 		"  Controls Accepted      :  {}\n"
222 | 		"------------------------------------------------------\n"
223 | 		"  Exit Code (Win32)      :  {:#010x}\n"
224 | 		"  Exit Code (Service)    :  {:#010x}\n"
225 | 		"------------------------------------------------------\n"
226 | 		"\n",
227 | 		path(serviceName).string(),
228 | 		strjoin(types, " | "),
229 | 		status.dwCurrentState == SERVICE_CONTINUE_PENDING	? "PENDING" :
230 | 		status.dwCurrentState == SERVICE_PAUSE_PENDING		? "PAUSE PENDING" :
231 | 		status.dwCurrentState == SERVICE_PAUSED				? "PAUSED" :
232 | 		status.dwCurrentState == SERVICE_RUNNING			? "RUNNING" :
233 | 		status.dwCurrentState == SERVICE_START_PENDING		? "START PENDING" :
234 | 		status.dwCurrentState == SERVICE_STOP_PENDING		? "STOP PENDING" :
235 | 		status.dwCurrentState == SERVICE_STOPPED			? "STOPPED" :
236 | 			to_string(status.dwCurrentState),
237 | 		status.dwWaitHint,
238 | 		status.dwCheckPoint,
239 | 		ctrlacp.empty() ?"NONE" : strjoin(ctrlacp, " | "),
240 | 		status.dwWin32ExitCode,
241 | 		status.dwServiceSpecificExitCode
242 | 	);
243 | 
244 | 	return 1;
245 | }
246 | 
247 | inline bool HookDebugLog() {
248 | 	
249 | }


--------------------------------------------------------------------------------
/src/fs.hpp:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <Windows.h>
 3 | #include <iostream>
 4 | #include <filesystem>
 5 | #include <numeric>
 6 | 
 7 | using namespace std;
 8 | using namespace std::filesystem;
 9 | 
10 | static const char Strings[] =
11 | 	"0123456789"
12 | 	"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
13 | 	"abcdefghijklmnopqrstuvwxyz";
14 | 
15 | inline string randstr(int len) {
16 | 	char* str = new char[(size_t)len + 1] { 0 };
17 | 
18 | 	for (int i = 0; i < len; ++i)
19 | 		str[i] = Strings[rand() % (sizeof(Strings) - 1)];
20 | 
21 | 	return str;
22 | }
23 | 
24 | inline bool tempdir(path& dir, string prefix) {
25 | 	while (1) {
26 | 		dir = temp_directory_path() / path(prefix + randstr(8));
27 | 		if (!exists(dir)) break;
28 | 	}
29 | 
30 | 	return create_directories(dir);
31 | }
32 | 
33 | inline path curdir() {
34 | 	wchar_t filepath[MAX_PATH] = { 0 };
35 | 	GetModuleFileName(NULL, filepath, MAX_PATH);
36 | 	return path(filepath).parent_path();
37 | }
38 | 
39 | inline string strjoin(vector<string> strings, string delim) {
40 | 	if (strings.empty())
41 | 		return "";
42 | 
43 | 	return accumulate(strings.begin() + 1, strings.end(), strings[0],
44 | 		[&delim](std::string x, std::string y) {
45 | 			return x + delim + y;
46 | 		}
47 | 	);
48 | }
49 | 


--------------------------------------------------------------------------------
/src/kernelLoader.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.4.33205.214
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "kernelLoader", "kernelLoader.vcxproj", "{F0651DBE-72D5-4005-A99E-BA7D8C5B5F97}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{F0651DBE-72D5-4005-A99E-BA7D8C5B5F97}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{F0651DBE-72D5-4005-A99E-BA7D8C5B5F97}.Debug|x64.Build.0 = Debug|x64
18 | 		{F0651DBE-72D5-4005-A99E-BA7D8C5B5F97}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{F0651DBE-72D5-4005-A99E-BA7D8C5B5F97}.Debug|x86.Build.0 = Debug|Win32
20 | 		{F0651DBE-72D5-4005-A99E-BA7D8C5B5F97}.Release|x64.ActiveCfg = Release|x64
21 | 		{F0651DBE-72D5-4005-A99E-BA7D8C5B5F97}.Release|x64.Build.0 = Release|x64
22 | 		{F0651DBE-72D5-4005-A99E-BA7D8C5B5F97}.Release|x86.ActiveCfg = Release|Win32
23 | 		{F0651DBE-72D5-4005-A99E-BA7D8C5B5F97}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {DC46A656-9E34-4352-A43F-3EC0EDEDD9F3}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/src/kernelLoader.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{f0651dbe-72d5-4005-a99e-ba7d8c5b5f97}</ProjectGuid>
 25 |     <RootNamespace>kernelLoader</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v142</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v142</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 77 |     <LinkIncremental>false</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 80 |     <LinkIncremental>true</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <SDLCheck>true</SDLCheck>
 89 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 90 |       <ConformanceMode>true</ConformanceMode>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 95 |     </Link>
 96 |   </ItemDefinitionGroup>
 97 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 98 |     <ClCompile>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <FunctionLevelLinking>true</FunctionLevelLinking>
101 |       <IntrinsicFunctions>true</IntrinsicFunctions>
102 |       <SDLCheck>true</SDLCheck>
103 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
104 |       <ConformanceMode>true</ConformanceMode>
105 |     </ClCompile>
106 |     <Link>
107 |       <SubSystem>Console</SubSystem>
108 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
109 |       <OptimizeReferences>true</OptimizeReferences>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <SDLCheck>true</SDLCheck>
117 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
118 |       <ConformanceMode>true</ConformanceMode>
119 |       <LanguageStandard>stdcpp20</LanguageStandard>
120 |     </ClCompile>
121 |     <Link>
122 |       <SubSystem>Console</SubSystem>
123 |       <GenerateDebugInformation>true</GenerateDebugInformation>
124 |       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
125 |     </Link>
126 |   </ItemDefinitionGroup>
127 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
128 |     <ClCompile>
129 |       <WarningLevel>Level3</WarningLevel>
130 |       <FunctionLevelLinking>true</FunctionLevelLinking>
131 |       <IntrinsicFunctions>true</IntrinsicFunctions>
132 |       <SDLCheck>true</SDLCheck>
133 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
134 |       <ConformanceMode>true</ConformanceMode>
135 |       <LanguageStandard>stdcpp20</LanguageStandard>
136 |     </ClCompile>
137 |     <Link>
138 |       <SubSystem>Console</SubSystem>
139 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
140 |       <OptimizeReferences>true</OptimizeReferences>
141 |       <GenerateDebugInformation>true</GenerateDebugInformation>
142 |       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
143 |     </Link>
144 |   </ItemDefinitionGroup>
145 |   <ItemGroup>
146 |     <ClCompile Include="driver.hpp" />
147 |     <ClCompile Include="fs.hpp" />
148 |     <ClCompile Include="main.cpp" />
149 |   </ItemGroup>
150 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
151 |   <ImportGroup Label="ExtensionTargets">
152 |   </ImportGroup>
153 | </Project>


--------------------------------------------------------------------------------
/src/kernelLoader.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Resource Files">
 9 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
10 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
11 |     </Filter>
12 |     <Filter Include="Header Files">
13 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
14 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="main.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |     <ClCompile Include="driver.hpp">
22 |       <Filter>Source Files</Filter>
23 |     </ClCompile>
24 |     <ClCompile Include="fs.hpp">
25 |       <Filter>Source Files</Filter>
26 |     </ClCompile>
27 |   </ItemGroup>
28 | </Project>


--------------------------------------------------------------------------------
/src/kernelLoader.vcxproj.user:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 4 |     <RemoteDebuggerCommand>\\tsclient\G\Downloads\eft_kernel\kernelLoader\x64\Debug\kernelLoader.exe</RemoteDebuggerCommand>
 5 |     <RemoteDebuggerWorkingDirectory>\\tsclient\G\Downloads\eft_kernel\kernelLoader</RemoteDebuggerWorkingDirectory>
 6 |     <RemoteDebuggerDebuggerType>NativeOnly</RemoteDebuggerDebuggerType>
 7 |     <DebuggerFlavor>WindowsRemoteDebugger</DebuggerFlavor>
 8 |     <RemoteDebuggerServerName>172.28.99.45:4026</RemoteDebuggerServerName>
 9 |     <RemoteDebuggerCommandArguments>-l "C:\Users\soju\Desktop\eft_kernel2.sys" eftk -w</RemoteDebuggerCommandArguments>
10 |   </PropertyGroup>
11 | </Project>


--------------------------------------------------------------------------------
/src/main.cpp:
--------------------------------------------------------------------------------
  1 | #include <iostream>
  2 | #include <string>
  3 | #include <format>
  4 | #include <conio.h>
  5 | #include <ctime>
  6 | #include <urlmon.h>
  7 | #pragma comment(lib, "urlmon.lib")
  8 | 
  9 | #include "driver.hpp"
 10 | 
 11 | using namespace std;
 12 | 
 13 | constexpr auto	WIND64_URL	= L"https://github.com/katlogic/WindowsD/releases/download/v2.2/wind64.exe";
 14 | constexpr const char* HELP_STR = R"(
 15 | Usage:
 16 |   -l, --load [driver path] [driver name]
 17 | 	Load the driver.
 18 | 		
 19 | 	Options:
 20 | 		-o, --overwrite
 21 | 			If the driver already exists, exit and overwrite it.
 22 | 		-w, --watch
 23 | 			Quickly reload drivers from a prompt when needed.
 24 | 
 25 |   -u, --unload [driver name]
 26 | 	Delete the driver.
 27 | 
 28 | Global Options:
 29 |   -s, --status [driver name]
 30 | 	Print the drivers service status.
 31 |   -i, --ignore-signatures
 32 |   	Install services to ignore kernel driver signatures. (powered by Wind64)
 33 | 
 34 |   -r, --uninstall-ignore-signatures
 35 | 	Remove services that ignore signatures of kernel drivers. (powered by Wind64)
 36 | )";
 37 | 
 38 | int				Argc;
 39 | const char**	Argv;
 40 | path			RunningDir;
 41 | 
 42 | string NowTime() {
 43 | 	tm t;
 44 | 	stringstream buf;
 45 | 	time_t now_t = time(0);
 46 | 	localtime_s(&t, &now_t);
 47 | 	buf << put_time(&t, "%H:%M:%S");
 48 | 	return buf.str();
 49 | }
 50 | 
 51 | int FindArgs(const char* flag) {
 52 | 	for (int i = 0; i < Argc; i++) {
 53 | 		auto arg = Argv[i];
 54 | 		if (strcmp(arg, flag) == 0)
 55 | 			return i;
 56 | 	}
 57 | 	return -1;
 58 | }
 59 | 
 60 | const char* GetValue(int flagIndex) {
 61 | 	if (flagIndex < 0 || flagIndex >= Argc) return 0;
 62 | 	return Argv[flagIndex + 1];
 63 | }
 64 | 
 65 | bool UseWind64(const char* cmd = 0) {
 66 | 	auto windP = RunningDir / path("wind64.exe");
 67 | 	wstring windW = windP.wstring();
 68 | 
 69 | 	if (!exists(windP)) {
 70 | 		wcout << format(L"[*] Download Wind64 from {}\n", WIND64_URL);
 71 | 
 72 | 
 73 | 		if (
 74 | 			URLDownloadToFile(
 75 | 				NULL,
 76 | 				WIND64_URL,
 77 | 				windW.c_str(),
 78 | 				BINDF_GETNEWESTVERSION,
 79 | 				NULL
 80 | 			) != S_OK) {
 81 | 			cout << "[*] Failed to download Wind64.\n";
 82 | 			return 0;
 83 | 		}
 84 | 	}
 85 | 
 86 | 
 87 | 	if (cmd) {
 88 | 		auto status = system(format("{} {}", absolute(windP).string(), cmd).c_str());
 89 | 
 90 | 		
 91 | 		if (status != 1) {
 92 | 			cout << format("[*] Failed to execute Wind64. (ExitCode: 0x{:016X})\n", status);
 93 | 			return 0;
 94 | 		}
 95 | 		
 96 | 		Sleep(1000);
 97 | 	}
 98 | 
 99 | 	return 1;
100 | }
101 | 
102 | int main(int argc, const char** argv) {
103 | 	bool acok = 0;
104 | 	int argi = 0;
105 | 	const char *invparm = 0, *misparm = 0;
106 |     Argc = argc; Argv = argv;
107 | 	RunningDir = curdir();
108 | 
109 |     cout << "[*] Kernel Loader\n";
110 | 
111 | 	#define INVPARM(parm) invparm = #parm; goto SHOW_USAGE;
112 | 	#define MISPARM(parm) misparm = #parm; goto SHOW_USAGE;
113 | 
114 | 	bool ignore_signatures =
115 | 		FindArgs("-i") != -1 ||
116 | 		FindArgs("--ignore-signatures") != -1;
117 | 	if (
118 | 		argc == 0				||
119 | 		FindArgs("-?") != -1	||
120 | 		FindArgs("-h") != -1
121 | 	) {
122 | 		SHOW_USAGE:
123 | 		if (invparm) cout << format("[-] Parameter {} is invalid.\n", invparm);
124 | 		if (misparm) cout << format("[-] Parameter {} is missing.\n", misparm);
125 | 		cout << HELP_STR;
126 | 		goto EXIT;
127 | 	}
128 | 
129 | 	if (ignore_signatures) { 
130 | 		// wind64.exe /i
131 | 		acok = 1;
132 | 		cout << "[*] Install services to ignore kernel driver signatures.\n";
133 | 		if (!UseWind64("/i"))
134 | 			goto EXIT;
135 | 		cout << "[+] OK\n";
136 | 	} else if (
137 | 		// wind64.exe /u
138 | 		FindArgs("-r")								!= -1 ||
139 | 		FindArgs("--uninstall-ignore-signatures")	!= -1
140 | 	) {
141 | 		acok = 1;
142 | 		cout << "[*] Uninstall services that ignore signatures of kernel drivers.\n";
143 | 		if (!UseWind64("/u"))
144 | 			goto EXIT;
145 | 	} else if (
146 | 		// status
147 | 		(argi = FindArgs("-s")) != -1 ||
148 | 		(argi = FindArgs("--status")) != -1
149 | 	) {
150 | 		acok = 1;
151 | 		auto name = GetValue(argi);
152 | 
153 | 		if (!name) {
154 | 			MISPARM(name);
155 | 		}
156 | 
157 | 		PrintStatus(path(name));
158 | 	}
159 | 
160 | 	if (
161 | 		// load
162 | 		(argi = FindArgs("-l"))		!= -1 ||
163 | 		(argi = FindArgs("--load")) != -1
164 | 	) {
165 | 		auto
166 | 			driverPath	=	GetValue(argi),
167 | 			name		=	GetValue(argi + 1);
168 | 		auto
169 | 			overwrite	=	FindArgs("-o")			!= -1 ||
170 | 							FindArgs("--overwrite") != -1,
171 | 			watch		=	FindArgs("-w")			!= -1 ||
172 | 							FindArgs("--watch")		!= -1;
173 | 
174 | 		if (!driverPath) {
175 | 			MISPARM(driverPath);
176 | 		}
177 | 		if (!name) {
178 | 			MISPARM(name);
179 | 		}
180 | 
181 | 		path 
182 | 			tmpdir,
183 | 			nameP			= name,
184 | 			driverP			= absolute(driverPath),
185 | 			driver			= driverP;
186 | 
187 | 		if (!exists(driver) || is_directory(driver)) {
188 | 			cout << format("[x] Driver files not found! {}\n", driver.string());
189 | 			goto EXIT;
190 | 		}
191 | 
192 | 		if (watch) {
193 | 			if (!tempdir(tmpdir, "kernelLoader_")) {
194 | 				cout << "[x] Unable to create temporary directory.\n";
195 | 				goto EXIT;
196 | 			}
197 | 			driver = tmpdir / path(driver.filename());
198 | 			overwrite = 1;
199 | 		}
200 | 
201 | 		SC_HANDLE manager;
202 | 
203 | 		if (!SCManager(&manager))
204 | 			goto EXIT;
205 | 
206 | 		bool first = 1, remv = 0;
207 | 	LOAD__:
208 | 		if (watch) {
209 | 			if (!first && !DeleteDriver(nameP, &manager, 1)) {
210 | 				cout << "[x] Cannot delete driver.\n";
211 | 				goto LOAD_EXIT;
212 | 			}
213 | 			copy(
214 | 				driverP,
215 | 				driver,
216 | 				copy_options::overwrite_existing
217 | 			);
218 | 			system("cls");
219 | 			first = 0;
220 | 		}
221 | 
222 | 		if (LoadDriver(
223 | 			driver,
224 | 			nameP,
225 | 			nameP,
226 | 			0,
227 | 			overwrite
228 | 		))
229 | 			cout << format("[+] {} driver loaded successfully.\n", name);
230 | 		else
231 | 			cout << format("[x] Failed to load driver {}\n", name);
232 | 
233 | 		if (watch) {
234 | 		WATCH_H:
235 | 			cout << format(
236 | 				"\n"
237 | 				"[*] Press the 'R' key to reload the driver.\n"
238 | 				"    Press the 'S' key to print the service status.\n"
239 | 				"    Press the 'Q' key to exit the loop.\n"
240 | 				"    Press the 'X' key to delete the driver and exit the loop.\n"
241 | 				"\n{}: ",
242 | 				NowTime()
243 | 			);
244 | 
245 | 			int ch = toupper(_getch());
246 | 			cout << "\n";
247 | 			
248 | 			if (ch == 'R')
249 | 				goto LOAD__;
250 | 			if (ch == 'S') {
251 | 				system("cls");
252 | 				PrintStatus(nameP, &manager);
253 | 				goto WATCH_H;
254 | 			}
255 | 			if (ch == 'Q') {
256 | 				cout << "[*] Exit!\n";
257 | 				goto LOAD_EXIT;
258 | 			}
259 | 			if (ch == 'X') {
260 | 				if (remv = DeleteDriver(
261 | 					path(name)
262 | 				)) 
263 | 					cout << "[+] Driver uninstalled successfully.\n";
264 | 
265 | 				goto LOAD_EXIT;
266 | 			}
267 | 
268 | 			system("cls");
269 | 			cout << "[-] Wrong command key\n";
270 | 			goto WATCH_H;
271 | 		}
272 | 
273 | 	LOAD_EXIT:
274 | 		CloseServiceHandle(manager);
275 | 		
276 | 		if (
277 | 			watch					&&
278 | 			remv					&&
279 | 			exists(driver)			&&
280 | 			!is_directory(driver)
281 | 		)
282 | 			remove(driver);
283 | 
284 | 		if (ignore_signatures) {
285 | 			cout << "[*] Uninstall services that ignore signatures of kernel drivers.\n";
286 | 			UseWind64("/u");
287 | 		}
288 | 
289 | 		remove_all(tmpdir);
290 | 	} else if (
291 | 		(argi = FindArgs("-u"))			!= -1 ||
292 | 		(argi = FindArgs("--unload"))	!= -1
293 | 	) {
294 | 		// unload
295 | 		auto name = GetValue(argi);
296 | 
297 | 		if (!name) {
298 | 			MISPARM(name);
299 | 		}
300 | 
301 | 		if (DeleteDriver(
302 | 			path(name)
303 | 		))
304 | 			cout << "[+] Driver uninstalled successfully.\n";
305 | 	} else if (!acok)
306 | 		goto SHOW_USAGE;
307 | 
308 | EXIT:
309 | 	return 0;
310 | }
311 | 


--------------------------------------------------------------------------------