├── KernelDriver.sln ├── KernelDriver ├── KernelDriver.inf ├── KernelDriver.vcxproj ├── KernelDriver.vcxproj.filters ├── KernelDriver.vcxproj.user ├── api.h ├── entry.c ├── functions.h ├── memory.h ├── structs.h └── x64 │ └── Release │ ├── KernelDriver.Build.CppClean.log │ ├── KernelDriver.inf │ ├── KernelDriver.log │ ├── KernelDriver.sys.recipe │ ├── KernelDriver.tlog │ ├── CL.command.1.tlog │ ├── CL.read.1.tlog │ ├── CL.write.1.tlog │ ├── Inf2Cat.command.1.tlog │ ├── KernelDriver.lastbuildstate │ ├── inf2cat-expand.20896.read.1.tlog │ ├── inf2cat-expand.20896.write.1.tlog │ ├── inf2cat-expand.read.1.tlog │ ├── inf2cat-expand.write.1.tlog │ ├── inf2cat.read.1.tlog │ ├── inf2cat.write.1.tlog │ ├── link.command.1.tlog │ ├── link.read.1.tlog │ ├── link.write.1.tlog │ ├── signtool.command.1.tlog │ ├── signtool.read.1.tlog │ ├── signtool.timestamp.1.tlog │ ├── signtool.write.1.tlog │ ├── stampinf.command.1.tlog │ ├── stampinf.read.1.tlog │ └── stampinf.write.1.tlog │ ├── entry.obj │ └── vc143.pdb ├── LICENSE ├── README.md └── x64 └── Release ├── KernelDriver.cer ├── KernelDriver.inf ├── KernelDriver.pdb └── KernelDriver ├── KernelDriver.inf ├── KernelDriver.sys └── kerneldriver.cat /KernelDriver.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.4.33122.133 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KernelDriver", "KernelDriver\KernelDriver.vcxproj", "{39F1CD83-B2D9-4694-A22B-7225F79DDF26}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|ARM64 = Debug|ARM64 11 | Debug|x64 = Debug|x64 12 | Release|ARM64 = Release|ARM64 13 | Release|x64 = Release|x64 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Debug|ARM64.ActiveCfg = Debug|ARM64 17 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Debug|ARM64.Build.0 = Debug|ARM64 18 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Debug|ARM64.Deploy.0 = Debug|ARM64 19 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Debug|x64.ActiveCfg = Debug|x64 20 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Debug|x64.Build.0 = Debug|x64 21 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Debug|x64.Deploy.0 = Debug|x64 22 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Release|ARM64.ActiveCfg = Release|ARM64 23 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Release|ARM64.Build.0 = Release|ARM64 24 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Release|ARM64.Deploy.0 = Release|ARM64 25 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Release|x64.ActiveCfg = Release|x64 26 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Release|x64.Build.0 = Release|x64 27 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26}.Release|x64.Deploy.0 = Release|x64 28 | EndGlobalSection 29 | GlobalSection(SolutionProperties) = preSolution 30 | HideSolutionNode = FALSE 31 | EndGlobalSection 32 | GlobalSection(ExtensibilityGlobals) = postSolution 33 | SolutionGuid = {52E94345-7382-4102-B1BF-AA4540461D7C} 34 | EndGlobalSection 35 | EndGlobal 36 | -------------------------------------------------------------------------------- /KernelDriver/KernelDriver.inf: -------------------------------------------------------------------------------- 1 | ; 2 | ; KernelDriver.inf 3 | ; 4 | 5 | [Version] 6 | Signature="$WINDOWS NT$" 7 | Class=USBDevice 8 | ClassGuid={88BAE032-5A81-49f0-BC3D-A4FF138216D6} 9 | Provider=%ManufacturerName% 10 | CatalogFile=KernelDriver.cat 11 | DriverVer= 12 | PnpLockDown=1 13 | 14 | [DestinationDirs] 15 | DefaultDestDir = 12 16 | KernelDriver_Device_CoInstaller_CopyFiles = 11 17 | 18 | [SourceDisksNames] 19 | 1 = %DiskName%,,,"" 20 | 21 | [SourceDisksFiles] 22 | KernelDriver.sys = 1,, 23 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames 24 | 25 | ;***************************************** 26 | ; Install Section 27 | ;***************************************** 28 | 29 | [Manufacturer] 30 | %ManufacturerName%=Standard,NT$ARCH$ 31 | 32 | [Standard.NT$ARCH$] 33 | %KernelDriver.DeviceDesc%=KernelDriver_Device, USB\VID_vvvv&PID_pppp 34 | 35 | [KernelDriver_Device.NT] 36 | CopyFiles=Drivers_Dir 37 | 38 | [Drivers_Dir] 39 | KernelDriver.sys 40 | 41 | [KernelDriver_Device.NT.HW] 42 | AddReg=KernelDriver_AddReg 43 | 44 | [KernelDriver_AddReg] 45 | ; By default, USBDevice class uses iProduct descriptor to name the device in 46 | ; Device Manager on Windows 8 and higher. 47 | ; Uncomment for this device to use %DeviceName% on Windows 8 and higher: 48 | ;HKR,,FriendlyName,,%KernelDriver.DeviceDesc% 49 | 50 | ;-------------- Service installation 51 | [KernelDriver_Device.NT.Services] 52 | AddService = KernelDriver,%SPSVCINST_ASSOCSERVICE%, KernelDriver_Service_Inst 53 | 54 | ; -------------- KernelDriver driver install sections 55 | [KernelDriver_Service_Inst] 56 | DisplayName = %KernelDriver.SVCDESC% 57 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER 58 | StartType = 3 ; SERVICE_DEMAND_START 59 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL 60 | ServiceBinary = %12%\KernelDriver.sys 61 | 62 | ; 63 | ;--- KernelDriver_Device Coinstaller installation ------ 64 | ; 65 | 66 | [KernelDriver_Device.NT.CoInstallers] 67 | AddReg=KernelDriver_Device_CoInstaller_AddReg 68 | CopyFiles=KernelDriver_Device_CoInstaller_CopyFiles 69 | 70 | [KernelDriver_Device_CoInstaller_AddReg] 71 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller" 72 | 73 | [KernelDriver_Device_CoInstaller_CopyFiles] 74 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll 75 | 76 | [KernelDriver_Device.NT.Wdf] 77 | KmdfService = KernelDriver, KernelDriver_wdfsect 78 | [KernelDriver_wdfsect] 79 | KmdfLibraryVersion = $KMDFVERSION$ 80 | 81 | [Strings] 82 | SPSVCINST_ASSOCSERVICE= 0x00000002 83 | ManufacturerName="" ;TODO: Replace with your manufacturer name 84 | ClassName="Universal Serial Bus devices" 85 | DiskName = "KernelDriver Installation Disk" 86 | KernelDriver.DeviceDesc = "KernelDriver Device" 87 | KernelDriver.SVCDESC = "KernelDriver Service" 88 | REG_MULTI_SZ = 0x00010000 89 | -------------------------------------------------------------------------------- /KernelDriver/KernelDriver.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | x64 7 | 8 | 9 | Release 10 | x64 11 | 12 | 13 | Debug 14 | ARM64 15 | 16 | 17 | Release 18 | ARM64 19 | 20 | 21 | 22 | 23 | 24 | 25 | {39F1CD83-B2D9-4694-A22B-7225F79DDF26} 26 | {8c0e3d8b-df43-455b-815a-4a0e72973bc6} 27 | v4.5 28 | 12.0 29 | Debug 30 | x64 31 | KernelDriver 32 | 10.0.22621.0 33 | 34 | 35 | WindowsKernelModeDriver10.0 36 | Driver 37 | KMDF 38 | Universal 39 | 40 | 41 | WindowsKernelModeDriver10.0 42 | Driver 43 | KMDF 44 | Universal 45 | 46 | 47 | WindowsKernelModeDriver10.0 48 | Driver 49 | KMDF 50 | Universal 51 | 52 | 53 | WindowsKernelModeDriver10.0 54 | Driver 55 | KMDF 56 | Universal 57 | 58 | 59 | 60 | Windows10 61 | true 62 | 63 | 64 | Windows10 65 | false 66 | 67 | 68 | Windows10 69 | true 70 | 71 | 72 | Windows10 73 | false 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | DbgengKernelDebugger 85 | 86 | 87 | DbgengKernelDebugger 88 | 89 | 90 | 91 | 92 | DbgengKernelDebugger 93 | 94 | 95 | DbgengKernelDebugger 96 | 97 | 98 | 99 | true 100 | true 101 | trace.h 102 | true 103 | 104 | 105 | sha256 106 | 107 | 108 | %(AdditionalDependencies);usbdex.lib;ntstrsafe.lib 109 | 110 | 111 | 112 | 113 | false 114 | true 115 | trace.h 116 | true 117 | stdcpp14 118 | Default 119 | false 120 | 121 | 122 | sha256 123 | 124 | 125 | %(AdditionalDependencies);usbdex.lib;ntstrsafe.lib 126 | RealDriverEntry 127 | 128 | 129 | 130 | 131 | true 132 | true 133 | trace.h 134 | true 135 | 136 | 137 | sha256 138 | 139 | 140 | %(AdditionalDependencies);usbdex.lib;ntstrsafe.lib 141 | 142 | 143 | 144 | 145 | true 146 | true 147 | trace.h 148 | true 149 | 150 | 151 | sha256 152 | 153 | 154 | %(AdditionalDependencies);usbdex.lib;ntstrsafe.lib 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | -------------------------------------------------------------------------------- /KernelDriver/KernelDriver.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {8E41214B-6785-4CFE-B992-037D68949A14} 18 | inf;inv;inx;mof;mc; 19 | 20 | 21 | 22 | 23 | Driver Files 24 | 25 | 26 | 27 | 28 | Source Files 29 | 30 | 31 | 32 | 33 | Header Files 34 | 35 | 36 | Header Files 37 | 38 | 39 | Header Files 40 | 41 | 42 | Header Files 43 | 44 | 45 | -------------------------------------------------------------------------------- /KernelDriver/KernelDriver.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /KernelDriver/api.h: -------------------------------------------------------------------------------- 1 | #define _STDINT 2 | 3 | #ifndef RC_INVOKED 4 | typedef signed char int8_t; 5 | typedef short int16_t; 6 | typedef int int32_t; 7 | typedef long long int64_t; 8 | typedef unsigned char uint8_t; 9 | typedef unsigned short uint16_t; 10 | typedef unsigned int uint32_t; 11 | typedef unsigned long long uint64_t; 12 | 13 | typedef signed char int_least8_t; 14 | typedef short int_least16_t; 15 | typedef int int_least32_t; 16 | typedef long long int_least64_t; 17 | typedef unsigned char uint_least8_t; 18 | typedef unsigned short uint_least16_t; 19 | typedef unsigned int uint_least32_t; 20 | typedef unsigned long long uint_least64_t; 21 | 22 | typedef signed char int_fast8_t; 23 | typedef int int_fast16_t; 24 | typedef int int_fast32_t; 25 | typedef long long int_fast64_t; 26 | typedef unsigned char uint_fast8_t; 27 | typedef unsigned int uint_fast16_t; 28 | typedef unsigned int uint_fast32_t; 29 | typedef unsigned long long uint_fast64_t; 30 | 31 | typedef long long intmax_t; 32 | typedef unsigned long long uintmax_t; 33 | 34 | // These macros must exactly match those in the Windows SDK's intsafe.h. 35 | #define INT8_MIN (-127i8 - 1) 36 | #define INT16_MIN (-32767i16 - 1) 37 | #define INT32_MIN (-2147483647i32 - 1) 38 | #define INT64_MIN (-9223372036854775807i64 - 1) 39 | #define INT8_MAX 127i8 40 | #define INT16_MAX 32767i16 41 | #define INT32_MAX 2147483647i32 42 | #define INT64_MAX 9223372036854775807i64 43 | #define UINT8_MAX 0xffui8 44 | #define UINT16_MAX 0xffffui16 45 | #define UINT32_MAX 0xffffffffui32 46 | #define UINT64_MAX 0xffffffffffffffffui64 47 | 48 | #define INT_LEAST8_MIN INT8_MIN 49 | #define INT_LEAST16_MIN INT16_MIN 50 | #define INT_LEAST32_MIN INT32_MIN 51 | #define INT_LEAST64_MIN INT64_MIN 52 | #define INT_LEAST8_MAX INT8_MAX 53 | #define INT_LEAST16_MAX INT16_MAX 54 | #define INT_LEAST32_MAX INT32_MAX 55 | #define INT_LEAST64_MAX INT64_MAX 56 | #define UINT_LEAST8_MAX UINT8_MAX 57 | #define UINT_LEAST16_MAX UINT16_MAX 58 | #define UINT_LEAST32_MAX UINT32_MAX 59 | #define UINT_LEAST64_MAX UINT64_MAX 60 | 61 | #define INT_FAST8_MIN INT8_MIN 62 | #define INT_FAST16_MIN INT32_MIN 63 | #define INT_FAST32_MIN INT32_MIN 64 | #define INT_FAST64_MIN INT64_MIN 65 | #define INT_FAST8_MAX INT8_MAX 66 | #define INT_FAST16_MAX INT32_MAX 67 | #define INT_FAST32_MAX INT32_MAX 68 | #define INT_FAST64_MAX INT64_MAX 69 | #define UINT_FAST8_MAX UINT8_MAX 70 | #define UINT_FAST16_MAX UINT32_MAX 71 | #define UINT_FAST32_MAX UINT32_MAX 72 | #define UINT_FAST64_MAX UINT64_MAX 73 | 74 | #ifdef _WIN64 75 | #define INTPTR_MIN INT64_MIN 76 | #define INTPTR_MAX INT64_MAX 77 | #define UINTPTR_MAX UINT64_MAX 78 | #else 79 | #define INTPTR_MIN INT32_MIN 80 | #define INTPTR_MAX INT32_MAX 81 | #define UINTPTR_MAX UINT32_MAX 82 | #endif 83 | 84 | #define INTMAX_MIN INT64_MIN 85 | #define INTMAX_MAX INT64_MAX 86 | #define UINTMAX_MAX UINT64_MAX 87 | 88 | #define PTRDIFF_MIN INTPTR_MIN 89 | #define PTRDIFF_MAX INTPTR_MAX 90 | 91 | #ifndef SIZE_MAX 92 | #define SIZE_MAX UINTPTR_MAX 93 | #endif 94 | 95 | #define SIG_ATOMIC_MIN INT32_MIN 96 | #define SIG_ATOMIC_MAX INT32_MAX 97 | 98 | #define WCHAR_MIN 0x0000 99 | #define WCHAR_MAX 0xffff 100 | 101 | #define WINT_MIN 0x0000 102 | #define WINT_MAX 0xffff 103 | 104 | #define INT8_C(x) (x) 105 | #define INT16_C(x) (x) 106 | #define INT32_C(x) (x) 107 | #define INT64_C(x) (x ## LL) 108 | 109 | #define UINT8_C(x) (x) 110 | #define UINT16_C(x) (x) 111 | #define UINT32_C(x) (x ## U) 112 | #define UINT64_C(x) (x ## ULL) 113 | 114 | #define INTMAX_C(x) INT64_C(x) 115 | #define UINTMAX_C(x) UINT64_C(x) 116 | 117 | #endif // RC_INVOKED -------------------------------------------------------------------------------- /KernelDriver/entry.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | 5 | #include "api.h" 6 | #include "structs.h" 7 | #include 8 | #include "functions.h" 9 | #include "memory.h" 10 | 11 | NTKERNELAPI 12 | NTSTATUS 13 | IoCreateDriver( 14 | IN PUNICODE_STRING DriverName, OPTIONAL 15 | IN PDRIVER_INITIALIZE InitializationFunction 16 | ); 17 | // IOCTLS: 18 | #define IOCTL_READ_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x001, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 19 | #define IOCTL_WRITE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x002, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 20 | #define IOCTL_GUARDEDREGION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x003, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 21 | #define IOCTL_BASE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x004, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 22 | 23 | //DRIVER NAME: 24 | 25 | #define drv_device L"\\Device\\VANISHED" 26 | #define drv_dos_device L"\\DosDevices\\VANISHED" 27 | #define drv L"\\Driver\\VANISHED" 28 | 29 | 30 | // predeclared functions: 31 | NTSTATUS MajorFunctionClose(PDEVICE_OBJECT DeviceObject, PIRP Irp); 32 | NTSTATUS MajorFunctionCreate(PDEVICE_OBJECT DeviceObject, PIRP Irp); 33 | NTSTATUS UnloadDriver(PDRIVER_OBJECT pDriverObject); 34 | NTSTATUS CreateCall(PDEVICE_OBJECT DeviceObject, PIRP irp); 35 | NTSTATUS CloseCall(PDEVICE_OBJECT DeviceObject, PIRP irp); 36 | 37 | // first declare the device name and driver name for var usage: 38 | PDEVICE_OBJECT pDeviceObject; 39 | UNICODE_STRING deviceName; 40 | UNICODE_STRING dosName; 41 | 42 | // handle all of the codes here: 43 | NTSTATUS IoControl(PDEVICE_OBJECT DeviceObject, PIRP Irp) { 44 | 45 | ULONG BytesIO = 0; 46 | NTSTATUS finalStatus = STATUS_UNSUCCESSFUL; 47 | PIO_STACK_LOCATION currentStack = IoGetCurrentIrpStackLocation(Irp); 48 | ULONG controlCode = currentStack->Parameters.DeviceIoControl.IoControlCode; 49 | 50 | if (controlCode == IOCTL_READ_REQUEST) { 51 | size_t memsize = 0; 52 | readRequest ReadInput = (readRequest)Irp->AssociatedIrp.SystemBuffer; 53 | if (ReadInput->SourceProcessID == 0 || ReadInput->SourceAddress == 0) return STATUS_UNSUCCESSFUL; 54 | ReadProcessMemory(ReadInput->SourceProcessID, (void*)ReadInput->SourceAddress, (void*)ReadInput->ReturnAddress, ReadInput->Size, &memsize); 55 | finalStatus = STATUS_SUCCESS; 56 | BytesIO = sizeof(read); 57 | } 58 | else if (controlCode == IOCTL_WRITE_REQUEST) { 59 | size_t memsize = 0; 60 | writeRequest ReadInput = (writeRequest)Irp->AssociatedIrp.SystemBuffer; 61 | if (ReadInput->SourceProcessID == 0 || ReadInput->SourceAddress == 0) return STATUS_UNSUCCESSFUL; 62 | WriteProcessMemory(ReadInput->SourceProcessID, (void*)ReadInput->SourceAddress, (void*)ReadInput->ReturnAddress, ReadInput->Size, &memsize); 63 | finalStatus = STATUS_SUCCESS; 64 | BytesIO = sizeof(write); 65 | } 66 | else if (controlCode == IOCTL_BASE_REQUEST) { 67 | 68 | PEPROCESS process = NULL; 69 | baseRequest ReadInput = (baseRequest)Irp->AssociatedIrp.SystemBuffer; 70 | if (ReadInput->TargetProcessID == 0) { 71 | return STATUS_UNSUCCESSFUL; 72 | } 73 | NTSTATUS status = PsLookupProcessByProcessId((HANDLE)ReadInput->TargetProcessID, &process); 74 | if (status == STATUS_UNSUCCESSFUL) { 75 | return STATUS_UNSUCCESSFUL; 76 | } 77 | uint64_t baseaddy = PsGetProcessSectionBaseAddress(process); 78 | ObDereferenceObject(process); 79 | if (!baseaddy) { 80 | ObDereferenceObject(process); 81 | return STATUS_UNSUCCESSFUL; 82 | } 83 | ReadInput->ReturnAddress = baseaddy; 84 | finalStatus = STATUS_SUCCESS; 85 | BytesIO = sizeof(baseAddress); 86 | } 87 | else if (controlCode == IOCTL_GUARDEDREGION) { 88 | 89 | guardedRequest ReadInput = (guardedRequest)Irp->AssociatedIrp.SystemBuffer; 90 | 91 | uint64_t GuardedRegion = find_guarded_region(); 92 | if (!GuardedRegion) return STATUS_UNSUCCESSFUL; 93 | 94 | ReadInput->GuardedRegion = GuardedRegion; 95 | 96 | finalStatus = STATUS_SUCCESS; 97 | BytesIO = sizeof(guardedRegion); 98 | 99 | } 100 | else { 101 | finalStatus = STATUS_INVALID_PARAMETER; 102 | BytesIO = 0; 103 | } 104 | 105 | Irp->IoStatus.Status = finalStatus; 106 | Irp->IoStatus.Information = BytesIO; 107 | IoCompleteRequest(Irp, IO_NO_INCREMENT); 108 | return finalStatus; 109 | } 110 | 111 | // MAKE DRIVER HERE FOR KDMAPPER: 112 | NTSTATUS init(PDRIVER_OBJECT driver, PUNICODE_STRING path) { 113 | // make the device ins: 114 | RtlInitUnicodeString(&deviceName, drv_device); 115 | RtlInitUnicodeString(&dosName, drv_dos_device); 116 | 117 | // create device 118 | // IoCreateDevice(driver, 0, &deviceName, 0x22u, 0, 1u, &pDeviceObject); 119 | IoCreateDevice(driver, 0, &deviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject); 120 | // create symbolic link: 121 | IoCreateSymbolicLink(&dosName, &deviceName); 122 | 123 | // assign all major functions to driver: 124 | driver->MajorFunction[IRP_MJ_DEVICE_CONTROL] = IoControl; 125 | driver->MajorFunction[IRP_MJ_CREATE] = CreateCall; 126 | driver->MajorFunction[IRP_MJ_CLOSE] = CloseCall; 127 | driver->DriverUnload = UnloadDriver; 128 | 129 | //pDeviceObject->Flags |= DO_DIRECT_IO; 130 | //pDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING; 131 | return STATUS_SUCCESS; 132 | } 133 | 134 | NTSTATUS RealDriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegsitryPath) { 135 | // kdmapper does not allow the driver to be created in driver entry. 136 | NTSTATUS status; 137 | UNICODE_STRING drv_name; 138 | 139 | RtlInitUnicodeString(&drv_name, drv); 140 | // make driver here: 141 | return IoCreateDriver(&drv_name, &init); 142 | 143 | } 144 | NTSTATUS UnloadDriver(PDRIVER_OBJECT pDriverObject) { 145 | 146 | IoDeleteSymbolicLink(&dosName); 147 | IoDeleteDevice(pDriverObject->DeviceObject); 148 | } 149 | NTSTATUS CloseCall(PDEVICE_OBJECT DeviceObject, PIRP irp) 150 | { 151 | irp->IoStatus.Status = STATUS_SUCCESS; 152 | irp->IoStatus.Information = 0; 153 | 154 | IoCompleteRequest(irp, IO_NO_INCREMENT); 155 | return STATUS_SUCCESS; 156 | } 157 | NTSTATUS CreateCall(PDEVICE_OBJECT DeviceObject, PIRP irp) 158 | { 159 | irp->IoStatus.Status = STATUS_SUCCESS; 160 | irp->IoStatus.Information = 0; 161 | 162 | IoCompleteRequest(irp, IO_NO_INCREMENT); 163 | return STATUS_SUCCESS; 164 | } 165 | -------------------------------------------------------------------------------- /KernelDriver/functions.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | NTKERNELAPI 3 | NTSTATUS 4 | PsLookupProcessByProcessId( 5 | IN HANDLE ProcessId, 6 | OUT PEPROCESS* Process 7 | ); 8 | 9 | 10 | NTKERNELAPI 11 | PVOID PsGetProcessSectionBaseAddress( 12 | IN PEPROCESS Process 13 | ); 14 | 15 | __declspec(dllimport) NTSTATUS __stdcall ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, void*, unsigned long, unsigned long*); -------------------------------------------------------------------------------- /KernelDriver/memory.h: -------------------------------------------------------------------------------- 1 | //https://ntdiff.github.io/ 2 | #define WINDOWS_1803 17134 3 | #define WINDOWS_1809 17763 4 | #define WINDOWS_1903 18362 5 | #define WINDOWS_1909 18363 6 | #define WINDOWS_2004 19041 7 | #define WINDOWS_20H2 19569 8 | #define WINDOWS_21H1 20180 9 | 10 | typedef unsigned long DWORD; 11 | 12 | DWORD GetUserDirectoryTableBaseOffset() 13 | { 14 | RTL_OSVERSIONINFOW ver = { 0 }; 15 | RtlGetVersion(&ver); 16 | 17 | switch (ver.dwBuildNumber) 18 | { 19 | case WINDOWS_1803: 20 | return 0x0278; 21 | break; 22 | case WINDOWS_1809: 23 | return 0x0278; 24 | break; 25 | case WINDOWS_1903: 26 | return 0x0280; 27 | break; 28 | case WINDOWS_1909: 29 | return 0x0280; 30 | break; 31 | case WINDOWS_2004: 32 | return 0x0388; 33 | break; 34 | case WINDOWS_20H2: 35 | return 0x0388; 36 | break; 37 | case WINDOWS_21H1: 38 | return 0x0388; 39 | break; 40 | default: 41 | return 0x0388; 42 | } 43 | } 44 | 45 | //check normal dirbase if 0 then get from UserDirectoryTableBas 46 | ULONG_PTR GetProcessCr3(PEPROCESS pProcess) 47 | { 48 | PUCHAR process = (PUCHAR)pProcess; 49 | ULONG_PTR process_dirbase = *(PULONG_PTR)(process + 0x28); //dirbase x64, 32bit is 0x18 50 | if (process_dirbase == 0) 51 | { 52 | DWORD UserDirOffset = GetUserDirectoryTableBaseOffset(); 53 | ULONG_PTR process_userdirbase = *(PULONG_PTR)(process + UserDirOffset); 54 | return process_userdirbase; 55 | } 56 | return process_dirbase; 57 | } 58 | 59 | 60 | NTSTATUS ReadPhysicalAddress(PVOID TargetAddress, PVOID lpBuffer, SIZE_T Size, SIZE_T* BytesRead) 61 | { 62 | MM_COPY_ADDRESS AddrToRead = { 0 }; 63 | AddrToRead.PhysicalAddress.QuadPart = TargetAddress; 64 | return MmCopyMemory(lpBuffer, AddrToRead, Size, MM_COPY_MEMORY_PHYSICAL, BytesRead); 65 | } 66 | 67 | #define PAGE_OFFSET_SIZE 12 68 | static const uint64_t PMASK = (~0xfull << 8) & 0xfffffffffull; 69 | 70 | uint64_t TranslateLinearAddress(uint64_t directoryTableBase, uint64_t virtualAddress) { 71 | directoryTableBase &= ~0xf; 72 | 73 | uint64_t pageOffset = virtualAddress & ~(~0ul << PAGE_OFFSET_SIZE); 74 | uint64_t pte = ((virtualAddress >> 12) & (0x1ffll)); 75 | uint64_t pt = ((virtualAddress >> 21) & (0x1ffll)); 76 | uint64_t pd = ((virtualAddress >> 30) & (0x1ffll)); 77 | uint64_t pdp = ((virtualAddress >> 39) & (0x1ffll)); 78 | 79 | SIZE_T readsize = 0; 80 | uint64_t pdpe = 0; 81 | ReadPhysicalAddress(directoryTableBase + 8 * pdp, &pdpe, sizeof(pdpe), &readsize); 82 | if (~pdpe & 1) 83 | return 0; 84 | 85 | uint64_t pde = 0; 86 | ReadPhysicalAddress((pdpe & PMASK) + 8 * pd, &pde, sizeof(pde), &readsize); 87 | if (~pde & 1) 88 | return 0; 89 | 90 | /* 1GB large page, use pde's 12-34 bits */ 91 | if (pde & 0x80) 92 | return (pde & (~0ull << 42 >> 12)) + (virtualAddress & ~(~0ull << 30)); 93 | 94 | uint64_t pteAddr = 0; 95 | ReadPhysicalAddress((pde & PMASK) + 8 * pt, &pteAddr, sizeof(pteAddr), &readsize); 96 | if (~pteAddr & 1) 97 | return 0; 98 | 99 | /* 2MB large page */ 100 | if (pteAddr & 0x80) 101 | return (pteAddr & PMASK) + (virtualAddress & ~(~0ull << 21)); 102 | 103 | virtualAddress = 0; 104 | ReadPhysicalAddress((pteAddr & PMASK) + 8 * pte, &virtualAddress, sizeof(virtualAddress), &readsize); 105 | virtualAddress &= PMASK; 106 | 107 | if (!virtualAddress) 108 | return 0; 109 | 110 | return virtualAddress + pageOffset; 111 | } 112 | 113 | 114 | NTSTATUS ReadProcessMemory(int pid, PVOID Address, PVOID AllocatedBuffer, SIZE_T size, SIZE_T* read) 115 | { 116 | PEPROCESS pProcess = NULL; 117 | if (pid == 0) return STATUS_UNSUCCESSFUL; 118 | 119 | NTSTATUS NtRet = PsLookupProcessByProcessId(pid, &pProcess); 120 | if (NtRet != STATUS_SUCCESS) return NtRet; 121 | 122 | ULONG_PTR process_dirbase = GetProcessCr3(pProcess); 123 | ObDereferenceObject(pProcess); 124 | 125 | SIZE_T CurOffset = 0; 126 | SIZE_T TotalSize = size; 127 | while (TotalSize) 128 | { 129 | uint64_t CurPhysAddr = TranslateLinearAddress(process_dirbase, (ULONG64)Address + CurOffset); 130 | if (!CurPhysAddr) return STATUS_UNSUCCESSFUL; 131 | 132 | ULONG64 ReadSize = min(PAGE_SIZE - (CurPhysAddr & 0xFFF), TotalSize); 133 | SIZE_T BytesRead = 0; 134 | NtRet = ReadPhysicalAddress(CurPhysAddr, (PVOID)((ULONG64)AllocatedBuffer + CurOffset), ReadSize, &BytesRead); 135 | TotalSize -= BytesRead; 136 | CurOffset += BytesRead; 137 | 138 | if (BytesRead == 0) break; 139 | } 140 | 141 | *read = CurOffset; 142 | return NtRet; 143 | } 144 | 145 | //MmMapIoSpaceEx limit is page 4096 byte 146 | NTSTATUS WritePhysicalAddress(PVOID TargetAddress, PVOID lpBuffer, SIZE_T Size, SIZE_T* BytesWritten) 147 | { 148 | if (!TargetAddress) 149 | return STATUS_UNSUCCESSFUL; 150 | 151 | PHYSICAL_ADDRESS AddrToWrite = { 0 }; 152 | AddrToWrite.QuadPart = TargetAddress; 153 | 154 | PVOID pmapped_mem = MmMapIoSpaceEx(AddrToWrite, Size, PAGE_READWRITE); 155 | 156 | if (!pmapped_mem) 157 | return STATUS_UNSUCCESSFUL; 158 | 159 | memcpy(pmapped_mem, lpBuffer, Size); 160 | 161 | *BytesWritten = Size; 162 | MmUnmapIoSpace(pmapped_mem, Size); 163 | return STATUS_SUCCESS; 164 | } 165 | 166 | NTSTATUS WriteProcessMemory(int pid, PVOID Address, PVOID AllocatedBuffer, SIZE_T size, SIZE_T* written) 167 | { 168 | PEPROCESS pProcess = NULL; 169 | if (pid == 0) return STATUS_UNSUCCESSFUL; 170 | 171 | NTSTATUS NtRet = PsLookupProcessByProcessId(pid, &pProcess); 172 | if (NtRet != STATUS_SUCCESS) return NtRet; 173 | 174 | ULONG_PTR process_dirbase = GetProcessCr3(pProcess); 175 | ObDereferenceObject(pProcess); 176 | 177 | SIZE_T CurOffset = 0; 178 | SIZE_T TotalSize = size; 179 | while (TotalSize) 180 | { 181 | uint64_t CurPhysAddr = TranslateLinearAddress(process_dirbase, (ULONG64)Address + CurOffset); 182 | if (!CurPhysAddr) return STATUS_UNSUCCESSFUL; 183 | 184 | ULONG64 WriteSize = min(PAGE_SIZE - (CurPhysAddr & 0xFFF), TotalSize); 185 | SIZE_T BytesWritten = 0; 186 | NtRet = WritePhysicalAddress(CurPhysAddr, (PVOID)((ULONG64)AllocatedBuffer + CurOffset), WriteSize, &BytesWritten); 187 | TotalSize -= BytesWritten; 188 | CurOffset += BytesWritten; 189 | 190 | if (BytesWritten == 0) break; 191 | } 192 | 193 | *written = CurOffset; 194 | return NtRet; 195 | } 196 | 197 | UINT_PTR find_guarded_region() 198 | { 199 | PSYSTEM_BIGPOOL_INFORMATION pool_information = 0; 200 | 201 | ULONG information_length = 0; 202 | NTSTATUS status = ZwQuerySystemInformation(system_bigpool_information, &information_length, 0, &information_length); 203 | 204 | while (status == STATUS_INFO_LENGTH_MISMATCH) 205 | { 206 | if (pool_information) 207 | ExFreePool(pool_information); 208 | 209 | pool_information = (PSYSTEM_BIGPOOL_INFORMATION)ExAllocatePool(NonPagedPool, information_length); 210 | status = ZwQuerySystemInformation(system_bigpool_information, pool_information, information_length, &information_length); 211 | } 212 | UINT_PTR saved_virtual_address = 0; 213 | 214 | if (pool_information) 215 | { 216 | for (ULONG i = 0; i < pool_information->Count; i++) 217 | { 218 | SYSTEM_BIGPOOL_ENTRY* allocation_entry = &pool_information->AllocatedInfo[i]; 219 | 220 | UINT_PTR virtual_address = (UINT_PTR)allocation_entry->VirtualAddress & ~1ull; 221 | 222 | if (allocation_entry->NonPaged && allocation_entry->SizeInBytes == 0x200000) 223 | { 224 | if (saved_virtual_address == 0 && allocation_entry->TagUlong == 'TnoC') { 225 | saved_virtual_address = virtual_address; 226 | } 227 | 228 | 229 | } 230 | } 231 | 232 | ExFreePool(pool_information); 233 | } 234 | //dbg("Return %llX", saved_virtual_address); 235 | return saved_virtual_address; 236 | } 237 | 238 | typedef struct _SYSTEM_PROCESS_INFORMATION 239 | { 240 | ULONG NextEntryOffset; 241 | ULONG NumberOfThreads; 242 | LARGE_INTEGER SpareLi1; 243 | LARGE_INTEGER SpareLi2; 244 | LARGE_INTEGER SpareLi3; 245 | LARGE_INTEGER CreateTime; 246 | LARGE_INTEGER UserTime; 247 | LARGE_INTEGER KernelTime; 248 | UNICODE_STRING ImageName; 249 | KPRIORITY BasePriority; 250 | HANDLE UniqueProcessId; 251 | HANDLE InheritedFromUniqueProcessId; 252 | ULONG HandleCount; 253 | ULONG SessionId; 254 | ULONG_PTR PageDirectoryBase; 255 | SIZE_T PeakVirtualSize; 256 | SIZE_T VirtualSize; 257 | ULONG PageFaultCount; 258 | SIZE_T PeakWorkingSetSize; 259 | SIZE_T WorkingSetSize; 260 | SIZE_T QuotaPeakPagedPoolUsage; 261 | SIZE_T QuotaPagedPoolUsage; 262 | SIZE_T QuotaPeakNonPagedPoolUsage; 263 | SIZE_T QuotaNonPagedPoolUsage; 264 | SIZE_T PagefileUsage; 265 | SIZE_T PeakPagefileUsage; 266 | SIZE_T PrivatePageCount; 267 | LARGE_INTEGER ReadOperationCount; 268 | LARGE_INTEGER WriteOperationCount; 269 | LARGE_INTEGER OtherOperationCount; 270 | LARGE_INTEGER ReadTransferCount; 271 | LARGE_INTEGER WriteTransferCount; 272 | LARGE_INTEGER OtherTransferCount; 273 | } SYSTEM_PROCESS_INFORMATION, * PSYSTEM_PROCESS_INFORMATION;; 274 | /* 275 | DWORD64 GetProcessIdFromName(PWCHAR ProcName) { 276 | NTSTATUS result; 277 | PVOID infoBuffer = NULL; 278 | PSYSTEM_PROCESS_INFORMATION procSysInfo = NULL; 279 | ULONG retLen = 0; 280 | DWORD64 retVal = 0; 281 | 282 | result = ZwQuerySystemInformation(system_process_information, NULL, 0, &retLen); 283 | if (!retLen || result != 0xC0000004) { 284 | return 0; 285 | } 286 | 287 | while (result == 0xC0000004) { 288 | retLen += 0x1000; 289 | infoBuffer = ExAllocatePool(NonPagedPoolNx, retLen); 290 | if (infoBuffer == NULL) { 291 | return 0; 292 | } 293 | 294 | result = ZwQuerySystemInformation(system_process_information, infoBuffer, retLen, &retLen); 295 | if (!NT_SUCCESS(result)) { 296 | ExFreePool(infoBuffer); 297 | infoBuffer = NULL; 298 | } 299 | } 300 | 301 | if (!NT_SUCCESS(result)) { 302 | return 0; 303 | } 304 | 305 | procSysInfo = (PSYSTEM_PROCESS_INFORMATION)infoBuffer; 306 | 307 | while (procSysInfo) { 308 | if (procSysInfo->ImageName.Buffer != NULL) { 309 | if (wcsicmp(procSysInfo->ImageName.Buffer, ProcName, TRUE) || wcsstr(procSysInfo->ImageName.Buffer, ProcName) != 0) { 310 | retVal = (DWORD64)procSysInfo->UniqueProcessId; 311 | break; 312 | } 313 | } 314 | 315 | procSysInfo = procSysInfo->NextEntryOffset ? (PSYSTEM_PROCESS_INFORMATION)((PBYTE)procSysInfo + procSysInfo->NextEntryOffset) : NULL; 316 | } 317 | 318 | ExFreePool(infoBuffer); 319 | return retVal; 320 | }*/ -------------------------------------------------------------------------------- /KernelDriver/structs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #pragma warning (disable: 4100) 3 | 4 | typedef struct __readRequests 5 | { 6 | int SourceProcessID; // source PID 7 | uint64_t SourceAddress; // where to read from 8 | uint64_t ReturnAddress; // what to return to user 9 | size_t Size; //size of the buffer 10 | 11 | } read, * readRequest; 12 | 13 | typedef struct __writeRequests 14 | { 15 | int SourceProcessID; // source of where to write to 16 | uint64_t SourceAddress; // source to where write 17 | uint64_t ReturnAddress; // what to write 18 | size_t Size; // size 19 | 20 | } write, * writeRequest; 21 | 22 | typedef struct __base 23 | { 24 | int TargetProcessID; //target process 25 | uint64_t ReturnAddress; // the baseaddress it gest 26 | uint64_t GuardedRegion; // the GR 27 | 28 | } baseAddress, * baseRequest; 29 | 30 | typedef struct __guardedRegion 31 | { 32 | uint64_t GuardedRegion; 33 | 34 | } guardedRegion, * guardedRequest; 35 | 36 | typedef struct _SYSTEM_BIGPOOL_ENTRY 37 | { 38 | union { 39 | PVOID VirtualAddress; 40 | ULONG_PTR NonPaged : 1; 41 | }; 42 | ULONG_PTR SizeInBytes; 43 | union { 44 | UCHAR Tag[4]; 45 | ULONG TagUlong; 46 | }; 47 | } SYSTEM_BIGPOOL_ENTRY, * PSYSTEM_BIGPOOL_ENTRY; 48 | 49 | //from http://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/bigpool.htm 50 | typedef struct _SYSTEM_BIGPOOL_INFORMATION { 51 | ULONG Count; 52 | SYSTEM_BIGPOOL_ENTRY AllocatedInfo[ANYSIZE_ARRAY]; 53 | } SYSTEM_BIGPOOL_INFORMATION, * PSYSTEM_BIGPOOL_INFORMATION; 54 | 55 | typedef enum _SYSTEM_INFORMATION_CLASS 56 | { 57 | system_basic_information, 58 | system_processor_information, 59 | system_performance_information, 60 | system_time_of_day_information, 61 | system_path_information, 62 | system_process_information, 63 | system_call_count_information, 64 | system_device_information, 65 | system_processor_performance_information, 66 | system_flags_information, 67 | system_call_time_information, 68 | system_module_information, 69 | system_locks_information, 70 | system_stack_trace_information, 71 | system_paged_pool_information, 72 | system_non_paged_pool_information, 73 | system_handle_information, 74 | system_object_information, 75 | system_page_file_information, 76 | system_vdm_instemul_information, 77 | system_vdm_bop_information, 78 | system_file_cache_information, 79 | system_pool_tag_information, 80 | system_interrupt_information, 81 | system_dpc_behavior_information, 82 | system_full_memory_information, 83 | system_load_gdi_driver_information, 84 | system_unload_gdi_driver_information, 85 | system_time_adjustment_information, 86 | system_summary_memory_information, 87 | system_next_event_id_information, 88 | system_event_ids_information, 89 | system_crash_dump_information, 90 | system_exception_information, 91 | system_crash_dump_state_information, 92 | system_kernel_debugger_information, 93 | system_context_switch_information, 94 | system_registry_quota_information, 95 | system_extend_service_table_information, 96 | system_priority_seperation, 97 | system_plug_play_bus_information, 98 | system_dock_information, 99 | system_processor_speed_information, 100 | system_current_time_zone_information, 101 | system_lookaside_information, 102 | system_bigpool_information = 0x42 103 | } SYSTEM_INFORMATION_CLASS, * PSYSTEM_INFORMATION_CLASS; -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.Build.CppClean.log: -------------------------------------------------------------------------------- 1 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\vc143.pdb 2 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\entry.obj 3 | c:\users\16026\desktop\release\kernel driver\kerneldriver\x64\release\kerneldriver\kerneldriver.cat 4 | c:\users\16026\desktop\release\kernel driver\kerneldriver\x64\release\kerneldriver.sys 5 | c:\users\16026\desktop\release\kernel driver\kerneldriver\x64\release\kerneldriver.pdb 6 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.inf 7 | c:\users\16026\desktop\release\kernel driver\kerneldriver\x64\release\kerneldriver.cer 8 | c:\users\16026\desktop\release\kernel driver\kerneldriver\x64\release\kerneldriver.inf 9 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\cl.command.1.tlog 10 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\cl.read.1.tlog 11 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\cl.write.1.tlog 12 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.15904.read.1.tlog 13 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.15904.write.1.tlog 14 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.17992.read.1.tlog 15 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.17992.write.1.tlog 16 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.22936.read.1.tlog 17 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.22936.write.1.tlog 18 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.24652.read.1.tlog 19 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.24652.write.1.tlog 20 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.27372.read.1.tlog 21 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.27372.write.1.tlog 22 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.read.1.tlog 23 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat-expand.write.1.tlog 24 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat.command.1.tlog 25 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat.read.1.tlog 26 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\inf2cat.write.1.tlog 27 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\link.command.1.tlog 28 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\link.read.1.tlog 29 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\link.write.1.tlog 30 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\signtool.command.1.tlog 31 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\signtool.read.1.tlog 32 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\signtool.timestamp.1.tlog 33 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\signtool.write.1.tlog 34 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\stampinf.command.1.tlog 35 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\stampinf.read.1.tlog 36 | c:\users\16026\desktop\release\kernel driver\kerneldriver\kerneldriver\x64\release\kerneldriver.tlog\stampinf.write.1.tlog 37 | -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.inf: -------------------------------------------------------------------------------- 1 | ; 2 | ; KernelDriver.inf 3 | ; 4 | 5 | [Version] 6 | Signature="$WINDOWS NT$" 7 | Class=USBDevice 8 | ClassGuid={88BAE032-5A81-49f0-BC3D-A4FF138216D6} 9 | Provider=%ManufacturerName% 10 | CatalogFile=KernelDriver.cat 11 | DriverVer = 01/04/2023,1.28.16.918 12 | PnpLockDown=1 13 | 14 | [DestinationDirs] 15 | DefaultDestDir = 12 16 | KernelDriver_Device_CoInstaller_CopyFiles = 11 17 | 18 | [SourceDisksNames] 19 | 1 = %DiskName%,,,"" 20 | 21 | [SourceDisksFiles] 22 | KernelDriver.sys = 1,, 23 | ; 24 | 25 | 26 | ;***************************************** 27 | ; Install Section 28 | ;***************************************** 29 | 30 | [Manufacturer] 31 | %ManufacturerName%=Standard,NTamd64 32 | 33 | [Standard.NTamd64] 34 | %KernelDriver.DeviceDesc%=KernelDriver_Device, USB\VID_vvvv&PID_pppp 35 | 36 | [KernelDriver_Device.NT] 37 | CopyFiles=Drivers_Dir 38 | 39 | [Drivers_Dir] 40 | KernelDriver.sys 41 | 42 | [KernelDriver_Device.NT.HW] 43 | AddReg=KernelDriver_AddReg 44 | 45 | [KernelDriver_AddReg] 46 | ; By default, USBDevice class uses iProduct descriptor to name the device in 47 | ; Device Manager on Windows 8 and higher. 48 | ; Uncomment for this device to use %DeviceName% on Windows 8 and higher: 49 | ;HKR,,FriendlyName,,%KernelDriver.DeviceDesc% 50 | 51 | ;-------------- Service installation 52 | [KernelDriver_Device.NT.Services] 53 | AddService = KernelDriver,%SPSVCINST_ASSOCSERVICE%, KernelDriver_Service_Inst 54 | 55 | ; -------------- KernelDriver driver install sections 56 | [KernelDriver_Service_Inst] 57 | DisplayName = %KernelDriver.SVCDESC% 58 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER 59 | StartType = 3 ; SERVICE_DEMAND_START 60 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL 61 | ServiceBinary = %12%\KernelDriver.sys 62 | 63 | ; 64 | ;--- KernelDriver_Device Coinstaller installation ------ 65 | ; 66 | 67 | [KernelDriver_Device.NT.CoInstallers] 68 | AddReg=KernelDriver_Device_CoInstaller_AddReg 69 | CopyFiles=KernelDriver_Device_CoInstaller_CopyFiles 70 | 71 | [KernelDriver_Device_CoInstaller_AddReg] 72 | ; 73 | 74 | 75 | [KernelDriver_Device_CoInstaller_CopyFiles] 76 | ; 77 | 78 | 79 | [KernelDriver_Device.NT.Wdf] 80 | KmdfService = KernelDriver, KernelDriver_wdfsect 81 | [KernelDriver_wdfsect] 82 | KmdfLibraryVersion = 1.15 83 | 84 | [Strings] 85 | SPSVCINST_ASSOCSERVICE= 0x00000002 86 | ManufacturerName="" ;TODO: Replace with your manufacturer name 87 | ClassName="Universal Serial Bus devices" 88 | DiskName = "KernelDriver Installation Disk" 89 | KernelDriver.DeviceDesc = "KernelDriver Device" 90 | KernelDriver.SVCDESC = "KernelDriver Service" 91 | REG_MULTI_SZ = 0x00010000 92 | -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.log: -------------------------------------------------------------------------------- 1 |  Building 'KernelDriver' with toolset 'WindowsKernelModeDriver10.0' and the 'Universal' target platform. 2 | Stamping x64\Release\KernelDriver.inf 3 | Stamping [Version] section with DriverVer=01/04/2023,1.28.16.918 4 | entry.c 5 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\structs.h(41,3): warning C4201: nonstandard extension used: nameless struct/union 6 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\structs.h(46,3): warning C4201: nonstandard extension used: nameless struct/union 7 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\memory.h(63,53): warning C4047: '=': 'LONGLONG' differs in levels of indirection from 'PVOID' 8 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\memory.h(81,41): warning C4022: 'ReadPhysicalAddress': pointer mismatch for actual parameter 1 9 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\memory.h(86,37): warning C4022: 'ReadPhysicalAddress': pointer mismatch for actual parameter 1 10 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\memory.h(95,36): warning C4022: 'ReadPhysicalAddress': pointer mismatch for actual parameter 1 11 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\memory.h(104,40): warning C4022: 'ReadPhysicalAddress': pointer mismatch for actual parameter 1 12 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\memory.h(119,46): warning C4022: 'PsLookupProcessByProcessId': pointer mismatch for actual parameter 1 13 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\memory.h(134,31): warning C4022: 'ReadPhysicalAddress': pointer mismatch for actual parameter 1 14 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\memory.h(152,38): warning C4047: '=': 'LONGLONG' differs in levels of indirection from 'PVOID' 15 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\memory.h(171,46): warning C4022: 'PsLookupProcessByProcessId': pointer mismatch for actual parameter 1 16 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\memory.h(186,32): warning C4022: 'WritePhysicalAddress': pointer mismatch for actual parameter 1 17 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\memory.h(209,51): warning C4996: 'ExAllocatePool': ExAllocatePool is deprecated, use ExAllocatePool2. 18 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\entry.c(77,12): warning C4047: 'initializing': 'uint64_t' differs in levels of indirection from 'PVOID' 19 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\entry.c(136,11): warning C4101: 'status': unreferenced local variable 20 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\KernelDriver\entry.c(148): warning C4716: 'UnloadDriver': must return a value 21 | KernelDriver.vcxproj -> C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\x64\Release\KernelDriver.sys 22 | Done Adding Additional Store 23 | Successfully signed: C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\x64\Release\KernelDriver.sys 24 | 25 | Driver is 'Universal'. 26 | ........................ 27 | Signability test complete. 28 | 29 | Errors: 30 | None 31 | 32 | Warnings: 33 | None 34 | 35 | Catalog generation complete. 36 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\x64\Release\KernelDriver\kerneldriver.cat 37 | Done Adding Additional Store 38 | Successfully signed: C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\x64\Release\KernelDriver\kerneldriver.cat 39 | 40 | -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.sys.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\x64\Release\KernelDriver.sys 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/Inf2Cat.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/Inf2Cat.command.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/KernelDriver.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=WindowsKernelModeDriver10.0:VCToolArchitecture=Native64Bit:VCToolsVersion=14.34.31933:TargetPlatformVersion=10.0.22621.0: 2 | Release|x64|C:\Users\16026\Desktop\release\Kernel Driver\KernelDriver\| 3 | -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/inf2cat-expand.20896.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/inf2cat-expand.20896.read.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/inf2cat-expand.20896.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/inf2cat-expand.20896.write.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/inf2cat-expand.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/inf2cat-expand.read.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/inf2cat-expand.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/inf2cat-expand.write.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/inf2cat.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/inf2cat.read.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/inf2cat.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/inf2cat.write.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/link.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/link.command.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/link.read.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/link.write.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/signtool.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/signtool.command.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/signtool.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/signtool.read.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/signtool.timestamp.1.tlog: -------------------------------------------------------------------------------- 1 | C:\USERS\16026\DESKTOP\RELEASE\KERNEL DRIVER\KERNELDRIVER\X64\RELEASE\KERNELDRIVER.SYS|638084176990742688 2 | C:\USERS\16026\DESKTOP\RELEASE\KERNEL DRIVER\KERNELDRIVER\X64\RELEASE\KERNELDRIVER\KERNELDRIVER.CAT|638084177020993381 3 | -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/signtool.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/signtool.write.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/stampinf.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/stampinf.command.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/stampinf.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/stampinf.read.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/KernelDriver.tlog/stampinf.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/KernelDriver.tlog/stampinf.write.1.tlog -------------------------------------------------------------------------------- /KernelDriver/x64/Release/entry.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/entry.obj -------------------------------------------------------------------------------- /KernelDriver/x64/Release/vc143.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/KernelDriver/x64/Release/vc143.pdb -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Karanpreet Singh 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # IOCTL-Kernel-Driver 2 | Kernel Driver which can be used to read guarded regions, read/write/ protect/ or allocate memory in desired process! 3 | 4 | Cons: 5 | 6 | Driver is not signed, but you can find one easily by googling the internet for a leaked EV/OV cert. Cannot load drivers using "sc create" command. You must make your own mapper/ use KDmapper/ Lenovo Mapper to load the driver. 7 | 8 | BTW: 9 | 10 | For game hacking, IOCTL is really shitty on the newer anti-cheats; you will get clapped. 11 | -------------------------------------------------------------------------------- /x64/Release/KernelDriver.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/x64/Release/KernelDriver.cer -------------------------------------------------------------------------------- /x64/Release/KernelDriver.inf: -------------------------------------------------------------------------------- 1 | ; 2 | ; KernelDriver.inf 3 | ; 4 | 5 | [Version] 6 | Signature="$WINDOWS NT$" 7 | Class=USBDevice 8 | ClassGuid={88BAE032-5A81-49f0-BC3D-A4FF138216D6} 9 | Provider=%ManufacturerName% 10 | CatalogFile=KernelDriver.cat 11 | DriverVer = 01/04/2023,1.28.16.918 12 | PnpLockDown=1 13 | 14 | [DestinationDirs] 15 | DefaultDestDir = 12 16 | KernelDriver_Device_CoInstaller_CopyFiles = 11 17 | 18 | [SourceDisksNames] 19 | 1 = %DiskName%,,,"" 20 | 21 | [SourceDisksFiles] 22 | KernelDriver.sys = 1,, 23 | ; 24 | 25 | 26 | ;***************************************** 27 | ; Install Section 28 | ;***************************************** 29 | 30 | [Manufacturer] 31 | %ManufacturerName%=Standard,NTamd64 32 | 33 | [Standard.NTamd64] 34 | %KernelDriver.DeviceDesc%=KernelDriver_Device, USB\VID_vvvv&PID_pppp 35 | 36 | [KernelDriver_Device.NT] 37 | CopyFiles=Drivers_Dir 38 | 39 | [Drivers_Dir] 40 | KernelDriver.sys 41 | 42 | [KernelDriver_Device.NT.HW] 43 | AddReg=KernelDriver_AddReg 44 | 45 | [KernelDriver_AddReg] 46 | ; By default, USBDevice class uses iProduct descriptor to name the device in 47 | ; Device Manager on Windows 8 and higher. 48 | ; Uncomment for this device to use %DeviceName% on Windows 8 and higher: 49 | ;HKR,,FriendlyName,,%KernelDriver.DeviceDesc% 50 | 51 | ;-------------- Service installation 52 | [KernelDriver_Device.NT.Services] 53 | AddService = KernelDriver,%SPSVCINST_ASSOCSERVICE%, KernelDriver_Service_Inst 54 | 55 | ; -------------- KernelDriver driver install sections 56 | [KernelDriver_Service_Inst] 57 | DisplayName = %KernelDriver.SVCDESC% 58 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER 59 | StartType = 3 ; SERVICE_DEMAND_START 60 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL 61 | ServiceBinary = %12%\KernelDriver.sys 62 | 63 | ; 64 | ;--- KernelDriver_Device Coinstaller installation ------ 65 | ; 66 | 67 | [KernelDriver_Device.NT.CoInstallers] 68 | AddReg=KernelDriver_Device_CoInstaller_AddReg 69 | CopyFiles=KernelDriver_Device_CoInstaller_CopyFiles 70 | 71 | [KernelDriver_Device_CoInstaller_AddReg] 72 | ; 73 | 74 | 75 | [KernelDriver_Device_CoInstaller_CopyFiles] 76 | ; 77 | 78 | 79 | [KernelDriver_Device.NT.Wdf] 80 | KmdfService = KernelDriver, KernelDriver_wdfsect 81 | [KernelDriver_wdfsect] 82 | KmdfLibraryVersion = 1.15 83 | 84 | [Strings] 85 | SPSVCINST_ASSOCSERVICE= 0x00000002 86 | ManufacturerName="" ;TODO: Replace with your manufacturer name 87 | ClassName="Universal Serial Bus devices" 88 | DiskName = "KernelDriver Installation Disk" 89 | KernelDriver.DeviceDesc = "KernelDriver Device" 90 | KernelDriver.SVCDESC = "KernelDriver Service" 91 | REG_MULTI_SZ = 0x00010000 92 | -------------------------------------------------------------------------------- /x64/Release/KernelDriver.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/x64/Release/KernelDriver.pdb -------------------------------------------------------------------------------- /x64/Release/KernelDriver/KernelDriver.inf: -------------------------------------------------------------------------------- 1 | ; 2 | ; KernelDriver.inf 3 | ; 4 | 5 | [Version] 6 | Signature="$WINDOWS NT$" 7 | Class=USBDevice 8 | ClassGuid={88BAE032-5A81-49f0-BC3D-A4FF138216D6} 9 | Provider=%ManufacturerName% 10 | CatalogFile=KernelDriver.cat 11 | DriverVer = 01/04/2023,1.28.16.918 12 | PnpLockDown=1 13 | 14 | [DestinationDirs] 15 | DefaultDestDir = 12 16 | KernelDriver_Device_CoInstaller_CopyFiles = 11 17 | 18 | [SourceDisksNames] 19 | 1 = %DiskName%,,,"" 20 | 21 | [SourceDisksFiles] 22 | KernelDriver.sys = 1,, 23 | ; 24 | 25 | 26 | ;***************************************** 27 | ; Install Section 28 | ;***************************************** 29 | 30 | [Manufacturer] 31 | %ManufacturerName%=Standard,NTamd64 32 | 33 | [Standard.NTamd64] 34 | %KernelDriver.DeviceDesc%=KernelDriver_Device, USB\VID_vvvv&PID_pppp 35 | 36 | [KernelDriver_Device.NT] 37 | CopyFiles=Drivers_Dir 38 | 39 | [Drivers_Dir] 40 | KernelDriver.sys 41 | 42 | [KernelDriver_Device.NT.HW] 43 | AddReg=KernelDriver_AddReg 44 | 45 | [KernelDriver_AddReg] 46 | ; By default, USBDevice class uses iProduct descriptor to name the device in 47 | ; Device Manager on Windows 8 and higher. 48 | ; Uncomment for this device to use %DeviceName% on Windows 8 and higher: 49 | ;HKR,,FriendlyName,,%KernelDriver.DeviceDesc% 50 | 51 | ;-------------- Service installation 52 | [KernelDriver_Device.NT.Services] 53 | AddService = KernelDriver,%SPSVCINST_ASSOCSERVICE%, KernelDriver_Service_Inst 54 | 55 | ; -------------- KernelDriver driver install sections 56 | [KernelDriver_Service_Inst] 57 | DisplayName = %KernelDriver.SVCDESC% 58 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER 59 | StartType = 3 ; SERVICE_DEMAND_START 60 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL 61 | ServiceBinary = %12%\KernelDriver.sys 62 | 63 | ; 64 | ;--- KernelDriver_Device Coinstaller installation ------ 65 | ; 66 | 67 | [KernelDriver_Device.NT.CoInstallers] 68 | AddReg=KernelDriver_Device_CoInstaller_AddReg 69 | CopyFiles=KernelDriver_Device_CoInstaller_CopyFiles 70 | 71 | [KernelDriver_Device_CoInstaller_AddReg] 72 | ; 73 | 74 | 75 | [KernelDriver_Device_CoInstaller_CopyFiles] 76 | ; 77 | 78 | 79 | [KernelDriver_Device.NT.Wdf] 80 | KmdfService = KernelDriver, KernelDriver_wdfsect 81 | [KernelDriver_wdfsect] 82 | KmdfLibraryVersion = 1.15 83 | 84 | [Strings] 85 | SPSVCINST_ASSOCSERVICE= 0x00000002 86 | ManufacturerName="" ;TODO: Replace with your manufacturer name 87 | ClassName="Universal Serial Bus devices" 88 | DiskName = "KernelDriver Installation Disk" 89 | KernelDriver.DeviceDesc = "KernelDriver Device" 90 | KernelDriver.SVCDESC = "KernelDriver Service" 91 | REG_MULTI_SZ = 0x00010000 92 | -------------------------------------------------------------------------------- /x64/Release/KernelDriver/KernelDriver.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/x64/Release/KernelDriver/KernelDriver.sys -------------------------------------------------------------------------------- /x64/Release/KernelDriver/kerneldriver.cat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/singhhdev/IOCTL-Kernel-Driver/d14cdaa5c8a4850fa52a9f2d1fe60d993dd23d7a/x64/Release/KernelDriver/kerneldriver.cat --------------------------------------------------------------------------------