├── .gitignore
├── LICENSE
├── README.md
├── driver
    ├── communication
    │   ├── dispatch.c
    │   └── dispatch.h
    ├── km-mouse.inf
    ├── km-mouse.vcxproj
    ├── km-mouse.vcxproj.filters
    ├── km-mouse.vcxproj.user
    ├── main.c
    ├── memory
    │   ├── memory.c
    │   ├── memory.h
    │   ├── process.c
    │   └── process.h
    ├── mouse
    │   ├── mouse.asm
    │   └── mouse.h
    └── utils
    │   ├── defs.h
    │   └── message.h
├── examples
    ├── security_check.png
    └── test.png
└── km-mouse.sln


/.gitignore:
--------------------------------------------------------------------------------
   1 | ##### Windows
   2 | # Windows thumbnail cache files
   3 | Thumbs.db
   4 | Thumbs.db:encryptable
   5 | ehthumbs.db
   6 | ehthumbs_vista.db
   7 | 
   8 | # Dump file
   9 | *.stackdump
  10 | 
  11 | # Folder config file
  12 | [Dd]esktop.ini
  13 | 
  14 | # Recycle Bin used on file shares
  15 | $RECYCLE.BIN/
  16 | 
  17 | # Windows Installer files
  18 | *.cab
  19 | *.msi
  20 | *.msix
  21 | *.msm
  22 | *.msp
  23 | 
  24 | # Windows shortcuts
  25 | *.lnk
  26 | 
  27 | ##### Linux
  28 | *~
  29 | 
  30 | # temporary files which can be created if a process still has a handle open of a deleted file
  31 | .fuse_hidden*
  32 | 
  33 | # KDE directory preferences
  34 | .directory
  35 | 
  36 | # Linux trash folder which might appear on any partition or disk
  37 | .Trash-*
  38 | 
  39 | # .nfs files are created when an open file is removed but is still being accessed
  40 | .nfs*
  41 | 
  42 | ##### MacOS
  43 | # General
  44 | .DS_Store
  45 | .AppleDouble
  46 | .LSOverride
  47 | 
  48 | # Thumbnails
  49 | ._*
  50 | 
  51 | # Files that might appear in the root of a volume
  52 | .DocumentRevisions-V100
  53 | .fseventsd
  54 | .Spotlight-V100
  55 | .TemporaryItems
  56 | .Trashes
  57 | .VolumeIcon.icns
  58 | .com.apple.timemachine.donotpresent
  59 | 
  60 | # Directories potentially created on remote AFP share
  61 | .AppleDB
  62 | .AppleDesktop
  63 | Network Trash Folder
  64 | Temporary Items
  65 | .apdisk
  66 | 
  67 | ##### Android
  68 | # Built application files
  69 | *.apk
  70 | *.ap_
  71 | *.aab
  72 | 
  73 | # Files for the ART/Dalvik VM
  74 | *.dex
  75 | 
  76 | # Java class files
  77 | *.class
  78 | 
  79 | # Generated files
  80 | bin/
  81 | gen/
  82 | out/
  83 | #  Uncomment the following line in case you need and you don't have the release build type files in your app
  84 | # release/
  85 | 
  86 | # Gradle files
  87 | .gradle/
  88 | build/
  89 | 
  90 | # Local configuration file (sdk path, etc)
  91 | local.properties
  92 | 
  93 | # Proguard folder generated by Eclipse
  94 | proguard/
  95 | 
  96 | # Log Files
  97 | *.log
  98 | 
  99 | # Android Studio Navigation editor temp files
 100 | .navigation/
 101 | 
 102 | # Android Studio captures folder
 103 | captures/
 104 | 
 105 | # IntelliJ
 106 | *.iml
 107 | .idea/workspace.xml
 108 | .idea/tasks.xml
 109 | .idea/gradle.xml
 110 | .idea/assetWizardSettings.xml
 111 | .idea/dictionaries
 112 | .idea/libraries
 113 | # Android Studio 3 in .gitignore file.
 114 | .idea/caches
 115 | .idea/modules.xml
 116 | # Comment next line if keeping position of elements in Navigation Editor is relevant for you
 117 | .idea/navEditor.xml
 118 | 
 119 | # Keystore files
 120 | # Uncomment the following lines if you do not want to check your keystore files in.
 121 | #*.jks
 122 | #*.keystore
 123 | 
 124 | # External native build folder generated in Android Studio 2.2 and later
 125 | .externalNativeBuild
 126 | 
 127 | # Google Services (e.g. APIs or Firebase)
 128 | # google-services.nlohmann
 129 | 
 130 | # Freeline
 131 | freeline.py
 132 | freeline/
 133 | freeline_project_description.json
 134 | 
 135 | # fastlane
 136 | fastlane/report.xml
 137 | fastlane/Preview.html
 138 | fastlane/screenshots
 139 | fastlane/test_output
 140 | fastlane/readme.md
 141 | 
 142 | # Version control
 143 | vcs.xml
 144 | 
 145 | # lint
 146 | lint/intermediates/
 147 | lint/generated/
 148 | lint/outputs/
 149 | lint/tmp/
 150 | # lint/reports/
 151 | 
 152 | ##### Backup
 153 | *.bak
 154 | *.gho
 155 | *.ori
 156 | *.orig
 157 | *.tmp
 158 | 
 159 | ##### GPG
 160 | secring.*
 161 | 
 162 | ##### Dropbox
 163 | # Dropbox settings and caches
 164 | .dropbox
 165 | .dropbox.attr
 166 | .dropbox.cache
 167 | 
 168 | ##### SynopsysVCS
 169 | # Waveform formats
 170 | *.vcd
 171 | *.vpd
 172 | *.evcd
 173 | *.fsdb
 174 | 
 175 | # Default name of the simulation executable.  A different name can be
 176 | # specified with this switch (the associated daidir database name is
 177 | # also taken from here):  -o <path>/<filename>
 178 | simv
 179 | 
 180 | # Generated for Verilog and VHDL top configs
 181 | simv.daidir/
 182 | simv.db.dir/
 183 | 
 184 | # Infrastructure necessary to co-simulate SystemC models with
 185 | # Verilog/VHDL models.  An alternate directory may be specified with this
 186 | # switch:  -Mdir=<directory_path>
 187 | csrc/
 188 | 
 189 | # Log file - the following switch allows to specify the file that will be
 190 | # used to write all messages from simulation:  -l <filename>
 191 | *.log
 192 | 
 193 | # Coverage results (generated with urg) and database location.  The
 194 | # following switch can also be used:  urg -dir <coverage_directory>.vdb
 195 | simv.vdb/
 196 | urgReport/
 197 | 
 198 | # DVE and UCLI related files.
 199 | DVEfiles/
 200 | ucli.key
 201 | 
 202 | # When the design is elaborated for DirectC, the following file is created
 203 | # with declarations for C/C++ functions.
 204 | vc_hdrs.h
 205 | 
 206 | ##### SVN
 207 | .svn/
 208 | 
 209 | ##### Mercurial
 210 | .hg/
 211 | .hgignore
 212 | .hgsigs
 213 | .hgsub
 214 | .hgsubstate
 215 | .hgtags
 216 | 
 217 | ##### Bazaar
 218 | .bzr/
 219 | .bzrignore
 220 | 
 221 | ##### CVS
 222 | /CVS/*
 223 | **/CVS/*
 224 | .cvsignore
 225 | */.cvsignore
 226 | 
 227 | ##### TortoiseGit
 228 | # Project-level settings
 229 | /.tgitconfig
 230 | 
 231 | ##### PuTTY
 232 | # Private key
 233 | *.ppk
 234 | 
 235 | ##### Vim
 236 | # Swap
 237 | [._]*.s[a-v][a-z]
 238 | !*.svg  # comment out if you don't need vector files
 239 | [._]*.sw[a-p]
 240 | [._]s[a-rt-v][a-z]
 241 | [._]ss[a-gi-z]
 242 | [._]sw[a-p]
 243 | 
 244 | # Session
 245 | Session.vim
 246 | Sessionx.vim
 247 | 
 248 | # Temporary
 249 | .netrwhist
 250 | *~
 251 | # Auto-generated tag files
 252 | tags
 253 | # Persistent undo
 254 | [._]*.un~
 255 | 
 256 | ##### Emacs
 257 | # -*- mode: gitignore; -*-
 258 | *~
 259 | \#*\#
 260 | /.emacs.desktop
 261 | /.emacs.desktop.lock
 262 | *.elc
 263 | auto-save-list
 264 | tramp
 265 | .\#*
 266 | 
 267 | # Org-mode
 268 | .org-id-locations
 269 | *_archive
 270 | 
 271 | # flymake-mode
 272 | *_flymake.*
 273 | 
 274 | # eshell files
 275 | /eshell/history
 276 | /eshell/lastdir
 277 | 
 278 | # elpa packages
 279 | /elpa/
 280 | 
 281 | # reftex files
 282 | *.rel
 283 | 
 284 | # AUCTeX auto folder
 285 | /auto/
 286 | 
 287 | # cask packages
 288 | .cask/
 289 | dist/
 290 | 
 291 | # Flycheck
 292 | flycheck_*.el
 293 | 
 294 | # server auth directory
 295 | /server/
 296 | 
 297 | # projectiles files
 298 | .projectile
 299 | 
 300 | # directory configuration
 301 | .dir-locals.el
 302 | 
 303 | # network security
 304 | /network-security.data
 305 | 
 306 | ##### SublimeText
 307 | # Cache files for Sublime Text
 308 | *.tmlanguage.cache
 309 | *.tmPreferences.cache
 310 | *.stTheme.cache
 311 | 
 312 | # Workspace files are user-specific
 313 | *.sublime-workspace
 314 | 
 315 | # Project files should be checked into the repository, unless a significant
 316 | # proportion of contributors will probably not be using Sublime Text
 317 | # *.sublime-project
 318 | 
 319 | # SFTP configuration file
 320 | sftp-config.json
 321 | sftp-config-alt*.json
 322 | 
 323 | # Package control specific files
 324 | Package Control.last-run
 325 | Package Control.ca-list
 326 | Package Control.ca-bundle
 327 | Package Control.system-ca-bundle
 328 | Package Control.cache/
 329 | Package Control.ca-certs/
 330 | Package Control.merged-ca-bundle
 331 | Package Control.user-ca-bundle
 332 | oscrypto-ca-bundle.crt
 333 | bh_unicode_properties.cache
 334 | 
 335 | # Sublime-github package stores a github token in this file
 336 | # https://packagecontrol.io/packages/sublime-github
 337 | GitHub.sublime-settings
 338 | 
 339 | ##### Notepad++
 340 | # Notepad++ backups #
 341 | *.bak
 342 | 
 343 | ##### TextMate
 344 | *.tmproj
 345 | *.tmproject
 346 | tmtags
 347 | 
 348 | ##### VisualStudioCode
 349 | .vscode/*
 350 | !.vscode/settings.json
 351 | !.vscode/tasks.json
 352 | !.vscode/launch.json
 353 | !.vscode/extensions.json
 354 | *.code-workspace
 355 | 
 356 | # Local History for Visual Studio Code
 357 | .history/
 358 | 
 359 | ##### NetBeans
 360 | **/nbproject/private/
 361 | **/nbproject/Makefile-*.mk
 362 | **/nbproject/Package-*.bash
 363 | build/
 364 | nbbuild/
 365 | dist/
 366 | nbdist/
 367 | .nb-gradle/
 368 | 
 369 | ##### JetBrains
 370 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
 371 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
 372 | 
 373 | # User-specific stuff
 374 | .idea/**/workspace.xml
 375 | .idea/**/tasks.xml
 376 | .idea/**/usage.statistics.xml
 377 | .idea/**/dictionaries
 378 | .idea/**/shelf
 379 | 
 380 | # Generated files
 381 | .idea/**/contentModel.xml
 382 | 
 383 | # Sensitive or high-churn files
 384 | .idea/**/dataSources/
 385 | .idea/**/dataSources.ids
 386 | .idea/**/dataSources.local.xml
 387 | .idea/**/sqlDataSources.xml
 388 | .idea/**/dynamic.xml
 389 | .idea/**/uiDesigner.xml
 390 | .idea/**/dbnavigator.xml
 391 | 
 392 | # Gradle
 393 | .idea/**/gradle.xml
 394 | .idea/**/libraries
 395 | 
 396 | # Gradle and Maven with auto-import
 397 | # When using Gradle or Maven with auto-import, you should exclude module files,
 398 | # since they will be recreated, and may cause churn.  Uncomment if using
 399 | # auto-import.
 400 | # .idea/artifacts
 401 | # .idea/compiler.xml
 402 | # .idea/jarRepositories.xml
 403 | # .idea/modules.xml
 404 | # .idea/*.iml
 405 | # .idea/modules
 406 | # *.iml
 407 | # *.ipr
 408 | 
 409 | # CMake
 410 | cmake-build-*/
 411 | 
 412 | # Mongo Explorer plugin
 413 | .idea/**/mongoSettings.xml
 414 | 
 415 | # File-based project format
 416 | *.iws
 417 | 
 418 | # IntelliJ
 419 | out/
 420 | 
 421 | # mpeltonen/sbt-idea plugin
 422 | .idea_modules/
 423 | 
 424 | # JIRA plugin
 425 | atlassian-ide-plugin.xml
 426 | 
 427 | # Cursive Clojure plugin
 428 | .idea/replstate.xml
 429 | 
 430 | # Crashlytics plugin (for Android Studio and IntelliJ)
 431 | com_crashlytics_export_strings.xml
 432 | crashlytics.properties
 433 | crashlytics-build.properties
 434 | fabric.properties
 435 | 
 436 | # Editor-based Rest Client
 437 | .idea/httpRequests
 438 | 
 439 | # Android studio 3.1+ serialized cache file
 440 | .idea/caches/build_file_checksums.ser
 441 | 
 442 | ##### Eclipse
 443 | .metadata
 444 | bin/
 445 | tmp/
 446 | *.tmp
 447 | *.bak
 448 | *.swp
 449 | *~.nib
 450 | local.properties
 451 | .settings/
 452 | .loadpath
 453 | .recommenders
 454 | 
 455 | # External tool builders
 456 | .externalToolBuilders/
 457 | 
 458 | # Locally stored "Eclipse launch configurations"
 459 | *.launch
 460 | 
 461 | # PyDev specific (Python IDE for Eclipse)
 462 | *.pydevproject
 463 | 
 464 | # CDT-specific (C/C++ Development Tooling)
 465 | .cproject
 466 | 
 467 | # CDT- autotools
 468 | .autotools
 469 | 
 470 | # Java annotation processor (APT)
 471 | .factorypath
 472 | 
 473 | # PDT-specific (PHP Development Tools)
 474 | .buildpath
 475 | 
 476 | # sbteclipse plugin
 477 | .target
 478 | 
 479 | # Tern plugin
 480 | .tern-project
 481 | 
 482 | # TeXlipse plugin
 483 | .texlipse
 484 | 
 485 | # STS (Spring Tool Suite)
 486 | .springBeans
 487 | 
 488 | # Code Recommenders
 489 | .recommenders/
 490 | 
 491 | # Annotation Processing
 492 | .apt_generated/
 493 | .apt_generated_test/
 494 | 
 495 | # Scala IDE specific (Scala & Java development for Eclipse)
 496 | .cache-main
 497 | .scala_dependencies
 498 | .worksheet
 499 | 
 500 | # Uncomment this line if you wish to ignore the project description file.
 501 | # Typically, this file would be tracked if it contains build/dependency configurations:
 502 | #.project
 503 | 
 504 | ##### Qt
 505 | # C++ objects and libs
 506 | *.slo
 507 | *.lo
 508 | *.o
 509 | *.a
 510 | *.la
 511 | *.lai
 512 | *.so
 513 | *.so.*
 514 | *.dll
 515 | *.dylib
 516 | 
 517 | # Qt-es
 518 | object_script.*.Release
 519 | object_script.*.Debug
 520 | *_plugin_import.cpp
 521 | /.qmake.cache
 522 | /.qmake.stash
 523 | *.pro.user
 524 | *.pro.user.*
 525 | *.qbs.user
 526 | *.qbs.user.*
 527 | *.moc
 528 | moc_*.cpp
 529 | moc_*.h
 530 | qrc_*.cpp
 531 | ui_*.h
 532 | *.qmlc
 533 | *.jsc
 534 | Makefile*
 535 | *build-*
 536 | *.qm
 537 | *.prl
 538 | 
 539 | # Qt unit tests
 540 | target_wrapper.*
 541 | 
 542 | # QtCreator
 543 | *.autosave
 544 | 
 545 | # QtCreator Qml
 546 | *.qmlproject.user
 547 | *.qmlproject.user.*
 548 | 
 549 | # QtCreator CMake
 550 | CMakeLists.txt.user*
 551 | 
 552 | # QtCreator 4.8< compilation database
 553 | compile_commands.json
 554 | 
 555 | # QtCreator local machine specific files for imported projects
 556 | *creator.user*
 557 | 
 558 | ##### VisualStudio
 559 | ##### VisualStudio
 560 | ## Ignore Visual Studio temporary files, build results, and
 561 | ## files generated by popular Visual Studio add-ons.
 562 | ##
 563 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
 564 | 
 565 | # User-specific files
 566 | *.rsuser
 567 | *.suo
 568 | *.user
 569 | *.userosscache
 570 | *.sln.docstates
 571 | 
 572 | # User-specific files (MonoDevelop/Xamarin Studio)
 573 | *.userprefs
 574 | 
 575 | # Mono auto generated files
 576 | mono_crash.*
 577 | 
 578 | # Build results
 579 | [Dd]ebug/
 580 | [Dd]ebugPublic/
 581 | [Rr]elease/
 582 | [Rr]eleases/
 583 | x64/
 584 | x86/
 585 | [Ww][Ii][Nn]32/
 586 | [Aa][Rr][Mm]/
 587 | [Aa][Rr][Mm]64/
 588 | bld/
 589 | [Bb]in/
 590 | [Oo]bj/
 591 | [Ll]og/
 592 | [Ll]ogs/
 593 | 
 594 | # Visual Studio 2015/2017 cache/options directory
 595 | .vs/
 596 | # Uncomment if you have tasks that create the project's static files in wwwroot
 597 | #wwwroot/
 598 | 
 599 | # Visual Studio 2017 auto generated files
 600 | Generated\ Files/
 601 | 
 602 | # MSTest test Results
 603 | [Tt]est[Rr]esult*/
 604 | [Bb]uild[Ll]og.*
 605 | 
 606 | # NUnit
 607 | *.VisualState.xml
 608 | TestResult.xml
 609 | nunit-*.xml
 610 | 
 611 | # Build Results of an ATL Project
 612 | [Dd]ebugPS/
 613 | [Rr]eleasePS/
 614 | dlldata.c
 615 | 
 616 | # Benchmark Results
 617 | BenchmarkDotNet.Artifacts/
 618 | 
 619 | # .NET Core
 620 | project.lock.json
 621 | project.fragment.lock.json
 622 | artifacts/
 623 | 
 624 | # ASP.NET Scaffolding
 625 | ScaffoldingReadMe.txt
 626 | 
 627 | # StyleCop
 628 | StyleCopReport.xml
 629 | 
 630 | # Files built by Visual Studio
 631 | *_i.c
 632 | *_p.c
 633 | *_h.h
 634 | *.ilk
 635 | *.meta
 636 | *.obj
 637 | *.iobj
 638 | *.pch
 639 | *.pdb
 640 | *.ipdb
 641 | *.pgc
 642 | *.pgd
 643 | *.rsp
 644 | *.sbr
 645 | *.tlb
 646 | *.tli
 647 | *.tlh
 648 | *.tmp
 649 | *.tmp_proj
 650 | *_wpftmp.csproj
 651 | *.log
 652 | *.vspscc
 653 | *.vssscc
 654 | .builds
 655 | *.pidb
 656 | *.svclog
 657 | *.scc
 658 | 
 659 | # Chutzpah Test files
 660 | _Chutzpah*
 661 | 
 662 | # Visual C++ cache files
 663 | ipch/
 664 | *.aps
 665 | *.ncb
 666 | *.opendb
 667 | *.opensdf
 668 | *.sdf
 669 | *.cachefile
 670 | *.VC.db
 671 | *.VC.VC.opendb
 672 | 
 673 | # Visual Studio profiler
 674 | *.psess
 675 | *.vsp
 676 | *.vspx
 677 | *.sap
 678 | 
 679 | # Visual Studio Trace Files
 680 | *.e2e
 681 | 
 682 | # TFS 2012 Local Workspace
 683 | $tf/
 684 | 
 685 | # Guidance Automation Toolkit
 686 | *.gpState
 687 | 
 688 | # ReSharper is a .NET coding add-in
 689 | _ReSharper*/
 690 | *.[Rr]e[Ss]harper
 691 | *.DotSettings.user
 692 | 
 693 | # TeamCity is a build add-in
 694 | _TeamCity*
 695 | 
 696 | # DotCover is a Code Coverage Tool
 697 | *.dotCover
 698 | 
 699 | # AxoCover is a Code Coverage Tool
 700 | .axoCover/*
 701 | !.axoCover/settings.json
 702 | 
 703 | # Coverlet is a free, cross platform Code Coverage Tool
 704 | coverage*[.json, .xml, .info]
 705 | 
 706 | # Visual Studio code coverage results
 707 | *.coverage
 708 | *.coveragexml
 709 | 
 710 | # NCrunch
 711 | _NCrunch_*
 712 | .*crunch*.local.xml
 713 | nCrunchTemp_*
 714 | 
 715 | # MightyMoose
 716 | *.mm.*
 717 | AutoTest.Net/
 718 | 
 719 | # Web workbench (sass)
 720 | .sass-cache/
 721 | 
 722 | # Installshield output folder
 723 | [Ee]xpress/
 724 | 
 725 | # DocProject is a documentation generator add-in
 726 | DocProject/buildhelp/
 727 | DocProject/Help/*.HxT
 728 | DocProject/Help/*.HxC
 729 | DocProject/Help/*.hhc
 730 | DocProject/Help/*.hhk
 731 | DocProject/Help/*.hhp
 732 | DocProject/Help/Html2
 733 | DocProject/Help/html
 734 | 
 735 | # Click-Once directory
 736 | publish/
 737 | 
 738 | # Publish Web Output
 739 | *.[Pp]ublish.xml
 740 | *.azurePubxml
 741 | # Note: Comment the next line if you want to checkin your web deploy settings,
 742 | # but database connection strings (with potential passwords) will be unencrypted
 743 | *.pubxml
 744 | *.publishproj
 745 | 
 746 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
 747 | # checkin your Azure Web App publish settings, but sensitive information contained
 748 | # in these scripts will be unencrypted
 749 | PublishScripts/
 750 | 
 751 | # NuGet Packages
 752 | *.nupkg
 753 | # NuGet Symbol Packages
 754 | *.snupkg
 755 | # The packages folder can be ignored because of Package Restore
 756 | **/[Pp]ackages/*
 757 | # except build/, which is used as an MSBuild target.
 758 | !**/[Pp]ackages/build/
 759 | # Uncomment if necessary however generally it will be regenerated when needed
 760 | #!**/[Pp]ackages/repositories.config
 761 | # NuGet v3's project.nlohmann files produces more ignorable files
 762 | *.nuget.props
 763 | *.nuget.targets
 764 | 
 765 | # Microsoft Azure Build Output
 766 | csx/
 767 | *.build.csdef
 768 | 
 769 | # Microsoft Azure Emulator
 770 | ecf/
 771 | rcf/
 772 | 
 773 | # Windows Store app package directories and files
 774 | AppPackages/
 775 | BundleArtifacts/
 776 | Package.StoreAssociation.xml
 777 | _pkginfo.txt
 778 | *.appx
 779 | *.appxbundle
 780 | *.appxupload
 781 | 
 782 | # Visual Studio cache files
 783 | # files ending in .cache can be ignored
 784 | *.[Cc]ache
 785 | # but keep track of directories ending in .cache
 786 | !?*.[Cc]ache/
 787 | 
 788 | # Others
 789 | ClientBin/
 790 | ~$*
 791 | *~
 792 | *.dbmdl
 793 | *.dbproj.schemaview
 794 | *.jfm
 795 | *.pfx
 796 | *.publishsettings
 797 | orleans.codegen.cs
 798 | 
 799 | # Including strong name files can present a security risk
 800 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
 801 | #*.snk
 802 | 
 803 | # Since there are multiple workflows, uncomment next line to ignore bower_components
 804 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
 805 | #bower_components/
 806 | 
 807 | # RIA/Silverlight projects
 808 | Generated_Code/
 809 | 
 810 | # Backup & report files from converting an old project file
 811 | # to a newer Visual Studio version. Backup files are not needed,
 812 | # because we have git ;-)
 813 | _UpgradeReport_Files/
 814 | Backup*/
 815 | UpgradeLog*.XML
 816 | UpgradeLog*.htm
 817 | ServiceFabricBackup/
 818 | *.rptproj.bak
 819 | 
 820 | # SQL Server files
 821 | *.mdf
 822 | *.ldf
 823 | *.ndf
 824 | 
 825 | # Business Intelligence projects
 826 | *.rdl.data
 827 | *.bim.layout
 828 | *.bim_*.settings
 829 | *.rptproj.rsuser
 830 | *- [Bb]ackup.rdl
 831 | *- [Bb]ackup ([0-9]).rdl
 832 | *- [Bb]ackup ([0-9][0-9]).rdl
 833 | 
 834 | # Microsoft Fakes
 835 | FakesAssemblies/
 836 | 
 837 | # GhostDoc plugin setting file
 838 | *.GhostDoc.xml
 839 | 
 840 | # Node.js Tools for Visual Studio
 841 | .ntvs_analysis.dat
 842 | node_modules/
 843 | 
 844 | # Visual Studio 6 build log
 845 | *.plg
 846 | 
 847 | # Visual Studio 6 workspace options file
 848 | *.opt
 849 | 
 850 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
 851 | *.vbw
 852 | 
 853 | # Visual Studio LightSwitch build output
 854 | **/*.HTMLClient/GeneratedArtifacts
 855 | **/*.DesktopClient/GeneratedArtifacts
 856 | **/*.DesktopClient/ModelManifest.xml
 857 | **/*.Server/GeneratedArtifacts
 858 | **/*.Server/ModelManifest.xml
 859 | _Pvt_Extensions
 860 | 
 861 | # Paket dependency manager
 862 | .paket/paket.exe
 863 | paket-files/
 864 | 
 865 | # FAKE - F# Make
 866 | .fake/
 867 | 
 868 | # CodeRush personal settings
 869 | .cr/personal
 870 | 
 871 | # Python Tools for Visual Studio (PTVS)
 872 | __pycache__/
 873 | *.pyc
 874 | 
 875 | # Cake - Uncomment if you are using it
 876 | # tools/**
 877 | # !tools/packages.config
 878 | 
 879 | # Tabs Studio
 880 | *.tss
 881 | 
 882 | # Telerik's JustMock configuration file
 883 | *.jmconfig
 884 | 
 885 | # BizTalk build output
 886 | *.btp.cs
 887 | *.btm.cs
 888 | *.odx.cs
 889 | *.xsd.cs
 890 | 
 891 | # OpenCover UI analysis results
 892 | OpenCover/
 893 | 
 894 | # Azure Stream Analytics local run output
 895 | ASALocalRun/
 896 | 
 897 | # MSBuild Binary and Structured Log
 898 | *.binlog
 899 | 
 900 | # NVidia Nsight GPU debugger configuration file
 901 | *.nvuser
 902 | 
 903 | # MFractors (Xamarin productivity tool) working folder
 904 | .mfractor/
 905 | 
 906 | # Local History for Visual Studio
 907 | .localhistory/
 908 | 
 909 | # BeatPulse healthcheck temp database
 910 | healthchecksdb
 911 | 
 912 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
 913 | MigrationBackup/
 914 | 
 915 | # Ionide (cross platform F# VS Code tools) working folder
 916 | .ionide/
 917 | 
 918 | # Fody - auto-generated XML schema
 919 | FodyWeavers.xsd
 920 | 
 921 | ##### Gradle
 922 | .gradle
 923 | **/build/
 924 | !src/**/build/
 925 | 
 926 | # Ignore Gradle GUI config
 927 | gradle-app.setting
 928 | 
 929 | # Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)
 930 | !gradle-wrapper.jar
 931 | 
 932 | # Cache of project
 933 | .gradletasknamecache
 934 | 
 935 | # # Work around https://youtrack.jetbrains.com/issue/IDEA-116898
 936 | # gradle/wrapper/gradle-wrapper.properties
 937 | 
 938 | ##### CMake
 939 | CMakeLists.txt.user
 940 | CMakeCache.txt
 941 | CMakeFiles
 942 | CMakeScripts
 943 | Testing
 944 | Makefile
 945 | cmake_install.cmake
 946 | install_manifest.txt
 947 | compile_commands.json
 948 | CTestTestfile.cmake
 949 | _deps
 950 | 
 951 | ##### C++
 952 | # Prerequisites
 953 | *.d
 954 | 
 955 | # Compiled Object files
 956 | *.slo
 957 | *.lo
 958 | *.o
 959 | *.obj
 960 | 
 961 | # Precompiled Headers
 962 | *.gch
 963 | *.pch
 964 | 
 965 | # Compiled Dynamic libraries
 966 | *.so
 967 | *.dylib
 968 | *.dll
 969 | 
 970 | # Fortran module files
 971 | *.mod
 972 | *.smod
 973 | 
 974 | # Compiled Static libraries
 975 | *.lai
 976 | *.la
 977 | *.a
 978 | *.lib
 979 | 
 980 | # Executables
 981 | *.exe
 982 | *.out
 983 | *.app
 984 | 
 985 | # C/C++ binary extension file
 986 | *.bin
 987 | 
 988 | ##### C
 989 | # Prerequisites
 990 | *.d
 991 | 
 992 | # Object files
 993 | *.o
 994 | *.ko
 995 | *.obj
 996 | *.elf
 997 | 
 998 | # Linker output
 999 | *.ilk
1000 | *.map
1001 | *.exp
1002 | 
1003 | # Precompiled Headers
1004 | *.gch
1005 | *.pch
1006 | 
1007 | # Libraries
1008 | *.lib
1009 | *.a
1010 | *.la
1011 | *.lo
1012 | 
1013 | # General
1014 | *.json
1015 | *.yml
1016 | *.yaml
1017 | *.db
1018 | *.sql
1019 | 
1020 | # Shared objects (inc. Windows DLLs)
1021 | *.dll
1022 | *.so
1023 | *.so.*
1024 | *.dylib
1025 | 
1026 | # Executables
1027 | *.exe
1028 | *.out
1029 | *.app
1030 | *.i*86
1031 | *.x86_64
1032 | *.hex
1033 | 
1034 | # Debug files
1035 | *.dSYM/
1036 | *.su
1037 | *.idb
1038 | *.pdb
1039 | 
1040 | # Kernel Module Compile Results
1041 | *.mod*
1042 | *.cmd
1043 | .tmp_versions/
1044 | modules.order
1045 | Module.symvers
1046 | Mkfile.old
1047 | dkms.conf
1048 | 
1049 | # Raspberry Pi Pico Object file
1050 | *.uf2
1051 | # Raspberry Pi Pico disassembler file
1052 | *.dis


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU GENERAL PUBLIC LICENSE
  2 |                        Version 2, June 1991
  3 | 
  4 |  Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
  5 |  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  6 |  Everyone is permitted to copy and distribute verbatim copies
  7 |  of this license document, but changing it is not allowed.
  8 | 
  9 |                             Preamble
 10 | 
 11 |   The licenses for most software are designed to take away your
 12 | freedom to share and change it.  By contrast, the GNU General Public
 13 | License is intended to guarantee your freedom to share and change free
 14 | software--to make sure the software is free for all its users.  This
 15 | General Public License applies to most of the Free Software
 16 | Foundation's software and to any other program whose authors commit to
 17 | using it.  (Some other Free Software Foundation software is covered by
 18 | the GNU Lesser General Public License instead.)  You can apply it to
 19 | your programs, too.
 20 | 
 21 |   When we speak of free software, we are referring to freedom, not
 22 | price.  Our General Public Licenses are designed to make sure that you
 23 | have the freedom to distribute copies of free software (and charge for
 24 | this service if you wish), that you receive source code or can get it
 25 | if you want it, that you can change the software or use pieces of it
 26 | in new free programs; and that you know you can do these things.
 27 | 
 28 |   To protect your rights, we need to make restrictions that forbid
 29 | anyone to deny you these rights or to ask you to surrender the rights.
 30 | These restrictions translate to certain responsibilities for you if you
 31 | distribute copies of the software, or if you modify it.
 32 | 
 33 |   For example, if you distribute copies of such a program, whether
 34 | gratis or for a fee, you must give the recipients all the rights that
 35 | you have.  You must make sure that they, too, receive or can get the
 36 | source code.  And you must show them these terms so they know their
 37 | rights.
 38 | 
 39 |   We protect your rights with two steps: (1) copyright the software, and
 40 | (2) offer you this license which gives you legal permission to copy,
 41 | distribute and/or modify the software.
 42 | 
 43 |   Also, for each author's protection and ours, we want to make certain
 44 | that everyone understands that there is no warranty for this free
 45 | software.  If the software is modified by someone else and passed on, we
 46 | want its recipients to know that what they have is not the original, so
 47 | that any problems introduced by others will not reflect on the original
 48 | authors' reputations.
 49 | 
 50 |   Finally, any free program is threatened constantly by software
 51 | patents.  We wish to avoid the danger that redistributors of a free
 52 | program will individually obtain patent licenses, in effect making the
 53 | program proprietary.  To prevent this, we have made it clear that any
 54 | patent must be licensed for everyone's free use or not licensed at all.
 55 | 
 56 |   The precise terms and conditions for copying, distribution and
 57 | modification follow.
 58 | 
 59 |                     GNU GENERAL PUBLIC LICENSE
 60 |    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 61 | 
 62 |   0. This License applies to any program or other work which contains
 63 | a notice placed by the copyright holder saying it may be distributed
 64 | under the terms of this General Public License.  The "Program", below,
 65 | refers to any such program or work, and a "work based on the Program"
 66 | means either the Program or any derivative work under copyright law:
 67 | that is to say, a work containing the Program or a portion of it,
 68 | either verbatim or with modifications and/or translated into another
 69 | language.  (Hereinafter, translation is included without limitation in
 70 | the term "modification".)  Each licensee is addressed as "you".
 71 | 
 72 | Activities other than copying, distribution and modification are not
 73 | covered by this License; they are outside its scope.  The act of
 74 | running the Program is not restricted, and the output from the Program
 75 | is covered only if its contents constitute a work based on the
 76 | Program (independent of having been made by running the Program).
 77 | Whether that is true depends on what the Program does.
 78 | 
 79 |   1. You may copy and distribute verbatim copies of the Program's
 80 | source code as you receive it, in any medium, provided that you
 81 | conspicuously and appropriately publish on each copy an appropriate
 82 | copyright notice and disclaimer of warranty; keep intact all the
 83 | notices that refer to this License and to the absence of any warranty;
 84 | and give any other recipients of the Program a copy of this License
 85 | along with the Program.
 86 | 
 87 | You may charge a fee for the physical act of transferring a copy, and
 88 | you may at your option offer warranty protection in exchange for a fee.
 89 | 
 90 |   2. You may modify your copy or copies of the Program or any portion
 91 | of it, thus forming a work based on the Program, and copy and
 92 | distribute such modifications or work under the terms of Section 1
 93 | above, provided that you also meet all of these conditions:
 94 | 
 95 |     a) You must cause the modified files to carry prominent notices
 96 |     stating that you changed the files and the date of any change.
 97 | 
 98 |     b) You must cause any work that you distribute or publish, that in
 99 |     whole or in part contains or is derived from the Program or any
100 |     part thereof, to be licensed as a whole at no charge to all third
101 |     parties under the terms of this License.
102 | 
103 |     c) If the modified program normally reads commands interactively
104 |     when run, you must cause it, when started running for such
105 |     interactive use in the most ordinary way, to print or display an
106 |     announcement including an appropriate copyright notice and a
107 |     notice that there is no warranty (or else, saying that you provide
108 |     a warranty) and that users may redistribute the program under
109 |     these conditions, and telling the user how to view a copy of this
110 |     License.  (Exception: if the Program itself is interactive but
111 |     does not normally print such an announcement, your work based on
112 |     the Program is not required to print an announcement.)
113 | 
114 | These requirements apply to the modified work as a whole.  If
115 | identifiable sections of that work are not derived from the Program,
116 | and can be reasonably considered independent and separate works in
117 | themselves, then this License, and its terms, do not apply to those
118 | sections when you distribute them as separate works.  But when you
119 | distribute the same sections as part of a whole which is a work based
120 | on the Program, the distribution of the whole must be on the terms of
121 | this License, whose permissions for other licensees extend to the
122 | entire whole, and thus to each and every part regardless of who wrote it.
123 | 
124 | Thus, it is not the intent of this section to claim rights or contest
125 | your rights to work written entirely by you; rather, the intent is to
126 | exercise the right to control the distribution of derivative or
127 | collective works based on the Program.
128 | 
129 | In addition, mere aggregation of another work not based on the Program
130 | with the Program (or with a work based on the Program) on a volume of
131 | a storage or distribution medium does not bring the other work under
132 | the scope of this License.
133 | 
134 |   3. You may copy and distribute the Program (or a work based on it,
135 | under Section 2) in object code or executable form under the terms of
136 | Sections 1 and 2 above provided that you also do one of the following:
137 | 
138 |     a) Accompany it with the complete corresponding machine-readable
139 |     source code, which must be distributed under the terms of Sections
140 |     1 and 2 above on a medium customarily used for software interchange; or,
141 | 
142 |     b) Accompany it with a written offer, valid for at least three
143 |     years, to give any third party, for a charge no more than your
144 |     cost of physically performing source distribution, a complete
145 |     machine-readable copy of the corresponding source code, to be
146 |     distributed under the terms of Sections 1 and 2 above on a medium
147 |     customarily used for software interchange; or,
148 | 
149 |     c) Accompany it with the information you received as to the offer
150 |     to distribute corresponding source code.  (This alternative is
151 |     allowed only for noncommercial distribution and only if you
152 |     received the program in object code or executable form with such
153 |     an offer, in accord with Subsection b above.)
154 | 
155 | The source code for a work means the preferred form of the work for
156 | making modifications to it.  For an executable work, complete source
157 | code means all the source code for all modules it contains, plus any
158 | associated interface definition files, plus the scripts used to
159 | control compilation and installation of the executable.  However, as a
160 | special exception, the source code distributed need not include
161 | anything that is normally distributed (in either source or binary
162 | form) with the major components (compiler, kernel, and so on) of the
163 | operating system on which the executable runs, unless that component
164 | itself accompanies the executable.
165 | 
166 | If distribution of executable or object code is made by offering
167 | access to copy from a designated place, then offering equivalent
168 | access to copy the source code from the same place counts as
169 | distribution of the source code, even though third parties are not
170 | compelled to copy the source along with the object code.
171 | 
172 |   4. You may not copy, modify, sublicense, or distribute the Program
173 | except as expressly provided under this License.  Any attempt
174 | otherwise to copy, modify, sublicense or distribute the Program is
175 | void, and will automatically terminate your rights under this License.
176 | However, parties who have received copies, or rights, from you under
177 | this License will not have their licenses terminated so long as such
178 | parties remain in full compliance.
179 | 
180 |   5. You are not required to accept this License, since you have not
181 | signed it.  However, nothing else grants you permission to modify or
182 | distribute the Program or its derivative works.  These actions are
183 | prohibited by law if you do not accept this License.  Therefore, by
184 | modifying or distributing the Program (or any work based on the
185 | Program), you indicate your acceptance of this License to do so, and
186 | all its terms and conditions for copying, distributing or modifying
187 | the Program or works based on it.
188 | 
189 |   6. Each time you redistribute the Program (or any work based on the
190 | Program), the recipient automatically receives a license from the
191 | original licensor to copy, distribute or modify the Program subject to
192 | these terms and conditions.  You may not impose any further
193 | restrictions on the recipients' exercise of the rights granted herein.
194 | You are not responsible for enforcing compliance by third parties to
195 | this License.
196 | 
197 |   7. If, as a consequence of a court judgment or allegation of patent
198 | infringement or for any other reason (not limited to patent issues),
199 | conditions are imposed on you (whether by court order, agreement or
200 | otherwise) that contradict the conditions of this License, they do not
201 | excuse you from the conditions of this License.  If you cannot
202 | distribute so as to satisfy simultaneously your obligations under this
203 | License and any other pertinent obligations, then as a consequence you
204 | may not distribute the Program at all.  For example, if a patent
205 | license would not permit royalty-free redistribution of the Program by
206 | all those who receive copies directly or indirectly through you, then
207 | the only way you could satisfy both it and this License would be to
208 | refrain entirely from distribution of the Program.
209 | 
210 | If any portion of this section is held invalid or unenforceable under
211 | any particular circumstance, the balance of the section is intended to
212 | apply and the section as a whole is intended to apply in other
213 | circumstances.
214 | 
215 | It is not the purpose of this section to induce you to infringe any
216 | patents or other property right claims or to contest validity of any
217 | such claims; this section has the sole purpose of protecting the
218 | integrity of the free software distribution system, which is
219 | implemented by public license practices.  Many people have made
220 | generous contributions to the wide range of software distributed
221 | through that system in reliance on consistent application of that
222 | system; it is up to the author/donor to decide if he or she is willing
223 | to distribute software through any other system and a licensee cannot
224 | impose that choice.
225 | 
226 | This section is intended to make thoroughly clear what is believed to
227 | be a consequence of the rest of this License.
228 | 
229 |   8. If the distribution and/or use of the Program is restricted in
230 | certain countries either by patents or by copyrighted interfaces, the
231 | original copyright holder who places the Program under this License
232 | may add an explicit geographical distribution limitation excluding
233 | those countries, so that distribution is permitted only in or among
234 | countries not thus excluded.  In such case, this License incorporates
235 | the limitation as if written in the body of this License.
236 | 
237 |   9. The Free Software Foundation may publish revised and/or new versions
238 | of the General Public License from time to time.  Such new versions will
239 | be similar in spirit to the present version, but may differ in detail to
240 | address new problems or concerns.
241 | 
242 | Each version is given a distinguishing version number.  If the Program
243 | specifies a version number of this License which applies to it and "any
244 | later version", you have the option of following the terms and conditions
245 | either of that version or of any later version published by the Free
246 | Software Foundation.  If the Program does not specify a version number of
247 | this License, you may choose any version ever published by the Free Software
248 | Foundation.
249 | 
250 |   10. If you wish to incorporate parts of the Program into other free
251 | programs whose distribution conditions are different, write to the author
252 | to ask for permission.  For software which is copyrighted by the Free
253 | Software Foundation, write to the Free Software Foundation; we sometimes
254 | make exceptions for this.  Our decision will be guided by the two goals
255 | of preserving the free status of all derivatives of our free software and
256 | of promoting the sharing and reuse of software generally.
257 | 
258 |                             NO WARRANTY
259 | 
260 |   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268 | REPAIR OR CORRECTION.
269 | 
270 |   12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278 | POSSIBILITY OF SUCH DAMAGES.
279 | 
280 |                      END OF TERMS AND CONDITIONS
281 | 
282 |             How to Apply These Terms to Your New Programs
283 | 
284 |   If you develop a new program, and you want it to be of the greatest
285 | possible use to the public, the best way to achieve this is to make it
286 | free software which everyone can redistribute and change under these terms.
287 | 
288 |   To do so, attach the following notices to the program.  It is safest
289 | to attach them to the start of each source file to most effectively
290 | convey the exclusion of warranty; and each file should have at least
291 | the "copyright" line and a pointer to where the full notice is found.
292 | 
293 |     <one line to give the program's name and a brief idea of what it does.>
294 |     Copyright (C) <year>  <name of author>
295 | 
296 |     This program is free software; you can redistribute it and/or modify
297 |     it under the terms of the GNU General Public License as published by
298 |     the Free Software Foundation; either version 2 of the License, or
299 |     (at your option) any later version.
300 | 
301 |     This program is distributed in the hope that it will be useful,
302 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
303 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
304 |     GNU General Public License for more details.
305 | 
306 |     You should have received a copy of the GNU General Public License along
307 |     with this program; if not, write to the Free Software Foundation, Inc.,
308 |     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309 | 
310 | Also add information on how to contact you by electronic and paper mail.
311 | 
312 | If the program is interactive, make it output a short notice like this
313 | when it starts in an interactive mode:
314 | 
315 |     Gnomovision version 69, Copyright (C) year name of author
316 |     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317 |     This is free software, and you are welcome to redistribute it
318 |     under certain conditions; type `show c' for details.
319 | 
320 | The hypothetical commands `show w' and `show c' should show the appropriate
321 | parts of the General Public License.  Of course, the commands you use may
322 | be called something other than `show w' and `show c'; they could even be
323 | mouse-clicks or menu items--whatever suits your program.
324 | 
325 | You should also get your employer (if you work as a programmer) or your
326 | school, if any, to sign a "copyright disclaimer" for the program, if
327 | necessary.  Here is a sample; alter the names:
328 | 
329 |   Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330 |   `Gnomovision' (which makes passes at compilers) written by James Hacker.
331 | 
332 |   <signature of Ty Coon>, 1 April 1989
333 |   Ty Coon, President of Vice
334 | 
335 | This General Public License does not permit incorporating your program into
336 | proprietary programs.  If your program is a subroutine library, you may
337 | consider it more useful to permit linking proprietary applications with the
338 | library.  If this is what you want to do, use the GNU Lesser General
339 | Public License instead of this License.
340 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Infestation
 2 | 
 3 | 
 4 | ### Usermode
 5 | 
 6 | I've made simple usermode for testing, but i wont release, there are many sources available to copy and use.
 7 | 
 8 | ### Kernelmode
 9 | 
10 | <img src="./examples/test.png">
11 | <a target="_blank" href="https://streamable.com/g937bg">Watch the demo</a>
12 | 
13 | The driver can be used in any windows 10/11 versions.
14 | 
15 | **Available**
16 | - [x] Kernel driver with extra addons
17 | - [x] kernel **mouse_movement** 
18 | - [x] Kernel **mouse_down** and **mouse_up** 
19 | - [x] Read virtual memory (**mmcopy**)
20 | - [x] Write virtual memory (**mmcopy/mdl**)
21 | - [x] Kernel driver ready to be manually mapped **tested** (kdmapper/lenovo)
22 | 
23 | **Planning**
24 | - [ ] TODO: Kernel Dispatch **Write Memory** 
25 | - [ ] TODO: Protect usermode process
26 | - [ ] TODO: Clear MmUnloadedDrivers
27 | - [ ] TODO: Clear PiDDBCacheTable
28 | 
29 | ## How to use ?
30 | 
31 | 
32 | ### 1.1 Manually mapping
33 | 
34 | - Clone the repository
35 | - Open the solution in Visual Studio 2022 v143
36 | - **DISABLE** `Security Check` if loading driver with driver mapper
37 | 
38 | <img src="./examples/security_check.png">
39 | 
40 | - Build the project
41 | - Copy the driver to the same folder as the executable
42 | - Load the driver with the driver mapper
43 | 
44 | ### 1.2 Loading via service `SC`
45 | 
46 | - Clone the repository
47 | - Open the solution in Visual Studio 2022 v143
48 | 
49 | - Build the project
50 | - To load the driver **MUST HAVE**: driver certificate, using [DSE](https://github.com/hfiref0x/UPGDSED) or with [Windows Testmode](https://linuxhint.com/enable-disable-test-mode-windows-10-11/)
51 | 
52 | >create driver
53 | sc create [service name] binPath= [path to your .sys file] type= kernel
54 | 
55 | >load driver
56 | sc start [service name]
57 | 
58 | > stop driver
59 | sc stop [service name]
60 | 
61 | > delete driver
62 | sc delete [service name]
63 | 
64 | ### Disclaimer ⚠
65 | 
66 | >I wont support or provide any binaries for this project, you are free to use it as you wish, this is a free project.
67 | 
68 | 


--------------------------------------------------------------------------------
/driver/communication/dispatch.c:
--------------------------------------------------------------------------------
  1 | #include "dispatch.h"
  2 | 
  3 | 
  4 | NTSTATUS on_message(PDEVICE_OBJECT device_object, PIRP irp) {
  5 | 	UNREFERENCED_PARAMETER(device_object);
  6 | 
  7 | 	PIO_STACK_LOCATION io_stack = IoGetCurrentIrpStackLocation(irp);
  8 | 	ULONG control_code = io_stack->Parameters.DeviceIoControl.IoControlCode;
  9 | 
 10 | 	if (control_code == MOUSE_REQUEST) {
 11 | 		message("Mouse request\n");
 12 | 		PKMOUSE_REQUEST mouse_request = (PKMOUSE_REQUEST)irp->AssociatedIrp.SystemBuffer;
 13 | 
 14 | 		mouse_move(mouse_request->x, mouse_request->y, mouse_request->button_flags);
 15 | 
 16 | 		irp->IoStatus.Status = STATUS_SUCCESS;
 17 | 		irp->IoStatus.Information = 0;
 18 | 		IoCompleteRequest(irp, IO_NO_INCREMENT);
 19 | 
 20 | 		return STATUS_SUCCESS;
 21 | 	}
 22 | 	else if (control_code == PROCESSID_REQUEST) {
 23 | 		message("Process id request\n");
 24 | 		PKPROCESSID_REQUEST process_request = (PKPROCESSID_REQUEST)irp->AssociatedIrp.SystemBuffer;
 25 | 		message("Process name %ws\n", process_request->process_name);
 26 | 		int process_id = get_process_id(process_request->process_name);
 27 | 		message("Process id %d\n", process_id);
 28 | 		irp->IoStatus.Status = STATUS_SUCCESS;
 29 | 		irp->IoStatus.Information = process_id;
 30 | 		IoCompleteRequest(irp, IO_NO_INCREMENT);
 31 | 
 32 | 		return STATUS_SUCCESS;
 33 | 	}
 34 | 	else if (control_code == MODULEBASE_REQUEST) {
 35 | 		message("Module base request\n");
 36 | 		PKERNEL_MODULE_REQUEST module_request = (PKERNEL_MODULE_REQUEST)irp->AssociatedIrp.SystemBuffer;
 37 | 
 38 | 		uintptr_t module_base = get_module_base(module_request->pid, module_request->module_name);
 39 | 
 40 | 		message("Module base %p\n", module_base);
 41 | 
 42 | 		irp->IoStatus.Status = STATUS_SUCCESS;
 43 | 		irp->IoStatus.Information = module_base;
 44 | 
 45 | 		IoCompleteRequest(irp, IO_NO_INCREMENT);
 46 | 
 47 | 		return STATUS_SUCCESS;
 48 | 	}
 49 | 	else if (control_code = READ_REQUEST) {
 50 | 		message("Read request\n");
 51 | 		PKERNEL_READ_REQUEST read_request = (PKERNEL_READ_REQUEST)irp->AssociatedIrp.SystemBuffer;
 52 | 
 53 | 		message("Src pid %d\n", read_request->src_pid);
 54 | 		message("Src address %p\n", read_request->src_address);
 55 | 		message("Dst buffer %p\n", read_request->p_buffer);
 56 | 		message("Size %d\n", read_request->size);
 57 | 
 58 | 		NTSTATUS status = read_virtual_memory(read_request->src_pid, read_request->src_address, read_request->p_buffer, read_request->size);
 59 | 
 60 | 		if (!NT_SUCCESS(status)) {
 61 | 			irp->IoStatus.Status = status;
 62 | 			irp->IoStatus.Information = 0;
 63 | 			IoCompleteRequest(irp, IO_NO_INCREMENT);
 64 | 			return status;
 65 | 		}
 66 | 
 67 | 		irp->IoStatus.Status = STATUS_SUCCESS;
 68 | 		irp->IoStatus.Information = read_request->size;
 69 | 		IoCompleteRequest(irp, IO_NO_INCREMENT);
 70 | 
 71 | 		return STATUS_SUCCESS;
 72 | 
 73 | 	}
 74 | 	else {
 75 | 		message("Unknown request\n");
 76 | 		irp->IoStatus.Status = STATUS_NOT_SUPPORTED;
 77 | 		irp->IoStatus.Information = 0;
 78 | 		IoCompleteRequest(irp, IO_NO_INCREMENT);
 79 | 		return STATUS_ABANDONED;
 80 | 	}
 81 | 
 82 | }
 83 | 
 84 | NTSTATUS unsupported_opperation(PDEVICE_OBJECT device_object, PIRP irp) {
 85 | 	UNREFERENCED_PARAMETER(device_object);
 86 | 	UNREFERENCED_PARAMETER(irp);
 87 | 
 88 | 	message("TODO\n");
 89 | 	return STATUS_NOT_SUPPORTED;
 90 | }
 91 | 
 92 | NTSTATUS on_create(PDEVICE_OBJECT device_object, PIRP irp) {
 93 | 	UNREFERENCED_PARAMETER(device_object);
 94 | 
 95 | 	message("Creation called\n");
 96 | 	irp->IoStatus.Status = STATUS_SUCCESS;
 97 | 	irp->IoStatus.Information = 0;
 98 | 	IoCompleteRequest(irp, IO_NO_INCREMENT);
 99 | 
100 | 	return STATUS_SUCCESS;
101 | }
102 | 
103 | NTSTATUS on_close(PDEVICE_OBJECT device_object, PIRP irp) {
104 | 	UNREFERENCED_PARAMETER(device_object);
105 | 
106 | 	message("Close called\n");
107 | 	irp->IoStatus.Status = STATUS_SUCCESS;
108 | 	irp->IoStatus.Information = 0;
109 | 	IoCompleteRequest(irp, IO_NO_INCREMENT);
110 | 
111 | 	return STATUS_SUCCESS;
112 | }


--------------------------------------------------------------------------------
/driver/communication/dispatch.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include "../utils/defs.h"
 3 | #include "../utils/message.h"
 4 | #include "../memory/memory.h"
 5 | #include "../mouse/mouse.h"
 6 | #include "../memory/process.h"
 7 | 
 8 | #define PROCESSID_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x555, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
 9 | 
10 | typedef struct _KPROCESSID_REQUEST {
11 | 	const char* process_name;
12 | } KPROCESSID_REQUEST, * PKPROCESSID_REQUEST;
13 | 
14 | #define MOUSE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x666, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
15 | 
16 | typedef struct _KMOUSE_REQUEST {
17 | 	long x;
18 | 	long y;
19 | 	unsigned char button_flags;
20 | } KMOUSE_REQUEST, * PKMOUSE_REQUEST;
21 | 
22 | 
23 | #define MODULEBASE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x777, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
24 | 
25 | typedef struct _KERNEL_MODULE_REQUEST {
26 | 	int pid;
27 | 	UNICODE_STRING module_name;
28 | 	uintptr_t module_base;
29 | } KERNEL_MODULE_REQUEST, * PKERNEL_MODULE_REQUEST;
30 | 
31 | #define READ_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x888, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
32 | 
33 | typedef struct _KERNEL_READ_REQUEST {
34 | 	int src_pid;
35 | 	PVOID src_address;
36 | 	PVOID p_buffer;
37 | 	SIZE_T size;
38 | 
39 | } KERNEL_READ_REQUEST, * PKERNEL_READ_REQUEST;
40 | 
41 | #define WRITE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x999, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
42 | 
43 | typedef struct _KERNEL_WRITE_REQUEST {
44 | 	int src_pid;
45 | 	PVOID src_address;
46 | 	PVOID p_buffer;
47 | 	SIZE_T size;
48 | 
49 | } KERNEL_WRITE_REQUEST, * PKERNEL_WRITE_REQUEST;
50 | 
51 | NTSTATUS on_message(PDEVICE_OBJECT device_object, PIRP irp);
52 | NTSTATUS on_create(PDEVICE_OBJECT device_object, PIRP irp);
53 | NTSTATUS on_close(PDEVICE_OBJECT device_object, PIRP irp);
54 | NTSTATUS unsupported_opperation(PDEVICE_OBJECT device_object, PIRP irp);
55 | 
56 | 
57 | 
58 | 


--------------------------------------------------------------------------------
/driver/km-mouse.inf:
--------------------------------------------------------------------------------
 1 | ;
 2 | ; km-mouse.inf
 3 | ;
 4 | 
 5 | [Version]
 6 | Signature="$WINDOWS NT$"
 7 | Class=System ; TODO: specify appropriate Class
 8 | ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318} ; TODO: specify appropriate ClassGuid
 9 | Provider=%ManufacturerName%
10 | CatalogFile=km-mouse.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 | PnpLockdown=1
13 | 
14 | [DestinationDirs]
15 | DefaultDestDir = 12
16 | km-mouse_Device_CoInstaller_CopyFiles = 11
17 | 
18 | [SourceDisksNames]
19 | 1 = %DiskName%,,,""
20 | 
21 | [SourceDisksFiles]
22 | km-mouse.sys  = 1,,
23 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
24 | 
25 | ;*****************************************
26 | ; Install Section
27 | ;*****************************************
28 | 
29 | [Manufacturer]
30 | %ManufacturerName%=Standard,NT$ARCH$
31 | 
32 | [Standard.NT$ARCH$]
33 | %km-mouse.DeviceDesc%=km-mouse_Device, Root\km-mouse ; TODO: edit hw-id
34 | 
35 | [km-mouse_Device.NT]
36 | CopyFiles=Drivers_Dir
37 | 
38 | [Drivers_Dir]
39 | km-mouse.sys
40 | 
41 | ;-------------- Service installation
42 | [km-mouse_Device.NT.Services]
43 | AddService = km-mouse,%SPSVCINST_ASSOCSERVICE%, km-mouse_Service_Inst
44 | 
45 | ; -------------- km-mouse driver install sections
46 | [km-mouse_Service_Inst]
47 | DisplayName    = %km-mouse.SVCDESC%
48 | ServiceType    = 1               ; SERVICE_KERNEL_DRIVER
49 | StartType      = 3               ; SERVICE_DEMAND_START
50 | ErrorControl   = 1               ; SERVICE_ERROR_NORMAL
51 | ServiceBinary  = %12%\km-mouse.sys
52 | 
53 | ;
54 | ;--- km-mouse_Device Coinstaller installation ------
55 | ;
56 | 
57 | [km-mouse_Device.NT.CoInstallers]
58 | AddReg=km-mouse_Device_CoInstaller_AddReg
59 | CopyFiles=km-mouse_Device_CoInstaller_CopyFiles
60 | 
61 | [km-mouse_Device_CoInstaller_AddReg]
62 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
63 | 
64 | [km-mouse_Device_CoInstaller_CopyFiles]
65 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
66 | 
67 | [km-mouse_Device.NT.Wdf]
68 | KmdfService =  km-mouse, km-mouse_wdfsect
69 | [km-mouse_wdfsect]
70 | KmdfLibraryVersion = $KMDFVERSION$
71 | 
72 | [Strings]
73 | SPSVCINST_ASSOCSERVICE= 0x00000002
74 | ManufacturerName="<Your manufacturer name>" ;TODO: Replace with your manufacturer name
75 | DiskName = "km-mouse Installation Disk"
76 | km-mouse.DeviceDesc = "km-mouse Device"
77 | km-mouse.SVCDESC = "km-mouse Service"
78 | 


--------------------------------------------------------------------------------
/driver/km-mouse.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|x64">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>x64</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|x64">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>x64</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|ARM64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>ARM64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|ARM64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>ARM64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <ProjectGuid>{099D3591-88DE-488C-A83C-4A3AEFD6A47E}</ProjectGuid>
 23 |     <TemplateGuid>{1bc93793-694f-48fe-9372-81e2b05556fd}</TemplateGuid>
 24 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 25 |     <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
 26 |     <Configuration>Debug</Configuration>
 27 |     <Platform Condition="'$(Platform)' == ''">x64</Platform>
 28 |     <RootNamespace>km_mouse</RootNamespace>
 29 |   </PropertyGroup>
 30 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 31 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 32 |     <TargetVersion>Windows10</TargetVersion>
 33 |     <UseDebugLibraries>true</UseDebugLibraries>
 34 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 35 |     <ConfigurationType>Driver</ConfigurationType>
 36 |     <DriverType>KMDF</DriverType>
 37 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 38 |     <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
 39 |   </PropertyGroup>
 40 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 41 |     <TargetVersion>Windows10</TargetVersion>
 42 |     <UseDebugLibraries>false</UseDebugLibraries>
 43 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 44 |     <ConfigurationType>Driver</ConfigurationType>
 45 |     <DriverType>KMDF</DriverType>
 46 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 47 |     <Driver_SpectreMitigation>Spectre</Driver_SpectreMitigation>
 48 |   </PropertyGroup>
 49 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
 50 |     <TargetVersion>Windows10</TargetVersion>
 51 |     <UseDebugLibraries>true</UseDebugLibraries>
 52 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 53 |     <ConfigurationType>Driver</ConfigurationType>
 54 |     <DriverType>KMDF</DriverType>
 55 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 56 |   </PropertyGroup>
 57 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
 58 |     <TargetVersion>Windows10</TargetVersion>
 59 |     <UseDebugLibraries>false</UseDebugLibraries>
 60 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 61 |     <ConfigurationType>Driver</ConfigurationType>
 62 |     <DriverType>KMDF</DriverType>
 63 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 64 |   </PropertyGroup>
 65 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 66 |   <ImportGroup Label="ExtensionSettings">
 67 |   </ImportGroup>
 68 |   <ImportGroup Label="PropertySheets">
 69 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 70 |   </ImportGroup>
 71 |   <PropertyGroup Label="UserMacros" />
 72 |   <PropertyGroup />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 74 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 77 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
 80 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
 83 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 86 |     <DriverSign>
 87 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
 88 |     </DriverSign>
 89 |     <ClCompile>
 90 |       <PreprocessorDefinitions>_DEBUG;_WIN64;_AMD64_;AMD64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 91 |       <TreatWarningAsError>false</TreatWarningAsError>
 92 |       <BufferSecurityCheck>false</BufferSecurityCheck>
 93 |     </ClCompile>
 94 |     <Link>
 95 |       <EntryPointSymbol>driver_entry</EntryPointSymbol>
 96 |       <AdditionalDependencies>ntoskrnl.lib;%(AdditionalDependencies)</AdditionalDependencies>
 97 |     </Link>
 98 |   </ItemDefinitionGroup>
 99 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
100 |     <DriverSign>
101 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
102 |     </DriverSign>
103 |     <ClCompile>
104 |       <BufferSecurityCheck>false</BufferSecurityCheck>
105 |       <TreatWarningAsError>false</TreatWarningAsError>
106 |     </ClCompile>
107 |     <Link>
108 |       <AdditionalDependencies>ntoskrnl.lib;%(AdditionalDependencies)</AdditionalDependencies>
109 |       <EntryPointSymbol>driver_entry</EntryPointSymbol>
110 |     </Link>
111 |   </ItemDefinitionGroup>
112 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
113 |     <DriverSign>
114 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
115 |     </DriverSign>
116 |   </ItemDefinitionGroup>
117 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
118 |     <DriverSign>
119 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
120 |     </DriverSign>
121 |   </ItemDefinitionGroup>
122 |   <ItemGroup>
123 |     <Inf Include="km-mouse.inf" />
124 |   </ItemGroup>
125 |   <ItemGroup>
126 |     <FilesToPackage Include="$(TargetPath)" />
127 |   </ItemGroup>
128 |   <ItemGroup>
129 |     <None Include=".clang-format" />
130 |     <None Include=".clang-tidy" />
131 |     <None Include=".editorconfig" />
132 |     <None Include=".gitignore" />
133 |     <MASM Include="mouse\mouse.asm">
134 |       <FileType>Document</FileType>
135 |     </MASM>
136 |   </ItemGroup>
137 |   <ItemGroup>
138 |     <ClCompile Include="communication\dispatch.c" />
139 |     <ClCompile Include="main.c" />
140 |     <ClCompile Include="memory\memory.c" />
141 |     <ClCompile Include="memory\process.c" />
142 |   </ItemGroup>
143 |   <ItemGroup>
144 |     <ClInclude Include="communication\dispatch.h" />
145 |     <ClInclude Include="memory\memory.h" />
146 |     <ClInclude Include="memory\process.h" />
147 |     <ClInclude Include="mouse\mouse.h" />
148 |     <ClInclude Include="utils\defs.h" />
149 |     <ClInclude Include="utils\message.h" />
150 |   </ItemGroup>
151 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
152 |   <ImportGroup Label="ExtensionTargets">
153 |   </ImportGroup>
154 | </Project>


--------------------------------------------------------------------------------
/driver/km-mouse.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |     <Filter Include="Driver Files">
17 |       <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
18 |       <Extensions>inf;inv;inx;mof;mc;</Extensions>
19 |     </Filter>
20 |   </ItemGroup>
21 |   <ItemGroup>
22 |     <Inf Include="km-mouse.inf">
23 |       <Filter>Driver Files</Filter>
24 |     </Inf>
25 |   </ItemGroup>
26 |   <ItemGroup>
27 |     <None Include=".gitignore" />
28 |     <None Include=".editorconfig" />
29 |     <None Include=".clang-format" />
30 |     <None Include=".clang-tidy" />
31 |   </ItemGroup>
32 |   <ItemGroup>
33 |     <ClCompile Include="main.c">
34 |       <Filter>Source Files</Filter>
35 |     </ClCompile>
36 |     <ClCompile Include="communication\dispatch.c">
37 |       <Filter>Source Files</Filter>
38 |     </ClCompile>
39 |     <ClCompile Include="memory\memory.c">
40 |       <Filter>Source Files</Filter>
41 |     </ClCompile>
42 |     <ClCompile Include="memory\process.c">
43 |       <Filter>Source Files</Filter>
44 |     </ClCompile>
45 |   </ItemGroup>
46 |   <ItemGroup>
47 |     <ClInclude Include="utils\message.h">
48 |       <Filter>Header Files</Filter>
49 |     </ClInclude>
50 |     <ClInclude Include="memory\memory.h">
51 |       <Filter>Header Files</Filter>
52 |     </ClInclude>
53 |     <ClInclude Include="communication\dispatch.h">
54 |       <Filter>Header Files</Filter>
55 |     </ClInclude>
56 |     <ClInclude Include="mouse\mouse.h">
57 |       <Filter>Header Files</Filter>
58 |     </ClInclude>
59 |     <ClInclude Include="memory\process.h">
60 |       <Filter>Header Files</Filter>
61 |     </ClInclude>
62 |     <ClInclude Include="utils\defs.h">
63 |       <Filter>Header Files</Filter>
64 |     </ClInclude>
65 |   </ItemGroup>
66 |   <ItemGroup>
67 |     <MASM Include="mouse\mouse.asm">
68 |       <Filter>Source Files</Filter>
69 |     </MASM>
70 |   </ItemGroup>
71 | </Project>


--------------------------------------------------------------------------------
/driver/km-mouse.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup>
4 |     <ShowAllFiles>true</ShowAllFiles>
5 |   </PropertyGroup>
6 | </Project>


--------------------------------------------------------------------------------
/driver/main.c:
--------------------------------------------------------------------------------
 1 | #include "communication/dispatch.h"
 2 | #include "utils/message.h"
 3 | #include "memory/memory.h"
 4 | #include "memory/process.h"
 5 | 
 6 | // must change
 7 | UNICODE_STRING device_name = RTL_CONSTANT_STRING(L"\\Device\\infestation");
 8 | UNICODE_STRING device_link = RTL_CONSTANT_STRING(L"\\DosDevices\\infestation");
 9 | PDEVICE_OBJECT device_object;
10 | 
11 | 
12 | NTSTATUS driver_unload(PDRIVER_OBJECT driver_object) {
13 | 
14 | 	IoDeleteDevice(device_object);
15 | 	IoDeleteSymbolicLink(&device_link);
16 | 	message("Goodbye, world!\n");
17 | 	return STATUS_SUCCESS;
18 | }
19 | 
20 | NTSTATUS driver_entry(PDRIVER_OBJECT driver_object, PUNICODE_STRING registry_path) {
21 | 	
22 | 	UNREFERENCED_PARAMETER(registry_path);
23 | 
24 | 	message("Hello, world!\n");
25 | 	driver_object->DriverUnload = driver_unload;
26 | 
27 | 	message("mouhid.sys %p\n", get_kernel_module("mouhid.sys"));
28 | 
29 | 
30 | 	IoCreateDevice(driver_object, 0, &device_name, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &device_object);
31 | 	IoCreateSymbolicLink(&device_link, &device_name);
32 | 
33 | 	driver_object->MajorFunction[IRP_MJ_CREATE] = on_create;
34 | 	driver_object->MajorFunction[IRP_MJ_CLOSE] = on_close;
35 | 	driver_object->MajorFunction[IRP_MJ_DEVICE_CONTROL] = on_message;
36 | 
37 | 	device_object->Flags |= DO_DIRECT_IO;
38 | 	device_object->Flags &= ~DO_DEVICE_INITIALIZING;
39 | 	
40 | 	// Sample example, have fun!
41 | 	int pid = get_process_id("cs2.exe");
42 | 	UNICODE_STRING module_name;
43 | 	RtlInitUnicodeString(&module_name, L"client.dll");
44 | 	uintptr_t client = get_module_base(pid, module_name);
45 | 	int local_health = 0;
46 | 	uintptr_t local_player = 0;
47 | 	read_virtual_memory(pid, client + 0x16C2B18, &local_player, sizeof(uintptr_t));
48 | 
49 | 	read_virtual_memory(pid, local_player + 0x32C,&local_health, sizeof(int));
50 | 
51 | 	message("local_player %p , health %d",local_player, local_health);
52 | 	
53 | 	return STATUS_SUCCESS;
54 | }
55 | 
56 | // NOTE: to use this driver, you need to change the current driver_entry to driver_initialize
57 | //NTSTATUS driver_entry(PDRIVER_OBJECT driver_object, PUNICODE_STRING registry_path) {
58 | //	UNREFERENCED_PARAMETER(driver_object);
59 | //	UNREFERENCED_PARAMETER(registry_path);
60 | //
61 | //	message("system range start is %p driver_entry at %p\n", MmSystemRangeStart, driver_entry);
62 | //
63 | //	NTSTATUS status = STATUS_SUCCESS;
64 | //	__try {
65 | 		// must change
66 | //		UNICODE_STRING driver_name = RTL_CONSTANT_STRING(L"\\Driver\\infestation");
67 | //
68 | //		status = IoCreateDriver(&driver_name, &driver_initialize);
69 | //	}
70 | //	__except (EXCEPTION_EXECUTE_HANDLER) {
71 | //		status = GetExceptionCode();
72 | //	}
73 | //
74 | //	if (!NT_SUCCESS(status)) {
75 | //		message("driver_initialize failed with status 0x%08X\n", status);
76 | //		driver_unload(driver_object);
77 | //	}
78 | //
79 | //	return status;
80 | //}
81 | 


--------------------------------------------------------------------------------
/driver/memory/memory.c:
--------------------------------------------------------------------------------
  1 | #include "memory.h"
  2 | 
  3 | ULONG64 get_kernel_module(const char* module_name) {
  4 | 	ULONG64 module_base = 0;
  5 | 	ULONG module_size = 0;
  6 | 	PRTL_PROCESS_MODULES modules = NULL;
  7 | 	NTSTATUS status = ZwQuerySystemInformation(0x0B, 0, 0, &module_size);
  8 | 
  9 | 	if (status != STATUS_INFO_LENGTH_MISMATCH)
 10 | 		return 0;
 11 | 
 12 | 
 13 | 	modules = (PRTL_PROCESS_MODULES)ExAllocatePool2(POOL_FLAG_NON_PAGED, module_size, KM_POOL_TAG);
 14 | 	if (!modules)
 15 | 		return 0;
 16 | 
 17 | 	status = ZwQuerySystemInformation(0x0B, modules, module_size, &module_size);
 18 | 	if (!NT_SUCCESS(status)) {
 19 | 		ExFreePoolWithTag(modules, KM_POOL_TAG);
 20 | 		return 0;
 21 | 	}
 22 | 
 23 | 	PRTL_PROCESS_MODULE_INFORMATION module = modules->Modules;
 24 | 	for (ULONG i = 0; i < modules->NumberOfModules; i++) {
 25 | 		message("Module Name: %s\n", module[i].FullPathName + module[i].OffsetToFileName);
 26 | 		message("Module Base: %p\n", module[i].ImageBase);
 27 | 		message("Module Size: %d\n", module[i].ImageSize);
 28 | 
 29 | 		if (strcmp((char*)module[i].FullPathName + module[i].OffsetToFileName, module_name) == 0) {
 30 | 			module_base = (ULONG64)module[i].ImageBase;
 31 | 			break;
 32 | 		}
 33 | 	}
 34 | 
 35 | 	ExFreePoolWithTag(modules, KM_POOL_TAG);
 36 | 	return module_base;
 37 | }
 38 | 
 39 | ULONG64 get_module_imagebase(int pid) {
 40 | 	PEPROCESS proc;
 41 | 	if (PsLookupProcessByProcessId((HANDLE)pid, &proc) != STATUS_SUCCESS)
 42 | 		return 0;
 43 | 
 44 | 	return (ULONG64)PsGetProcessSectionBaseAddress(proc);
 45 | 
 46 | }
 47 | 
 48 | // driver built for windows 10 22H2, change the offsets if you're using a different version
 49 | //https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016
 50 | 
 51 | int get_process_id(const char* process_name) {
 52 | 	PEPROCESS proc;
 53 | 	PEPROCESS sysproc = PsInitialSystemProcess;
 54 | 	PLIST_ENTRY list = (PLIST_ENTRY)((char*)sysproc + ActiveProcessLinks); // _EPROCESS.ActiveProcessLinks
 55 | 	PLIST_ENTRY head = list;
 56 | 	do {
 57 | 		proc = (PEPROCESS)((char*)list - ActiveProcessLinks); // _EPROCESS.ActiveProcessLinks
 58 | 		if (strstr((char*)proc + ImageFileName, process_name)) { // _EPROCESS.ImageFileName
 59 | 			return (int)PsGetProcessId(proc);
 60 | 		}
 61 | 		list = list->Flink;
 62 | 	} while (list != head);
 63 | 
 64 | 	return 0;
 65 | }
 66 | 
 67 | uintptr_t get_module_base(int pid, UNICODE_STRING module_name) {
 68 | 
 69 | 	PEPROCESS proc;
 70 | 	if (PsLookupProcessByProcessId((HANDLE)pid, &proc) != STATUS_SUCCESS)
 71 | 		return 0;
 72 | 
 73 | 	PPEB p_peb = (PPEB)PsGetProcessPeb(proc); 
 74 | 
 75 | 	if (!p_peb)
 76 | 		return 0; 
 77 | 
 78 | 	KAPC_STATE state;
 79 | 
 80 | 	KeStackAttachProcess(proc, &state);
 81 | 
 82 | 	PPEB_LDR_DATA pLdr = (PPEB_LDR_DATA)p_peb->Ldr;
 83 | 
 84 | 	if (!pLdr) {
 85 | 		KeUnstackDetachProcess(&state);
 86 | 		return 0; 
 87 | 	}
 88 | 
 89 | 	
 90 | 	for (PLIST_ENTRY list = (PLIST_ENTRY)pLdr->InLoadOrderModuleList.Flink;
 91 | 		list != &pLdr->InLoadOrderModuleList; list = (PLIST_ENTRY)list->Flink)
 92 | 	{
 93 | 		PLDR_DATA_TABLE_ENTRY pEntry =
 94 | 			CONTAINING_RECORD(list, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
 95 | 
 96 | 
 97 | 		if (RtlCompareUnicodeString(&pEntry->BaseDllName, &module_name, TRUE) == 0) {
 98 | 			message("Module Name: %wZ\n", pEntry->BaseDllName);
 99 | 			message("Module Base: %p\n", pEntry->DllBase);
100 | 			message("Module Size: %d\n", pEntry->SizeOfImage);
101 | 			uintptr_t module_base = (uintptr_t)pEntry->DllBase;
102 | 			KeUnstackDetachProcess(&state);
103 | 		
104 | 			return module_base;
105 | 		}
106 | 
107 | 
108 | 	}
109 | 
110 | 	KeUnstackDetachProcess(&state);
111 | 	message("Failed to find module\n");
112 | 	return 0; 
113 | }
114 | 


--------------------------------------------------------------------------------
/driver/memory/memory.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include "../utils/defs.h"
 3 | #include "../utils/message.h"
 4 | 
 5 | ULONG64 get_kernel_module(const char* module_name);
 6 | 
 7 | ULONG64 get_module_imagebase(int pid);
 8 | 
 9 | int get_process_id(const char* process_name);
10 | 
11 | uintptr_t get_module_base(int pid,UNICODE_STRING module_name);
12 | 


--------------------------------------------------------------------------------
/driver/memory/process.c:
--------------------------------------------------------------------------------
 1 | #include "process.h"
 2 | 
 3 | NTSTATUS read_virtual_memory(int pid, PVOID source_addr, PVOID target_addr, SIZE_T size) {
 4 | 	SIZE_T bytes;
 5 | 	NTSTATUS status = STATUS_SUCCESS;
 6 | 	PEPROCESS process;
 7 | 
 8 | 	if(!NT_SUCCESS(PsLookupProcessByProcessId((HANDLE)pid,&process)))
 9 | 		return STATUS_INVALID_PARAMETER;
10 | 
11 | 	status = MmCopyVirtualMemory(process, source_addr, process, target_addr, size, KernelMode, &bytes);
12 | 	if (!NT_SUCCESS(status))
13 | 		return status;
14 | 
15 | 	return status;
16 | 
17 | }
18 | 
19 | NTSTATUS write_virtual_memory(int pid, PVOID source_addr, PVOID target_addr, SIZE_T size) {
20 | 	SIZE_T bytes;
21 | 	NTSTATUS status = STATUS_SUCCESS;
22 | 	PEPROCESS process;
23 | 
24 | 	if (!NT_SUCCESS(PsLookupProcessByProcessId((HANDLE)pid, &process)))
25 | 		return STATUS_INVALID_PARAMETER;
26 | 
27 | 	status = MmCopyVirtualMemory(process, source_addr, process, target_addr, size, KernelMode, &bytes);
28 | 	if (!NT_SUCCESS(status))
29 | 		return status;
30 | 
31 | 	return status;
32 | }
33 | 
34 | NTSTATUS write_safe_memory(int pid, PVOID source_addr, PVOID target_addr, SIZE_T size) {
35 | 	NTSTATUS status = STATUS_SUCCESS;
36 | 	PEPROCESS process;
37 | 	PMDL mdl = NULL;
38 | 	PVOID mapped_buffer = NULL;
39 | 	SIZE_T bytes;
40 | 
41 | 	if (!NT_SUCCESS(PsLookupProcessByProcessId((HANDLE)pid, &process)))
42 | 		return STATUS_INVALID_PARAMETER;
43 | 
44 | 	mdl = IoAllocateMdl(target_addr, size, FALSE, FALSE, NULL);
45 | 	if (!mdl)
46 | 		return STATUS_INSUFFICIENT_RESOURCES;
47 | 
48 | 	__try {
49 | 		MmProbeAndLockPages(mdl, KernelMode, IoReadAccess);
50 | 		mapped_buffer = MmMapLockedPagesSpecifyCache(mdl, KernelMode, MmNonCached, NULL, FALSE, NormalPagePriority);
51 | 		if (!mapped_buffer) {
52 | 			status = STATUS_INSUFFICIENT_RESOURCES;
53 | 			__leave;
54 | 		}
55 | 
56 | 		RtlCopyMemory(mapped_buffer, source_addr, size);
57 | 		MmUnmapLockedPages(mapped_buffer, mdl);
58 | 		MmUnlockPages(mdl);
59 | 	}
60 | 	__finally {
61 | 		if (mdl)
62 | 			IoFreeMdl(mdl);
63 | 	}
64 | 
65 | 	return status;
66 | }


--------------------------------------------------------------------------------
/driver/memory/process.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "../utils/defs.h"
3 | 
4 | NTSTATUS read_virtual_memory(int pid, PVOID source_addr, PVOID target_addr, SIZE_T size);
5 | 
6 | NTSTATUS write_virtual_memory(int pid, PVOID source_addr, PVOID target_addr, SIZE_T size);
7 | 
8 | NTSTATUS write_safe_memory(int pid, PVOID source_addr, PVOID target_addr, SIZE_T size);


--------------------------------------------------------------------------------
/driver/mouse/mouse.asm:
--------------------------------------------------------------------------------
  1 | EXTERNDEF _KeAcquireSpinLockAtDpcLevel:PROC
  2 | EXTERNDEF _KeReleaseSpinLockFromDpcLevel:PROC
  3 | EXTERNDEF _IofCompleteRequest:PROC
  4 | EXTERNDEF _IoReleaseRemoveLockEx:PROC
  5 | EXTERNDEF memmove:PROC
  6 | 
  7 | .data
  8 | WPP_RECORDER_INITIALIZED dq 0;
  9 | WPP_GLOBAL_Control dq 0;
 10 | .code
 11 | 
 12 | WPP_RECORDER_SF proc
 13 | 	ret
 14 | WPP_RECORDER_SF endp
 15 | 
 16 | MouseClassReadCopyData proc
 17 | 	mov    r11,rsp
 18 | 	mov    QWORD PTR [r11+8h],rbx
 19 | 	mov    QWORD PTR [r11+10h],rbp
 20 | 	mov    QWORD PTR [r11+18h],rsi
 21 | 	push   rdi
 22 | 	push   r12
 23 | 	push   r13
 24 | 	push   r14
 25 | 	push   r15
 26 | 	sub    rsp,50h
 27 | 	inc    DWORD PTR [rcx+0a8h]
 28 | 	mov    rsi,rdx
 29 | 	mov    eax,DWORD PTR [rcx+54h]
 30 | 	mov    rdi,rcx
 31 | 	mov    r13,QWORD PTR [rdx+0b8h]
 32 | 	lea    ebp,[rax+rax*2]
 33 | 	mov    ebx,DWORD PTR [r13+8h]
 34 | 	shl    ebp,3h
 35 | 	mov    edx,DWORD PTR [rdi+88h]
 36 | 	cmp    ebp,ebx
 37 | 	cmovae ebp,ebx
 38 | 	sub    edx,DWORD PTR [rdi+78h]
 39 | 	add    edx,DWORD PTR [rdi+68h]
 40 | 	mov    r12d,ebp
 41 | 	cmp    ebp,edx
 42 | 	cmovae r12d,edx
 43 | 	mov    r14,QWORD PTR [rsi+18h]
 44 | 	mov    rdx,QWORD PTR [rdi+78h]
 45 | 	mov    rcx,r14
 46 | 	mov    r8d,r12d
 47 | 	mov    r15d,r12d
 48 | 	call   memmove
 49 | 	add    r14,r15
 50 | 	mov    ebx,ebp
 51 | 	sub    ebx,r12d
 52 | 	je     J1A5
 53 | 	mov    rdx,QWORD PTR [rdi+68h]
 54 | 	mov    r8,rbx
 55 | 	mov    rcx,r14
 56 | 	call   memmove
 57 | 	mov    rcx,QWORD PTR [rdi+68h]
 58 | 	add    rcx,rbx
 59 | 	mov    QWORD PTR [rdi+78h],rcx
 60 | 	jmp    J1B0
 61 | J1A5:
 62 | 	add    QWORD PTR [rdi+78h],r15
 63 | J1B0:
 64 | 	mov    ebx,ebp
 65 | 	mov    rax,0aaaaaaaaaaaaaaabh
 66 | 	mul    rbx
 67 | 	shr    rdx,4h
 68 | 	sub    DWORD PTR [rdi+54h],edx
 69 | 	jne    J1FF
 70 | 	mov    BYTE PTR [rdi+42h],1h
 71 | J1FF:
 72 | 	mov    QWORD PTR [rsi+38h],rbx
 73 | 	lea    r11,[rsp+50h]
 74 | 	mov    rbx,QWORD PTR [r11+30h]
 75 | 	xor    eax,eax
 76 | 	mov    rsi,QWORD PTR [r11+40h]
 77 | 	mov    DWORD PTR [r13+8h],ebp
 78 | 	mov    rbp,QWORD PTR [r11+38h]
 79 | 	mov    rsp,r11
 80 | 	pop    r15
 81 | 	pop    r14
 82 | 	pop    r13
 83 | 	pop    r12
 84 | 	pop    rdi
 85 | 	ret
 86 | MouseClassReadCopyData endp
 87 | 
 88 | 
 89 | 
 90 | 
 91 | MouseClassDequeueRead proc
 92 | 	xor    edx,edx
 93 | 	lea    r8,[rcx+98h]
 94 | J9:
 95 | 	mov    rcx,QWORD PTR [r8]
 96 | 	cmp    rcx,r8
 97 | 	je     J47
 98 | 	cmp    QWORD PTR [rcx+8h],r8
 99 | 	jne    J4C
100 | 	mov    rax,QWORD PTR [rcx]
101 | 	cmp    QWORD PTR [rax+8h],rcx
102 | 	jne    J4C
103 | 	mov    QWORD PTR [r8],rax
104 | 	lea    rdx,[rcx-0a8h]
105 | 	mov    QWORD PTR [rax+8h],r8
106 | 	xor    eax,eax
107 | 	xchg   QWORD PTR [rdx+68h],rax
108 | 	test   rax,rax
109 | 	jne    J42
110 | 	mov    QWORD PTR [rcx+8h],rcx
111 | 	xor    edx,edx
112 | 	mov    QWORD PTR [rcx],rcx
113 | J42:
114 | 	test   rdx,rdx
115 | 	je     J9
116 | J47:
117 | 	mov    rax,rdx
118 | 	ret
119 | 	int    3
120 | J4C:
121 | 	mov    ecx,3h
122 | 	int    29h
123 | MouseClassDequeueRead endp
124 | 
125 | 
126 | MouseClassServiceCallback proc
127 | 	mov    rax,rsp
128 | 	mov    QWORD PTR [rax+8h],rbx
129 | 	mov    QWORD PTR [rax+10h],rsi
130 | 	mov    QWORD PTR [rax+18h],rdi
131 | 	mov    QWORD PTR [rax+20h],r9
132 | 	push   rbp
133 | 	push   r12
134 | 	push   r13
135 | 	push   r14
136 | 	push   r15
137 | 	mov    rbp,rsp
138 | 	sub    rsp,70h
139 | 	mov    r13,r9
140 | 	mov    rbx,r8
141 | 	mov    r14,rdx
142 | 	mov    r15,rcx
143 | 
144 | 
145 | 
146 | 	
147 | 	lea    rax, WPP_RECORDER_INITIALIZED
148 | 	xor    esi,esi
149 | 	cmp    WPP_RECORDER_INITIALIZED, rax
150 | 	jne    J61
151 | 	mov    rcx,QWORD PTR WPP_GLOBAL_Control
152 | 	cmp    WORD PTR [rcx+48h],si
153 | 	je     J61
154 | 	mov    rcx,QWORD PTR [rcx+40h]
155 | 	lea    r9d,[rsi+32h]
156 | 	lea    r8d,[rsi+3h]
157 | 	mov    dl,5h
158 | 	call   WPP_RECORDER_SF
159 | 
160 | J61:
161 | 
162 | 
163 | 	mov    rdi,QWORD PTR [r15+40h]
164 | 	sub    ebx,r14d
165 | 	mov    r12d,esi
166 | 	mov    DWORD PTR [r13+0h],esi
167 | 	lea    rcx,[rdi+90h]
168 | 	call   QWORD PTR _KeAcquireSpinLockAtDpcLevel
169 | 	nop    DWORD PTR [rax+rax*1+0h]
170 | 	lea    rax,[rbp-10h]
171 | 	mov    rcx,rdi
172 | 	mov    QWORD PTR [rbp-8h],rax
173 | 	lea    rax,[rbp-10h]
174 | 	mov    QWORD PTR [rbp-10h],rax
175 | 	call   MouseClassDequeueRead
176 | 	mov    rsi,rax
177 | 	xor    r9d,r9d
178 | 	mov    rax,0aaaaaaaaaaaaaaabh
179 | 	test   rsi,rsi
180 | 	je     J1aa
181 | 	mov    r13,QWORD PTR [rsi+0b8h]
182 | 	mov    r12d,ebx
183 | 	mov    r8d,DWORD PTR [r13+8h]
184 | 	cmp    ebx,r8d
185 | 	cmovae r12d,r8d
186 | 	mul    r12
187 | 	mov    rax,QWORD PTR [rbp+48h]
188 | 	shr    rdx,4h
189 | 	add    DWORD PTR [rax],edx
190 | 	lea    rax, WPP_RECORDER_INITIALIZED
191 | 	cmp    WPP_RECORDER_INITIALIZED,rax
192 | 	jne    J11d
193 | 	mov    rcx, QWORD PTR WPP_GLOBAL_Control
194 | 	cmp    WORD PTR [rcx+48h],r9w
195 | 	je     J11d
196 | 	mov    rax,QWORD PTR [rsi+18h]
197 | 	mov    rcx,QWORD PTR [rcx+40h]
198 | 	mov    QWORD PTR [rsp+50h],rax
199 | 	mov    QWORD PTR [rsp+48h],r14
200 | 	mov    DWORD PTR [rsp+40h],r8d
201 | 	mov    DWORD PTR [rsp+38h],ebx
202 | 	mov    QWORD PTR [rsp+30h],rsi
203 | 	mov    QWORD PTR [rsp+28h],r15
204 | 	call   WPP_RECORDER_SF
205 | 
206 | J11d:
207 | 
208 | 	mov    rax,0fffff78000000014h
209 | 	mov    rax,QWORD PTR [rax]
210 | 	lea    rdx,WPP_RECORDER_INITIALIZED
211 | 	cmp    WPP_RECORDER_INITIALIZED,rdx
212 | 	jne    J15e
213 | 	mov    rcx, QWORD PTR WPP_GLOBAL_Control
214 | 	mov    DWORD PTR [rsp+40h],r12d
215 | 	mov    QWORD PTR [rsp+38h],rax
216 | 	mov    QWORD PTR [rsp+30h],rsi
217 | 	mov    rcx,QWORD PTR [rcx+40h]
218 | 	mov    QWORD PTR [rsp+28h],r15
219 | 	call   WPP_RECORDER_SF
220 | 
221 | J15e:
222 | 
223 | 	mov    rcx,QWORD PTR [rsi+18h]
224 | 	mov    r8,r12
225 | 	mov    rdx,r14
226 | 	call   memmove
227 | 	mov    QWORD PTR [rsi+38h],r12
228 | 	lea    rcx,[rbp-10h]
229 | 	xor    r8d,r8d
230 | 	mov    DWORD PTR [rsi+30h],r8d
231 | 	add    rsi,0a8h
232 | 	mov    DWORD PTR [r13+8h],r12d
233 | 	mov    rax,QWORD PTR [rbp-8h]
234 | 	cmp    QWORD PTR [rax],rcx
235 | 	jne    J495
236 | 	mov    r13,QWORD PTR [rbp+48h]
237 | 	lea    rcx,[rbp-10h]
238 | 	mov    QWORD PTR [rsi],rcx
239 | 	mov    QWORD PTR [rsi+8h],rax
240 | 	mov    QWORD PTR [rax],rsi
241 | 	mov    QWORD PTR [rbp-8h],rsi
242 | 
243 | J1aa:
244 | 
245 | 	mov    eax,r12d
246 | 	add    r14,rax
247 | 	sub    ebx,r12d
248 | 	lea    r12,WPP_RECORDER_INITIALIZED
249 | 	xor    esi,esi
250 | 	cmp    WPP_RECORDER_INITIALIZED,r12
251 | 	jne    J1e4
252 | 	mov    rcx, QWORD PTR WPP_GLOBAL_Control
253 | 	cmp    WORD PTR [rcx+48h],si
254 | 	je     J1e4
255 | 	mov    rcx,QWORD PTR [rcx+40h]
256 | 	mov    DWORD PTR [rsp+30h],ebx
257 | 	mov    QWORD PTR [rsp+28h],r15
258 | 	call   WPP_RECORDER_SF
259 | 
260 | J1e4:
261 | 
262 | 	test   ebx,ebx
263 | 	je     J41d
264 | 	cmp    WPP_RECORDER_INITIALIZED,r12
265 | 	jne    J22f
266 | 	mov    rcx, QWORD PTR WPP_GLOBAL_Control
267 | 	cmp    WORD PTR [rcx+48h],si
268 | 	je     J22f
269 | 	mov    eax,DWORD PTR [rdi+54h]
270 | 	mov    r9d,36h
271 | 	mov    rcx,QWORD PTR [rcx+40h]
272 | 	mov    DWORD PTR [rsp+38h],ebx
273 | 	lea    edx,[rax+rax*2]
274 | 	mov    eax,DWORD PTR [rdi+88h]
275 | 	shl    edx,3h
276 | 	sub    eax,edx
277 | 	mov    DWORD PTR [rsp+30h],eax
278 | 	mov    QWORD PTR [rsp+28h],r15
279 | 	call   WPP_RECORDER_SF
280 | 
281 | J22f:
282 | 
283 | 	mov    ecx,DWORD PTR [rdi+88h]
284 | 	cmp    ecx,ebx
285 | 	mov    r12d,ecx
286 | 	cmovae r12d,ebx
287 | 	sub    ecx,DWORD PTR [rdi+70h]
288 | 	mov    ebx,DWORD PTR [rdi+68h]
289 | 	add    ebx,ecx
290 | 	lea    rax,WPP_RECORDER_INITIALIZED
291 | 	cmp    WPP_RECORDER_INITIALIZED,rax
292 | 	jne    J287
293 | 	mov    rcx, QWORD PTR WPP_GLOBAL_Control
294 | 	cmp    WORD PTR [rcx+48h],si
295 | 	je     J287
296 | 	mov    rcx,QWORD PTR [rcx+40h]
297 | 	mov    r9d,38h
298 | 	mov    DWORD PTR [rsp+38h],ebx
299 | 	mov    DWORD PTR [rsp+30h],r12d
300 | 	mov    QWORD PTR [rsp+28h],r15
301 | 	call   WPP_RECORDER_SF
302 | 	lea    rax,WPP_RECORDER_INITIALIZED
303 | 
304 | J287:
305 | 
306 | 	cmp    r12d,ebx
307 | 	mov    esi,r12d
308 | 	cmovae esi,ebx
309 | 	cmp    WPP_RECORDER_INITIALIZED,rax
310 | 	jne    J2cc
311 | 	mov    rcx, QWORD PTR WPP_GLOBAL_Control
312 | 	xor    eax,eax
313 | 	cmp    WORD PTR [rcx+48h],ax
314 | 	je     J2cc
315 | 	mov    rcx,QWORD PTR [rcx+40h]
316 | 	lea    r9d,[rax+39h]
317 | 	mov    rax,QWORD PTR [rdi+70h]
318 | 	mov    QWORD PTR [rsp+40h],rax
319 | 	mov    QWORD PTR [rsp+38h],r14
320 | 	mov    DWORD PTR [rsp+30h],esi
321 | 	mov    QWORD PTR [rsp+28h],r15
322 | 	call   WPP_RECORDER_SF
323 | 
324 | J2cc:
325 | 
326 | 	mov    rcx,QWORD PTR [rdi+70h]
327 | 	mov    rdx,r14
328 | 	mov    r8d,esi
329 | 	mov    ebx,esi
330 | 	call   memmove
331 | 	add    QWORD PTR [rdi+70h],rbx
332 | 	add    r14,rbx
333 | 	mov    rdx,QWORD PTR [rdi+68h]
334 | 	mov    eax,DWORD PTR [rdi+88h]
335 | 	mov    rcx,QWORD PTR [rdi+70h]
336 | 	add    rax,rdx
337 | 	cmp    rcx,rax
338 | 	jb     J301
339 | 	mov    QWORD PTR [rdi+70h],rdx
340 | 	mov    rcx,rdx
341 | 
342 | J301:
343 | 
344 | 	mov    ebx,r12d
345 | 	sub    ebx,esi
346 | 	je     J362
347 | 	lea    rdx,WPP_RECORDER_INITIALIZED
348 | 	mov    rax,rcx
349 | 	cmp    WPP_RECORDER_INITIALIZED,rdx
350 | 	jne    J350
351 | 	mov    rdx, QWORD PTR WPP_GLOBAL_Control
352 | 	xor    r8d,r8d
353 | 	cmp    WORD PTR [rdx+48h],r8w
354 | 	je     J350
355 | 	mov    QWORD PTR [rsp+40h],rcx
356 | 	lea    r9d,[r8+03ah]
357 | 	mov    rcx,QWORD PTR [rdx+40h]
358 | 	mov    QWORD PTR [rsp+38h],r14
359 | 	mov    DWORD PTR [rsp+30h],ebx
360 | 	mov    QWORD PTR [rsp+28h],r15
361 | 	call   WPP_RECORDER_SF
362 | 	mov    rax,QWORD PTR [rdi+70h]
363 | 
364 | J350:
365 | 
366 | 	mov    r8,rbx
367 | 	mov    rdx,r14
368 | 	mov    rcx,rax
369 | 	call   memmove
370 | 	add    QWORD PTR [rdi+70h],rbx
371 | 
372 | J362:
373 | 
374 | 	mov    ecx,r12d
375 | 	mov    rax,0aaaaaaaaaaaaaaabh
376 | 	mul    rcx
377 | 	shr    rdx,4h
378 | 	add    DWORD PTR [rdi+54h],edx
379 | 	mov    ecx,DWORD PTR [r13+0h]
380 | 	add    ecx,edx
381 | 	mov    eax,ecx
382 | 	mov    DWORD PTR [r13+0h],ecx
383 | 	lea    r12,WPP_RECORDER_INITIALIZED
384 | 	xor    esi,esi
385 | 	cmp    WPP_RECORDER_INITIALIZED,r12
386 | 	jne    J41d
387 | 	mov    rcx, QWORD PTR WPP_GLOBAL_Control
388 | 	cmp    WORD PTR [rcx+48h],si
389 | 	je     J41d
390 | 	mov    rcx,QWORD PTR [rcx+40h]
391 | 	mov    DWORD PTR [rsp+48h],eax
392 | 	mov    rax,QWORD PTR [rdi+78h]
393 | 	mov    QWORD PTR [rsp+40h],rax
394 | 	mov    rax,QWORD PTR [rdi+70h]
395 | 	mov    QWORD PTR [rsp+38h],rax
396 | 	mov    eax,DWORD PTR [rdi+54h]
397 | 	mov    DWORD PTR [rsp+30h],eax
398 | 	mov    QWORD PTR [rsp+28h],r15
399 | 	call   WPP_RECORDER_SF
400 | 	jmp    J41d
401 | 
402 | J3d5:
403 | 
404 | 	mov    rcx,rdi
405 | 	call   MouseClassDequeueRead
406 | 	mov    rbx,rax
407 | 	test   rax,rax
408 | 	je     J422
409 | 	mov    rdx,rax
410 | 	mov    rcx,rdi
411 | 	call   MouseClassReadCopyData
412 | 	mov    DWORD PTR [rbx+30h],eax
413 | 	lea    rcx,[rbp-10h]
414 | 	mov    rdx,QWORD PTR [rbp-8h]
415 | 	lea    rax,[rbx+0a8h]
416 | 	cmp    QWORD PTR [rdx],rcx
417 | 	jne    J495
418 | 	mov    QWORD PTR [rax+8h],rdx
419 | 	lea    rcx,[rbp-10h]
420 | 	mov    QWORD PTR [rax],rcx
421 | 	mov    QWORD PTR [rdx],rax
422 | 	mov    QWORD PTR [rbp-8h],rax
423 | 
424 | J41d:
425 | 
426 | 	cmp    DWORD PTR [rdi+54h],esi
427 | 
428 | 
429 | 	ja     J3d5
430 | 
431 | J422:
432 | 
433 | 	lea    rcx,[rdi+90h]
434 | 	call   QWORD PTR _KeReleaseSpinLockFromDpcLevel
435 | 	nop    DWORD PTR [rax+rax*1+0h]
436 | 
437 | J435:
438 | 
439 | 	mov    rbx,QWORD PTR [rbp-10h]
440 | 	lea    rax,[rbp-10h]
441 | 	cmp    rbx,rax
442 | 	je     J49c
443 | 	lea    rax,[rbp-10h]
444 | 	cmp    QWORD PTR [rbx+8h],rax
445 | 	jne    J495
446 | 	mov    rax,QWORD PTR [rbx]
447 | 	cmp    QWORD PTR [rax+8h],rbx
448 | 	jne    J495
449 | 	lea    rcx,[rbp-10h]
450 | 	mov    QWORD PTR [rbp-10h],rax
451 | 	mov    QWORD PTR [rax+8h],rcx
452 | 	mov    dl,6h
453 | 	lea    rcx,[rbx-0a8h]
454 | 	call   QWORD PTR _IofCompleteRequest
455 | 	nop    DWORD PTR [rax+rax*1+0h]
456 | 	lea    rcx,[rdi+20h]
457 | 	mov    r8d,20h
458 | 	lea    rdx,[rbx-0a8h]
459 | 	call   QWORD PTR _IoReleaseRemoveLockEx
460 | 	nop    DWORD PTR [rax+rax*1+0h]
461 | 	jmp    J435
462 | 
463 | J495:
464 | 
465 | 	mov    ecx,3h
466 | 	int    29h
467 | 
468 | J49C:
469 | 
470 | 	cmp    WPP_RECORDER_INITIALIZED,r12
471 | 	jne    J4c7
472 | 	mov    rcx, QWORD PTR WPP_GLOBAL_Control
473 | 	cmp    WORD PTR [rcx+48h],si
474 | 	je     J4c7
475 | 	mov    rcx,QWORD PTR [rcx+40h]
476 | 	mov    r9d,3ch
477 | 	mov    dl,5h
478 | 	lea    r8d,[r9-39h]
479 | 	call   WPP_RECORDER_SF
480 | 
481 | J4c7:
482 | 
483 | 	lea    r11,[rsp+70h]
484 | 	mov    rbx,QWORD PTR [r11+30h]
485 | 	mov    rsi,QWORD PTR [r11+38h]
486 | 	mov    rdi,QWORD PTR [r11+40h]
487 | 	mov    rsp,r11
488 | 	pop    r15
489 | 	pop    r14
490 | 	pop    r13
491 | 	pop    r12
492 | 	pop    rbp
493 | 	ret
494 | MouseClassServiceCallback endp
495 | 
496 | end
497 | 
498 | 


--------------------------------------------------------------------------------
/driver/mouse/mouse.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include "../utils/defs.h"
  3 | 
  4 | #define MOUSE_MOVE_RELATIVE         0
  5 | #define MOUSE_MOVE_ABSOLUTE         1
  6 | 
  7 | #define MOUSE_LEFT_BUTTON_DOWN   0x0001  // Left Button changed to down.
  8 | #define MOUSE_LEFT_BUTTON_UP     0x0002  // Left Button changed to up.
  9 | #define MOUSE_RIGHT_BUTTON_DOWN  0x0004  // Right Button changed to down.
 10 | #define MOUSE_RIGHT_BUTTON_UP    0x0008  // Right Button changed to up.
 11 | #define MOUSE_MIDDLE_BUTTON_DOWN 0x0010  // Middle Button changed to down.
 12 | #define MOUSE_MIDDLE_BUTTON_UP   0x0020  // Middle Button changed to up.
 13 | 
 14 | // @norsefire & @ekknod
 15 | 
 16 | inline BOOL mouse_open() {
 17 | 	_KeAcquireSpinLockAtDpcLevel = (QWORD)KeAcquireSpinLockAtDpcLevel;
 18 | 	_KeReleaseSpinLockFromDpcLevel = (QWORD)KeReleaseSpinLockFromDpcLevel;
 19 | 	_IofCompleteRequest = (QWORD)IofCompleteRequest;
 20 | 	_IoReleaseRemoveLockEx = (QWORD)IoReleaseRemoveLockEx;
 21 | 	
 22 | 
 23 | 	if (gMouseObject.use_mouse == 0) {
 24 | 
 25 | 		UNICODE_STRING class_string;
 26 | 		RtlInitUnicodeString(&class_string, L"\\Driver\\MouClass");
 27 | 
 28 | 		PDRIVER_OBJECT class_driver_object = NULL;
 29 | 		NTSTATUS status = ObReferenceObjectByName(&class_string, OBJ_CASE_INSENSITIVE, NULL, 0, *IoDriverObjectType, KernelMode, NULL, (PVOID*)&class_driver_object);
 30 | 		if (!NT_SUCCESS(status)) {
 31 | 			gMouseObject.use_mouse = 0;
 32 | 			return 0;
 33 | 		}
 34 | 
 35 | 		UNICODE_STRING hid_string;
 36 | 		RtlInitUnicodeString(&hid_string, L"\\Driver\\MouHID");
 37 | 
 38 | 		PDRIVER_OBJECT hid_driver_object = NULL;
 39 | 
 40 | 		status = ObReferenceObjectByName(&hid_string, OBJ_CASE_INSENSITIVE, NULL, 0, *IoDriverObjectType, KernelMode, NULL, (PVOID*)&hid_driver_object);
 41 | 		if (!NT_SUCCESS(status)) {
 42 | 			if (class_driver_object) 
 43 | 				ObfDereferenceObject(class_driver_object);
 44 | 			gMouseObject.use_mouse = 0;
 45 | 			return 0;
 46 | 		}
 47 | 
 48 | 		PVOID class_driver_base = NULL;
 49 | 
 50 | 		PDEVICE_OBJECT hid_device_object = hid_driver_object->DeviceObject;
 51 | 		while (hid_device_object && !gMouseObject.service_callback) {
 52 | 			PDEVICE_OBJECT class_device_object = class_driver_object->DeviceObject;
 53 | 			while (class_device_object && !gMouseObject.service_callback) {
 54 | 				if (!class_device_object->NextDevice && !gMouseObject.mouse_device) 
 55 | 					gMouseObject.mouse_device = class_device_object;
 56 | 
 57 | 				PULONG_PTR device_extension = (PULONG_PTR)hid_device_object->DeviceExtension;
 58 | 				ULONG_PTR device_ext_size = ((ULONG_PTR)hid_device_object->DeviceObjectExtension - (ULONG_PTR)hid_device_object->DeviceExtension) / 4;
 59 | 				class_driver_base = class_driver_object->DriverStart;
 60 | 				for (ULONG_PTR i = 0; i < device_ext_size; i++) {
 61 | 					if (device_extension[i] == (ULONG_PTR)class_device_object && device_extension[i + 1] > (ULONG_PTR)class_driver_object) {
 62 | 						gMouseObject.service_callback = (MouseClassServiceCallbackFn)(device_extension[i + 1]);
 63 | 
 64 | 						break;
 65 | 					}
 66 | 				}
 67 | 				class_device_object = class_device_object->NextDevice;
 68 | 			}
 69 | 			hid_device_object = hid_device_object->AttachedDevice;
 70 | 		}
 71 | 
 72 | 		if (!gMouseObject.mouse_device) {
 73 | 			PDEVICE_OBJECT target_device_object = class_driver_object->DeviceObject;
 74 | 			while (target_device_object) {
 75 | 				if (!target_device_object->NextDevice) {
 76 | 					gMouseObject.mouse_device = target_device_object;
 77 | 					break;
 78 | 				}
 79 | 				target_device_object = target_device_object->NextDevice;
 80 | 			}
 81 | 		}
 82 | 
 83 | 		ObfDereferenceObject(class_driver_object);
 84 | 		ObfDereferenceObject(hid_driver_object);
 85 | 
 86 | 		if (gMouseObject.mouse_device && gMouseObject.service_callback) 
 87 | 			gMouseObject.use_mouse = 1;
 88 | 	}
 89 | 
 90 | 	return gMouseObject.mouse_device && gMouseObject.service_callback;
 91 | }
 92 | 
 93 | inline VOID mouse_move(long x, long y, unsigned short button_flags) {
 94 | 	KIRQL irql;
 95 | 	ULONG input_data;
 96 | 	MOUSE_INPUT_DATA mid = { 0 };
 97 | 	mid.LastX = x;
 98 | 	mid.LastY = y;
 99 | 	mid.ButtonFlags = button_flags;
100 | 	if (!mouse_open()) 
101 | 		return;
102 | 
103 | 	mid.UnitId = 1;
104 | 	KeMRaiseIrql(DISPATCH_LEVEL, &irql);
105 | 	MouseClassServiceCallback(gMouseObject.mouse_device, &mid, (PMOUSE_INPUT_DATA)&mid + 1, &input_data);
106 | 	KeLowerIrql(irql);
107 | }
108 | 
109 | 
110 | inline VOID mouse_down() {
111 | 	mouse_move(0, 0, MOUSE_LEFT_BUTTON_DOWN);
112 | }
113 | 
114 | inline VOID mouse_up() {
115 | 	mouse_move(0, 0, MOUSE_LEFT_BUTTON_UP);
116 | }


--------------------------------------------------------------------------------
/driver/utils/defs.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include <ntifs.h>
  3 | #define KeMRaiseIrql(a, b) *(b) = KfRaiseIrql(a)
  4 | #define KM_POOL_TAG 'kdd'
  5 | 
  6 | typedef int BOOL;
  7 | typedef unsigned int DWORD;
  8 | typedef ULONG_PTR QWORD;
  9 | 
 10 | #pragma warning(disable : 4201)
 11 | typedef struct _MOUSE_INPUT_DATA {
 12 | 	USHORT UnitId;
 13 | 	USHORT Flags;
 14 | 	union {
 15 | 		ULONG Buttons;
 16 | 		struct {
 17 | 			USHORT ButtonFlags;
 18 | 			USHORT ButtonData;
 19 | 		};
 20 | 	};
 21 | 	ULONG RawButtons;
 22 | 	LONG LastX;
 23 | 	LONG LastY;
 24 | 	ULONG ExtraInformation;
 25 | } MOUSE_INPUT_DATA, * PMOUSE_INPUT_DATA;
 26 | 
 27 | typedef VOID(*MouseClassServiceCallbackFn)(PDEVICE_OBJECT DeviceObject, PMOUSE_INPUT_DATA InputDataStart, PMOUSE_INPUT_DATA InputDataEnd, PULONG InputDataConsumed);
 28 | 
 29 | typedef struct _MOUSE_OBJECT {
 30 | 	PDEVICE_OBJECT mouse_device;
 31 | 	MouseClassServiceCallbackFn service_callback;
 32 | 	BOOL use_mouse;
 33 | } MOUSE_OBJECT, * PMOUSE_OBJECT;
 34 | 
 35 | typedef struct _PEB_LDR_DATA
 36 | {
 37 | 	ULONG Length;
 38 | 	UCHAR Initialized;
 39 | 	PVOID SsHandle;
 40 | 	LIST_ENTRY InLoadOrderModuleList;
 41 | 	LIST_ENTRY InMemoryOrderModuleList;
 42 | 	LIST_ENTRY InInitializationOrderModuleList;
 43 | } PEB_LDR_DATA, * PPEB_LDR_DATA;
 44 | 
 45 | typedef struct _PEB
 46 | {
 47 | 	UCHAR InheritedAddressSpace;
 48 | 	UCHAR ReadImageFileExecOptions;
 49 | 	UCHAR BeingDebugged;
 50 | 	UCHAR BitField;
 51 | 	PVOID Mutant;
 52 | 	PVOID ImageBaseAddress;
 53 | 	PPEB_LDR_DATA Ldr;
 54 | 	PVOID ProcessParameters;
 55 | 	PVOID SubSystemData;
 56 | 	PVOID ProcessHeap;
 57 | 	PVOID FastPebLock;
 58 | 	PVOID AtlThunkSListPtr;
 59 | 	PVOID IFEOKey;
 60 | 	PVOID CrossProcessFlags;
 61 | 	PVOID KernelCallbackTable;
 62 | 	ULONG SystemReserved;
 63 | 	ULONG AtlThunkSListPtr32;
 64 | 	PVOID ApiSetMap;
 65 | } PEB, * PPEB;
 66 | 
 67 | typedef struct _LDR_DATA_TABLE_ENTRY
 68 | {
 69 | 	LIST_ENTRY InLoadOrderLinks;
 70 | 	LIST_ENTRY InMemoryOrderLinks;
 71 | 	LIST_ENTRY InInitializationOrderLinks;
 72 | 	PVOID DllBase;
 73 | 	PVOID EntryPoint;
 74 | 	ULONG SizeOfImage;
 75 | 	UNICODE_STRING FullDllName;
 76 | 	UNICODE_STRING BaseDllName;
 77 | 	ULONG Flags;
 78 | 	USHORT LoadCount;
 79 | 	USHORT TlsIndex;
 80 | 	LIST_ENTRY HashLinks;
 81 | 	ULONG TimeDateStamp;
 82 | } LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY;
 83 | 
 84 | typedef struct _RTL_PROCESS_MODULE_INFORMATION
 85 | {
 86 | 	HANDLE Section;
 87 | 	PVOID MappedBase;
 88 | 	PVOID ImageBase;
 89 | 	ULONG ImageSize;
 90 | 	ULONG Flags;
 91 | 	USHORT LoadOrderIndex;
 92 | 	USHORT InitOrderIndex;
 93 | 	USHORT LoadCount;
 94 | 	USHORT OffsetToFileName;
 95 | 	UCHAR FullPathName[256];
 96 | } RTL_PROCESS_MODULE_INFORMATION, * PRTL_PROCESS_MODULE_INFORMATION;
 97 | 
 98 | 
 99 | 
100 | typedef enum _EPROCESS_OFFSETS {
101 | 
102 | 	ActiveProcessLinks = 0x448,
103 | 	UniqueProcessId = 0x2e8,
104 | 	ImageFileName = 0x5a8
105 | } EPROCESS_OFFSETS;
106 | 
107 | typedef struct _RTL_PROCESS_MODULES
108 | {
109 | 	ULONG NumberOfModules;
110 | 	RTL_PROCESS_MODULE_INFORMATION Modules[1];
111 | } RTL_PROCESS_MODULES, * PRTL_PROCESS_MODULES;
112 | 
113 | MOUSE_OBJECT gMouseObject;
114 | QWORD _KeAcquireSpinLockAtDpcLevel;
115 | QWORD _KeReleaseSpinLockFromDpcLevel;
116 | QWORD _IofCompleteRequest;
117 | QWORD _IoReleaseRemoveLockEx;
118 | 
119 | NTSYSCALLAPI
120 | POBJECT_TYPE* IoDriverObjectType;
121 | 
122 | VOID MouseClassServiceCallback(PDEVICE_OBJECT DeviceObject, PMOUSE_INPUT_DATA InputDataStart, PMOUSE_INPUT_DATA InputDataEnd, PULONG InputDataConsumed);
123 | 
124 | NTSYSCALLAPI
125 | NTSTATUS
126 | ObReferenceObjectByName(__in PUNICODE_STRING ObjectName, __in ULONG Attributes, __in_opt PACCESS_STATE AccessState, __in_opt ACCESS_MASK DesiredAccess, __in POBJECT_TYPE ObjectType,
127 | 	__in KPROCESSOR_MODE AccessMode, __inout_opt PVOID ParseContext, __out PVOID* Object);
128 | __declspec(dllimport) PPEB PsGetProcessPeb(PEPROCESS);
129 | NTSTATUS ZwQuerySystemInformation(ULONG InfoClass, PVOID Buffer, ULONG Length, PULONG ReturnLength);
130 | NTKERNELAPI PVOID PsGetProcessSectionBaseAddress(__in PEPROCESS Process);
131 | 
132 | NTSTATUS NTAPI MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID SourceAddress, PEPROCESS TargetProcess, PVOID TargetAddress, SIZE_T BufferSize, KPROCESSOR_MODE PreviousMode, PSIZE_T ReturnSize);
133 | NTKERNELAPI
134 | NTSTATUS
135 | IoCreateDriver(IN PUNICODE_STRING DriverName, OPTIONAL IN PDRIVER_INITIALIZE InitializationFunction);
136 | 
137 | NTKERNELAPI
138 | VOID IoDeleteDriver(IN PDRIVER_OBJECT DriverObject);
139 | //void Sleep(DWORD milliseconds) {
140 | //	QWORD ms = milliseconds;
141 | //	ms = (ms * 1000) * 10;
142 | //	ms = ms * -1;
143 | //	#ifdef _KERNEL_MODE
144 | //	KeDelayExecutionThread(KernelMode, 0, (PLARGE_INTEGER)&ms);
145 | //	#else
146 | //	NtDelayExecution(0, (PLARGE_INTEGER)&ms);
147 | //	#endif
148 | //}
149 | 


--------------------------------------------------------------------------------
/driver/utils/message.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | 
4 | #ifdef _DEBUG
5 | #define message(...) DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL, "[KM] - " __VA_ARGS__)
6 | #else
7 | #define message(...)
8 | #endif)


--------------------------------------------------------------------------------
/examples/security_check.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vsaint1/kernel-mouse/932b8ba555ce42bd011ba77fbc20b7dc396f317e/examples/security_check.png


--------------------------------------------------------------------------------
/examples/test.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vsaint1/kernel-mouse/932b8ba555ce42bd011ba77fbc20b7dc396f317e/examples/test.png


--------------------------------------------------------------------------------
/km-mouse.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.7.34202.233
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "km-mouse", "Driver\km-mouse.vcxproj", "{099D3591-88DE-488C-A83C-4A3AEFD6A47E}"
 7 | EndProject
 8 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{6E8C2E65-627C-40D3-90CA-0CC98C045B32}"
 9 | 	ProjectSection(SolutionItems) = preProject
10 | 		.gitignore = .gitignore
11 | 		LICENSE = LICENSE
12 | 		README.md = README.md
13 | 	EndProjectSection
14 | EndProject
15 | Global
16 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
17 | 		Debug|ARM64 = Debug|ARM64
18 | 		Debug|x64 = Debug|x64
19 | 		Debug|x86 = Debug|x86
20 | 		Release|ARM64 = Release|ARM64
21 | 		Release|x64 = Release|x64
22 | 		Release|x86 = Release|x86
23 | 	EndGlobalSection
24 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
25 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Debug|ARM64.ActiveCfg = Debug|ARM64
26 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Debug|ARM64.Build.0 = Debug|ARM64
27 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Debug|ARM64.Deploy.0 = Debug|ARM64
28 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Debug|x64.ActiveCfg = Debug|x64
29 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Debug|x64.Build.0 = Debug|x64
30 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Debug|x64.Deploy.0 = Debug|x64
31 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Debug|x86.ActiveCfg = Debug|x64
32 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Debug|x86.Build.0 = Debug|x64
33 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Debug|x86.Deploy.0 = Debug|x64
34 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Release|ARM64.ActiveCfg = Release|ARM64
35 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Release|ARM64.Build.0 = Release|ARM64
36 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Release|ARM64.Deploy.0 = Release|ARM64
37 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Release|x64.ActiveCfg = Release|x64
38 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Release|x64.Build.0 = Release|x64
39 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Release|x64.Deploy.0 = Release|x64
40 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Release|x86.ActiveCfg = Release|x64
41 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Release|x86.Build.0 = Release|x64
42 | 		{099D3591-88DE-488C-A83C-4A3AEFD6A47E}.Release|x86.Deploy.0 = Release|x64
43 | 	EndGlobalSection
44 | 	GlobalSection(SolutionProperties) = preSolution
45 | 		HideSolutionNode = FALSE
46 | 	EndGlobalSection
47 | 	GlobalSection(ExtensibilityGlobals) = postSolution
48 | 		SolutionGuid = {D5DFF3CF-CD73-44E4-A5D7-3599BB3ED06E}
49 | 	EndGlobalSection
50 | EndGlobal
51 | 


--------------------------------------------------------------------------------